Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753424AbbLKVMo (ORCPT ); Fri, 11 Dec 2015 16:12:44 -0500 Received: from out02.mta.xmission.com ([166.70.13.232]:57523 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751076AbbLKVMm (ORCPT ); Fri, 11 Dec 2015 16:12:42 -0500 From: ebiederm@xmission.com (Eric W. Biederman) To: Linus Torvalds Cc: Greg KH , Jiri Slaby , "H. Peter Anvin" , Aurelien Jarno , Andy Lutomirski , Florian Weimer , Al Viro , Serge Hallyn , Jann Horn , "security\@kernel.org" , "security\@ubuntu.com \>\> security" , security@debian.org, Willy Tarreau , Linux Kernel Mailing List References: <43AD2BA7-B594-4299-95F3-D86FD38AF21B@zytor.com> <87egexpf4o.fsf@x220.int.ebiederm.org> <1CB621EF-1647-463B-A144-D611DB150E15@zytor.com> <20151208223135.GA8352@kroah.com> <87oae0h2bo.fsf@x220.int.ebiederm.org> <56677DE3.5040705@zytor.com> <20151209012311.GA11794@kroah.com> <84B136DF-55E4-476A-9CB2-062B15677EE5@zytor.com> <20151209013859.GA12442@kroah.com> <20151209083225.GA30452@1wt.eu> <87wpskyds7.fsf_-_@x220.int.ebiederm.org> Date: Fri, 11 Dec 2015 15:03:53 -0600 In-Reply-To: (Linus Torvalds's message of "Fri, 11 Dec 2015 12:50:23 -0800") Message-ID: <878u50wvd2.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-AID: U2FsdGVkX1+5sKUZog/IwS0dM6xLATdlKJ7bHVSvcw4= X-SA-Exim-Connect-IP: 70.59.167.217 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4999] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa05 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa05 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Linus Torvalds X-Spam-Relay-Country: X-Spam-Timing: total 856 ms - load_scoreonly_sql: 0.14 (0.0%), signal_user_changed: 4.3 (0.5%), b_tie_ro: 2.7 (0.3%), parse: 1.52 (0.2%), extract_message_metadata: 25 (2.9%), get_uri_detail_list: 3.3 (0.4%), tests_pri_-1000: 12 (1.4%), tests_pri_-950: 1.76 (0.2%), tests_pri_-900: 1.51 (0.2%), tests_pri_-400: 35 (4.1%), check_bayes: 34 (4.0%), b_tokenize: 14 (1.6%), b_tok_get_all: 10 (1.2%), b_comp_prob: 2.6 (0.3%), b_tok_touch_all: 4.9 (0.6%), b_finish: 1.13 (0.1%), tests_pri_0: 765 (89.4%), check_dkim_signature: 0.60 (0.1%), check_dkim_adsp: 3.2 (0.4%), tests_pri_500: 4.9 (0.6%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH] devpts: Sensible /dev/ptmx & force newinstance X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3234 Lines: 85 Linus Torvalds writes: > On Fri, Dec 11, 2015 at 11:40 AM, Eric W. Biederman > wrote: >> >> >> +struct inode *devpts_ptmx(struct inode *inode, struct file *filp) >> +{ >> +#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES >> + struct path path, old; >> + struct super_block *sb; >> + struct dentry *root; >> + >> + if (inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC) >> + return inode; >> + >> + old = filp->f_path; >> + path = old; >> + path_get(&path); >> + if (kern_path_pts(&path)) { >> + path_put(&path); >> + return ERR_PTR(-EINVAL); >> + } > > So this is definitely crap. > > You can't return an error. You should just return the old inode. If > somebody doesn't have /dev/pts/ mounted there, the legacy /dev/ptmx > should still work, not return ENOENT or whatever. I return an error because an association is not found. -EINVAL is the historical error when that happens. We can't actually support the old devpts_mnt hack, because we are forcing newinstance and so the devpts instance association devpts_mnt will never be delivered to userspace. Furthermore things such as initramfs images mounting devpts guarantee that even if we did try to support devpts_mnt it would not work in practice. So I really don't see a point in attemptting to support something that won't actually matter, and won't work even if I try. That is really crap. >> + sb = path.mnt->mnt_sb; >> + if (sb->s_magic != DEVPTS_SUPER_MAGIC) { >> + path_put(&path); >> + return ERR_PTR(-EINVAL); >> + } > > Same deal. Returning an error is wrong. > > Of, alternatively, make the caller not consider an error an error, but > fall back to the old behavior in the caller. I understand why it would be nice to keep the old path still working, but we can't. >> + /* >> + * Update filp with the new path so that userspace can use >> + * fstat to know which instance of devpts is open, and so >> + * userspace can use readlink /proc/self/fd/NNN to find the >> + * path to the devpts filesystem for reporting slave inodes. >> + */ > > Hmm. I'm not 100% convinced about this. Normally we do *not* allow > f_path and f_inode to change. I guess this file descriptor hasn't been > exposed yet, so it might be ok, but it makes me a bit nervous that > this code violates the basic filp rules.. It is not my favorite choice but it is backwards compatible. So we can at least write a single version of ptsname that makes sense and works on old and new kernels in all the crazy corner cases without too much pain. If we don't expose this in such a way that a general purpose version of ptsname can be written and exposed to userspace we might as well pack our bags and go home because there will be no way to make grantpt race free in the face of multiple distinct instances of devpts. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/