| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250821224914.GD39973@ZenIV> Date: Thu, 21 Aug 2025 23:49:14 +0100 From: Al Viro <viro@...iv.linux.org.uk> To: Christian Brauner <brauner@...nel.org> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, David Laight <david.laight.linux@...il.com>, Thomas Gleixner <tglx@...utronix.de>, LKML <linux-kernel@...r.kernel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, Peter Zijlstra <peterz@...radead.org>, Darren Hart <dvhart@...radead.org>, Davidlohr Bueso <dave@...olabs.net>, André Almeida <andrealmeid@...lia.com>, x86@...nel.org, Jan Kara <jack@...e.cz>, linux-fsdevel@...r.kernel.org Subject: Re: [patch 0/4] uaccess: Provide and use helpers for user masked access On Thu, Aug 21, 2025 at 09:45:22AM +0200, Christian Brauner wrote: > On Thu, Aug 21, 2025 at 12:48:15AM +0100, Al Viro wrote: > > On Tue, Aug 19, 2025 at 01:39:09AM +0100, Al Viro wrote: > > > I'm still trying to come up with something edible for lock_mount() - > > > the best approximation I've got so far is > > > > > > CLASS(lock_mount, mp)(path); > > > if (IS_ERR(mp.mp)) > > > bugger off > > > > ... and that does not work, since DEFINE_CLASS() has constructor return > > a value that gets copied into the local variable in question. > > > > Which is unusable for situations when a part of what constructor is > > doing is insertion of that local variable into a list. > > > > __cleanup() per se is still usable, but... no DEFINE_CLASS for that kind > > of data structures ;-/ > > Just add the custom infrastructure that we need for this to work out imho. Obviously... I'm going to put that into a branch on top of -rc3 and keep the more infrastructural parts in the beginning, so they could be merged into other branches in vfs/vfs.git without disrupting things on reordering. > If it's useful outside of our own realm then we can add it to cleanup.h > and if not we can just add our own header... lock_mount() et.al. are purely fs/namespace.c, so no header is needed at all. FWIW, existing guards in there have problems - I ended up with DEFINE_LOCK_GUARD_0(namespace_excl, namespace_lock(), namespace_unlock()) DEFINE_LOCK_GUARD_0(namespace_shared, down_read(&namespace_sem), up_read(&namespace_sem)) in fs/namespace.c and DEFINE_LOCK_GUARD_0(mount_writer, write_seqlock(&mount_lock), write_sequnlock(&mount_lock)) DEFINE_LOCK_GUARD_0(mount_locked_reader, read_seqlock_excl(&mount_lock), read_sequnlock_excl(&mount_lock)) in fs/mount.h; I'm doing conversions to those where they clearly are good fit and documenting as I go. mount_lock ones really should not be done in a blanket way - right now they are wrong in quite a few cases, where writer is used instead of the locked reader; we'll need to sort that out and I'd rather keep the open-coded ones for the stuff yet to be considered and/or tricky. BTW, the comments I'm using for functions are along the lines of * locks: mount_locked_reader || namespace_shared && is_mounted(mnt) this one - for is_path_reachable(). If you look through the comments there you'll see things like "vfsmount lock must be held for write" and the rwlock those are refering to had been gone for more than a decade... DEFINE_LOCK_GUARD_0 vs. DEFINE_GUARD makes for saner code generation; having it essenitally check IS_ERR_OR_NULL(&namespace_sem) is already ridiculous, but when it decides to sacrifice a register for that, complete with a bunch of spills...
Powered by blists - more mailing lists