Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1680108imm;
        Sat, 13 Oct 2018 01:23:10 -0700 (PDT)
X-Google-Smtp-Source: ACcGV633vYIE5hiIRkAOPheqsP1G58IvU5xoX7BO+YwWZWR9FRnhBw56GQ8kwJ4r7vxfyaBswu3F
X-Received: by 2002:a62:d582:: with SMTP id d124-v6mr9379745pfg.31.1539418990172;
        Sat, 13 Oct 2018 01:23:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539418990; cv=none;
        d=google.com; s=arc-20160816;
        b=fWcZacq8WUUOfWfPFbxvHoQwxebDMtWXO1pSL5OLejThM9VB749jZQM1cN/2o3Ir4R
         37MTqLDg2TzFO06lHaHPiPKsmFNxlSd2hrFFf65p5e/vW8RVhIOE64S8A57j6AAgAPMT
         4eiJLSIPlLhIRUVTcL7pMYlZUMkYv2uWu1OSLruL6EpBw41lZUazgNWZt2pCqqymGpbw
         IIjcy1h+gcvTS6NLKSfBPPc7Bhu41eNNEWBDVImNBW4fZcE/s4HLo8y/waqNlvsuJabd
         yMvcAKxNDP35MJSTJN45AqsiHRcWyxcTIVIxeW2G5q8gLEQkHUpsbD6qLKDew0Aqzxks
         AqfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=CplOhJ61Q8PDGuuYzoI+YxJblyQRORGBvEfqknQxnhk=;
        b=Lx7sRzkS308eREtBnM3J8ZFD1vGoRaMzfXkrksji7rCnHAfR//S6G0CRtTC0QYccSy
         bEMZQpZ7cI2VtMnZeAY23dRN8UTfcLFoMyml6ets9/je0NC3iqZnB9+67dlIHjcX5o6G
         h9XfwcEfa5pGp0dzX63F51QOj9VM5Em8U5iZ5UUaRMp4It9giNCAQqQ9nY7u9t247ydO
         sEIYGi9Wu9MdAkx1rFfZe6O3M3MCK/SkEWpZrnKgX/Ph6CNtK1xu/FYraxy16C3e/HAs
         tOLba3U1VHz4myoYFfNIGwUoq5vNndhN9ph90xrbgDx3RGBMkSOAZXbiUud/HcOSryfc
         xQQw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e62-v6si4109413pfe.31.2018.10.13.01.22.55;
        Sat, 13 Oct 2018 01:23:10 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726831AbeJMP6n (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Sat, 13 Oct 2018 11:58:43 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:48402 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726707AbeJMP6n (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 13 Oct 2018 11:58:43 -0400
Received: from viro by ZenIV.linux.org.uk with local (Exim 4.90_1 #2 (Red Hat Linux))
        id 1gBFBa-0005qw-GX; Sat, 13 Oct 2018 08:22:10 +0000
Date:   Sat, 13 Oct 2018 09:22:10 +0100
From:   Al Viro <viro@ZenIV.linux.org.uk>
To:     Aleksa Sarai <asarai@suse.de>
Cc:     Jann Horn <jannh@google.com>, cyphar@cyphar.com,
        "Eric W. Biederman" <ebiederm@xmission.com>, jlayton@kernel.org,
        Bruce Fields <bfields@fieldses.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Andy Lutomirski <luto@kernel.org>,
        David Howells <dhowells@redhat.com>, christian@brauner.io,
        Tycho Andersen <tycho@tycho.ws>,
        David Drysdale <drysdale@google.com>, dev@opencontainers.org,
        containers@lists.linux-foundation.org,
        linux-fsdevel@vger.kernel.org,
        kernel list <linux-kernel@vger.kernel.org>,
        linux-arch <linux-arch@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH v3 3/3] namei: aggressively check for nd->root escape on
 ".." resolution
Message-ID: <20181013082210.GU32577@ZenIV.linux.org.uk>
References: <20181009070230.12884-1-cyphar@cyphar.com>
 <20181009070230.12884-4-cyphar@cyphar.com>
 <CAG48ez3Ae5b20g2UquekfBNaUw1tLt4nWy2pYm-LNRMbDVpHfA@mail.gmail.com>
 <20181009153728.2altaqxclntvyc7b@mikami>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20181009153728.2altaqxclntvyc7b@mikami>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Oct 10, 2018 at 02:37:28AM +1100, Aleksa Sarai wrote:
> > > +static inline int nd_alloc_dpathbuf(struct nameidata *nd)
> > > +{
> > > +       if (unlikely(!nd->dpathbuf)) {
> > > +               if (nd->flags & LOOKUP_RCU) {
> > > +                       nd->dpathbuf = kmalloc(PATH_MAX, GFP_ATOMIC);
> > > +                       if (unlikely(!nd->dpathbuf))
> > > +                               return -ECHILD;
> > > +               } else {
> > > +                       nd->dpathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
> > > +                       if (unlikely(!nd->dpathbuf))
> > > +                               return -ENOMEM;
> > > +               }
> > > +       }
> > > +       return 0;
> > > +}
> > 
> > Note that a fixed-size path buffer means that if the path is very
> > long, e.g. because you followed long symlinks on the way down, this
> > can cause lookup failures.
> 
> This is already an issue with __d_path (even if the buffer was larger)
> because it will not output a path longer than PATH_MAX. I imagine this
> is a pretty strong argument for why we should refactor __d_path so that
> we can *just* use the escape checking to avoid -ENAMETOOLONG.

Let me get it straight - the whole point of that buffer is to check
if __d_path() returns NULL?  So you allocate it so that you would have
place to copy the path components into... only to have them completely
ignored?

How is that different from path_is_under()?