| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <173891006340.22054.12479197204884946914@noble.neil.brown.name> Date: Fri, 07 Feb 2025 17:34:23 +1100 From: "NeilBrown" <neilb@...e.de> To: "Kent Overstreet" <kent.overstreet@...ux.dev> Cc: "Christian Brauner" <brauner@...nel.org>, "Alexander Viro" <viro@...iv.linux.org.uk>, "Jan Kara" <jack@...e.cz>, "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, "Danilo Krummrich" <dakr@...nel.org>, "Trond Myklebust" <trondmy@...nel.org>, "Anna Schumaker" <anna@...nel.org>, "Namjae Jeon" <linkinjeon@...nel.org>, "Steve French" <sfrench@...ba.org>, "Sergey Senozhatsky" <senozhatsky@...omium.org>, "Tom Talpey" <tom@...pey.com>, "Paul Moore" <paul@...l-moore.com>, "Eric Paris" <eparis@...hat.com>, linux-kernel@...r.kernel.org, linux-bcachefs@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org, linux-cifs@...r.kernel.org, audit@...r.kernel.org Subject: Re: [PATCH 1/2] VFS: change kern_path_locked() and user_path_locked_at() to never return negative dentry On Fri, 07 Feb 2025, Kent Overstreet wrote: > On Fri, Feb 07, 2025 at 03:53:52PM +1100, NeilBrown wrote: > > On Fri, 07 Feb 2025, Kent Overstreet wrote: > > > On Fri, Feb 07, 2025 at 02:36:47PM +1100, NeilBrown wrote: > > > > No callers of kern_path_locked() or user_path_locked_at() want a > > > > negative dentry. So change them to return -ENOENT instead. This > > > > simplifies callers. > > > > > > > > This results in a subtle change to bcachefs in that an ioctl will now > > > > return -ENOENT in preference to -EXDEV. I believe this restores the > > > > behaviour to what it was prior to > > > > > > I'm not following how the code change matches the commit message? > > > > Maybe it doesn't. Let me checked. > > > > Two of the possible error returns from bch2_ioctl_subvolume_destroy(), > > which implements the BCH_IOCTL_SUBVOLUME_DESTROY ioctl, are -ENOENT and > > -EXDEV. > > > > -ENOENT is returned if the path named in arg.dst_ptr cannot be found. > > -EXDEV is returned if the filesystem on which that path exists is not > > the one that the ioctl is called on. > > > > If the target filesystem is "/foo" and the path given is "/bar/baz" and > > /bar exists but /bar/baz does not, then user_path_locked_at or > > user_path_at will return a negative dentry corresponding to the > > (non-existent) name "baz" in /bar. > > > > In this case the dentry exists so the filesystem on which it was found > > can be tested, but the dentry is negative. So both -ENOENT and -EXDEV > > are credible return values. > > > > > > - before bbe6a7c899e7 the -EXDEV is tested immediately after the call > > to user_path_att() so there is no chance that ENOENT will be returned. > > I cannot actually find where ENOENT could be returned ... but that > > doesn't really matter now. > > > > - after that patch .... again the -EXDEV test comes first. That isn't > > what I remember. I must have misread it. > > > > - after my patch user_path_locked_at() will return -ENOENT if the whole > > name cannot be found. So now you get -ENOENT instead of -EXDEV. > > > > So with my patch, ENOENT always wins, and it was never like that before. > > Thanks for challenging me! > > How do you always manage to be unfailingly polite? :) My dad impressed the value of politeness on me at an early age. It is an effective way of manipulating people! > > > > > Do you think there could be a problem with changing the error returned > > in this circumstance? i.e. if you try to destroy a subvolume with a > > non-existant name on a different filesystem could getting -ENOENT > > instead of -EXDEV be noticed? > > -EXDEV is the standard error code for "we're crossing a filesystem > boundary and we can't or aren't supposed to be", so no, let's not change > that. > OK. As bcachefs is the only user of user_path_locked_at() it shouldn't be too hard. Thanks, NeilBrown
Powered by blists - more mailing lists