| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <175210911389.2234665.8053137657588792026@noble.neil.brown.name>
Date: Thu, 10 Jul 2025 10:58:33 +1000
From: "NeilBrown" <neil@...wn.name>
To: "Song Liu" <songliubraving@...a.com>
Cc: Mickaël Salaün <mic@...ikod.net>,
"Christian Brauner" <brauner@...nel.org>, "Tingmao Wang" <m@...wtm.org>,
"Song Liu" <song@...nel.org>, "bpf@...r.kernel.org" <bpf@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>, "Kernel Team" <kernel-team@...a.com>,
"andrii@...nel.org" <andrii@...nel.org>,
"eddyz87@...il.com" <eddyz87@...il.com>, "ast@...nel.org" <ast@...nel.org>,
"daniel@...earbox.net" <daniel@...earbox.net>,
"martin.lau@...ux.dev" <martin.lau@...ux.dev>,
"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
"jack@...e.cz" <jack@...e.cz>, "kpsingh@...nel.org" <kpsingh@...nel.org>,
"mattbobrowski@...gle.com" <mattbobrowski@...gle.com>,
Günther Noack <gnoack@...gle.com>,
"Jann Horn" <jannh@...gle.com>
Subject: Re: [PATCH v5 bpf-next 0/5] bpf path iterator
On Thu, 10 Jul 2025, Song Liu wrote:
>
>
> > On Jul 9, 2025, at 3:24 PM, NeilBrown <neil@...wn.name> wrote:
> [...]
> >>
> >> How should the user handle -ECHILD without LOOKUP_RCU flag? Say the
> >> following code in landlocked:
> >>
> >> /* Try RCU walk first */
> >> err = vfs_walk_ancestors(path, ll_cb, data, LOOKUP_RCU);
> >>
> >> if (err == -ECHILD) {
> >> struct path walk_path = *path;
> >>
> >> /* reset any data changed by the walk */
> >> reset_data(data);
> >>
> >> /* now do ref-walk */
> >> err = vfs_walk_ancestors(&walk_path, ll_cb, data, 0);
> >> }
> >>
> >> Or do you mean vfs_walk_ancestors will never return -ECHILD?
> >> Then we need vfs_walk_ancestors to call reset_data logic, right?
> >
> > It isn't clear to me that vfs_walk_ancestors() needs to return anything.
> > All the communication happens through walk_cb()
> >
> > walk_cb() is called with a path, the data, and a "may_sleep" flag.
> > If it needs to sleep but may_sleep is not set, it returns "-ECHILD"
> > which causes the walk to restart and use refcounts.
> > If it wants to stop, it returns 0.
> > If it wants to continue, it returns 1.
> > If it wants a reference to the path then it can use (new)
> > vfs_legitimize_path() which might fail.
> > If it wants a reference to the path and may_sleep is true, it can use
> > path_get() which won't fail.
> >
> > When returning -ECHILD (either because of a need to sleep or because
> > vfs_legitimize_path() fails), walk_cb() would reset_data().
>
> This might actually work.
>
> My only concern is with vfs_legitimize_path. It is probably safer if
> we only allow taking references with may_sleep==true, so that path_get
> won’t fail. In this case, we will not need walk_cb() to call
> vfs_legitimize_path. If the user want a reference, the walk_cb will
> first return -ECHILD, and call path_get when may_sleep is true.
What is your concern with vfs_legitimize_path() ??
I've since realised that always restarting in response to -ECHILD isn't
necessary and isn't how normal path-walk works. Restarting might be
needed, but the first response to -ECHILD is to try legitimize_path().
If that succeeds, then it is safe to sleep.
So returning -ECHILD might just result in vfs_walk_ancestors() calling
legitimize_path() and then calling walk_cb() again. Why not have
walk_cb() do the vfs_legitimize_path() call (which will almost always
succeed in practice).
NeilBrown
>
> Does this make sense? Did I miss any cases?
>
> Thanks,
> Song
>
>
Powered by blists - more mailing lists