Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753620AbcDTD0t (ORCPT <rfc822;w@1wt.eu>);
	Tue, 19 Apr 2016 23:26:49 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:42569 "EHLO
	ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752752AbcDTD0s (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 19 Apr 2016 23:26:48 -0400
Date: Wed, 20 Apr 2016 04:25:42 +0100
From: Al Viro <viro@ZenIV.linux.org.uk>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Andy Lutomirski <luto@amacapital.net>, security@debian.org,
        "security@kernel.org" <security@kernel.org>,
        "security@ubuntu.com >> security" <security@ubuntu.com>,
        Peter Hurley <peter@hurleysoftware.com>,
        Serge Hallyn <serge.hallyn@ubuntu.com>, Willy Tarreau <w@1wt.eu>,
        Aurelien Jarno <aurelien@aurel32.net>,
        One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        Jann Horn <jann@thejh.net>, Greg KH <greg@kroah.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Jiri Slaby <jslaby@suse.com>, Florian Weimer <fw@deneb.enyo.de>
Subject: Re: [PATCH] devpts: Make each mount of devpts an independent
 filesystem.
Message-ID: <20160420032541.GE25498@ZenIV.linux.org.uk>
References: <CA+55aFzs00iDkYhvFCq=AZMVcNL0+oZT4SeimTeVurJq=5ZS3A@mail.gmail.com>
 <CALCETrUQ_Oad61dYvPpYFxDBT++jhZoAT3e4n4yiu22iTNcxNQ@mail.gmail.com>
 <CALCETrUJ_KuGJoVxuUjWGCNHBNs5Vk8E68MtsWoTdURJ+=iJnQ@mail.gmail.com>
 <CA+55aFzchGpOp0R0RjM6Bsk23GWp1t76fgFi8q6FZQndHq5EtA@mail.gmail.com>
 <570D4781.3070600@zytor.com>
 <877ffyzy1j.fsf_-_@x220.int.ebiederm.org>
 <alpine.LFD.2.20.1604161105040.30857@i7>
 <87twixgsnq.fsf@x220.int.ebiederm.org>
 <CA+55aFyOv3jUOsC-JbfeqM-Rs1z1a+QEt2EejpTf-9EfXdttdg@mail.gmail.com>
 <87oa95gevf.fsf_-_@x220.int.ebiederm.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87oa95gevf.fsf_-_@x220.int.ebiederm.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 3532
Lines: 114

On Tue, Apr 19, 2016 at 10:04:20PM -0500, Eric W. Biederman wrote:
> +#ifdef CONFIG_UNIX98_PTYS
> +int path_pts(struct path *path)
> +{
> +	/* Find "pts" in the same directory as the input path */
> +	struct dentry *child, *parent;
> +	struct qstr this;
> +	int ret;
> +
> +	ret = path_parent_directory(path);
> +	if (ret)
> +		return ret;
> +
> +	parent = path->dentry;
> +	if (!d_can_lookup(parent))
> +		return -ENOENT;

And how, pray tell, would a parent of anything fail to be a directory?

> +	this.name = "pts";
> +	this.len = 3;
> +	this.hash = full_name_hash(this.name, this.len);
> +	if (parent->d_flags & DCACHE_OP_HASH) {
> +		int err = parent->d_op->d_hash(parent, &this);
> +		if (err < 0)
> +			return err;
> +	}
> +	inode_lock(parent->d_inode);

What the hell for?  What does that lock on parent change for the
dcache lookup you are doing here?

> +	child = d_lookup(parent, &this);
> +	inode_unlock(parent->d_inode);
> +	if (!child)
> +		return -ENOENT;

Take a look at d_hash_and_lookup(), BTW...

> +	path->dentry = child;
> +	dput(parent);
> +	follow_mount(path);
> +	return 0;
> +}
> +#endif
> +
>  int user_path_at_empty(int dfd, const char __user *name, unsigned flags,
>  		 struct path *path, int *empty)
>  {
> diff --git a/include/linux/devpts_fs.h b/include/linux/devpts_fs.h
> index e0ee0b3000b2..486f6282b0c6 100644
> --- a/include/linux/devpts_fs.h
> +++ b/include/linux/devpts_fs.h
> @@ -17,36 +17,21 @@
>  
>  #ifdef CONFIG_UNIX98_PTYS
>  
> -int devpts_new_index(struct inode *ptmx_inode);
> -void devpts_kill_index(struct inode *ptmx_inode, int idx);
> -void devpts_add_ref(struct inode *ptmx_inode);
> -void devpts_del_ref(struct inode *ptmx_inode);
> +struct pts_fs_info;
> +
> +struct pts_fs_info *devpts_acquire(struct file *filp);
> +void devpts_release(struct pts_fs_info *fsi);
> +
> +int devpts_new_index(struct pts_fs_info *fsi);
> +void devpts_kill_index(struct pts_fs_info *fsi, int idx);
>  /* mknod in devpts */
> -struct inode *devpts_pty_new(struct inode *ptmx_inode, dev_t device, int index,
> +struct inode *devpts_pty_new(struct pts_fs_info *fsi, dev_t device, int index,
>  		void *priv);
>  /* get private structure */
>  void *devpts_get_priv(struct inode *pts_inode);
>  /* unlink */
>  void devpts_pty_kill(struct inode *inode);
>  
> -#else
> -
> -/* Dummy stubs in the no-pty case */
> -static inline int devpts_new_index(struct inode *ptmx_inode) { return -EINVAL; }
> -static inline void devpts_kill_index(struct inode *ptmx_inode, int idx) { }
> -static inline void devpts_add_ref(struct inode *ptmx_inode) { }
> -static inline void devpts_del_ref(struct inode *ptmx_inode) { }
> -static inline struct inode *devpts_pty_new(struct inode *ptmx_inode,
> -		dev_t device, int index, void *priv)
> -{
> -	return ERR_PTR(-EINVAL);
> -}
> -static inline void *devpts_get_priv(struct inode *pts_inode)
> -{
> -	return NULL;
> -}
> -static inline void devpts_pty_kill(struct inode *inode) { }
> -
>  #endif
>  
>  
> diff --git a/include/linux/namei.h b/include/linux/namei.h
> index 77d01700daf7..f29abda31e6d 100644
> --- a/include/linux/namei.h
> +++ b/include/linux/namei.h
> @@ -45,6 +45,8 @@ enum {LAST_NORM, LAST_ROOT, LAST_DOT, LAST_DOTDOT, LAST_BIND};
>  #define LOOKUP_ROOT		0x2000
>  #define LOOKUP_EMPTY		0x4000
>  
> +extern int path_pts(struct path *path);
> +
>  extern int user_path_at_empty(int, const char __user *, unsigned, struct path *, int *empty);
>  
>  static inline int user_path_at(int dfd, const char __user *name, unsigned flags,
> -- 
> 2.8.1
>