Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp69413ybe; Wed, 4 Sep 2019 15:18:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqxBaHcVyS9dNdljj1HLfaW4Ytl81XKjhzEvfeIVGr+SYJlvH1qTO5R2fjvPCqMA3eLlj0rb X-Received: by 2002:a17:902:a983:: with SMTP id bh3mr14826plb.311.1567635526827; Wed, 04 Sep 2019 15:18:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567635526; cv=none; d=google.com; s=arc-20160816; b=QJTWZFR6ZAQGdNjDrHOjNq6M7Cba7kE21sZmqjodpTYRYLrElRD7NTaogjNoEzPyV4 fruFyf7JZV20wjL1aj3yZrSTKcwtGGm1guey7DJQHgUIsjTPLmIu3tn3ew9tCZULGTy8 A7mw6/eDU4zhwAWF+4G6BqigTGCkJO/FF0wTQB8d/Ld/4A3WJ3tcOlD9mDC9XRHs39Qs o6a+8fRh4zcRuPNBaZ9MxoOWV0U+6Qvqiz/CdVzToWKLMiUZlBWHNxSNThG+H3OgAJ0j M4yTGLu4WqTIvkaNaMeWHdPbDzsrYmFYt4il34h3g91iC36Pt1D5kL1HicPqI+nzxTdC Soog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=L+6eZ5jXr9FHa9aXBFBl0ghBEbFlLODFrE967a3DFmE=; b=g3JMmNKvgaLjagDauPydeS3Per448o7yPTVGuYk8kgzY9lIBmySME4OXVZyF/Y9JmV 1smL3EsYgo63y/4wlKtZpK35SZBQWhCLm5cEWlmqilTtZSmJiSurA2HGIqlt09QSxeN+ AddT8t9Mu6mbVZE8lxSeQbnw6qPVlml8QofR+ur9lf0I4wRBxUH6IXFlJPgGj/ZmrR2g QgHy4v64Em2bQEBAVaSRMYBW02ykmDzIV7dEMRs2s/72Zh+NqyIe7hE85O6n7cbL6oaH YqYkWHYEOYx9FYw9Gd1nJ4x25jtMXb60wMNBwZoCmTdz+I9nm1HQj6DiFMcA6ZkiCADu DS4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=hfyCSdKg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v19si266633pjn.96.2019.09.04.15.18.30; Wed, 04 Sep 2019 15:18:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=hfyCSdKg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730960AbfIDWRP (ORCPT + 99 others); Wed, 4 Sep 2019 18:17:15 -0400 Received: from mail-lf1-f66.google.com ([209.85.167.66]:33397 "EHLO mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730936AbfIDWRM (ORCPT ); Wed, 4 Sep 2019 18:17:12 -0400 Received: by mail-lf1-f66.google.com with SMTP id d10so297827lfi.0 for ; Wed, 04 Sep 2019 15:17:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=L+6eZ5jXr9FHa9aXBFBl0ghBEbFlLODFrE967a3DFmE=; b=hfyCSdKgCY/Fe6ZhOgmUuzH+l1Av9MeoieBRJhOHgspd/HlfkJB3tRok9F33ql8Uzt YCi53+gSbOv7WH3zYmMiTF0zGBnANwxV7c7oClcZwaNIXXqds0cxD5Xcu535ms7QpKLP zDVTwLMuj95aI+DpS0Y7tzdH7BHLTHU6tmSJs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=L+6eZ5jXr9FHa9aXBFBl0ghBEbFlLODFrE967a3DFmE=; b=Aziotw/hQ+RqYOZHRR5RYF/KYua8NztJbuj0Uip5/9Te9AkXCrH1E8aeS1umajBYzS WYjKkOh3jZOYIgCdH1+sCmRdz+29uImkOimy6MDnO51d3YkBBFYHtPlKV0G80sVrVD6T I7rX1/X8dzdMa2DfW5dOU7qpBbvAnSAYkXC+Doyh4b/POF/BCPLMhIJM1AiDUz82mX5J bvCqh9KVLUaEjh74+E5HQa6sYq8Sw+tQUbsej2bIvC4YF5JJV7PUN6CX75U1h3O8Veyw xdrH5IErh/QG3TVdaczLwkIlDGzw+SfnhkW3FiRV9Z6jLusgITvuSWzFxVjMHKNYmQRY TpXA== X-Gm-Message-State: APjAAAUX4eerQduvi3HYS74Ttt7OdQ+47txv86Vd/HNj8kUWAene74LA jSoto6En1NOVivnvrIpVj/X8AjQIX0w= X-Received: by 2002:a19:c191:: with SMTP id r139mr226439lff.23.1567635429474; Wed, 04 Sep 2019 15:17:09 -0700 (PDT) Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com. [209.85.208.180]) by smtp.gmail.com with ESMTPSA id y10sm15880ljk.5.2019.09.04.15.17.06 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Sep 2019 15:17:08 -0700 (PDT) Received: by mail-lj1-f180.google.com with SMTP id e17so255319ljf.13 for ; Wed, 04 Sep 2019 15:17:06 -0700 (PDT) X-Received: by 2002:a2e:9a84:: with SMTP id p4mr24283824lji.52.1567635425244; Wed, 04 Sep 2019 15:17:05 -0700 (PDT) MIME-Version: 1.0 References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-11-cyphar@cyphar.com> <20190904214856.vnvom7h5xontvngq@yavin.dot.cyphar.com> In-Reply-To: <20190904214856.vnvom7h5xontvngq@yavin.dot.cyphar.com> From: Linus Torvalds Date: Wed, 4 Sep 2019 15:16:49 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v12 10/12] namei: aggressively check for nd->root escape on ".." resolution To: Aleksa Sarai Cc: Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Shuah Khan , Shuah Khan , Ingo Molnar , Peter Zijlstra , Christian Brauner , Jann Horn , Kees Cook , Eric Biederman , Andy Lutomirski , Andrew Morton , Alexei Starovoitov , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Rasmus Villemoes , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Aleksa Sarai , Linux Containers , alpha , Linux API , linux-arch , Linux ARM , linux-fsdevel , linux-ia64@vger.kernel.org, Linux List Kernel Mailing , "open list:KERNEL SELFTEST FRAMEWORK" , linux-m68k , linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390 , Linux-sh list , linux-xtensa@linux-xtensa.org, sparclinux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 4, 2019 at 2:49 PM Aleksa Sarai wrote: > > Hinting to userspace to do a retry (with -EAGAIN as you mention in your > other mail) wouldn't be a bad thing at all, though you'd almost > certainly get quite a few spurious -EAGAINs -- &{mount,rename}_lock are > global for the entire machine, after all. I'd hope that we have some future (possibly very long-term) alternative that is not quite system-global, but yes, right now they are. Which is one reason I'd rather see EAGAIN in user space - yes, it probably makes it even easier to trigger, but it also means that user space might be able to do something about it when it does trigger. For example, maybe user space can first just use an untrusted path as-is, and if it gets EAGAIN or EXDEV, it may be that user space can simplify the path (ie turn "xyz/.../abc" into just "abc". And even if user space doesn't do anything like that, I suspect a performance problem is going to be a whole lot easier to debug and report when somebody ends up seeing excessive retries happening. As a developer you'll see it in profiles or in system call traces, rather than it resulting in very odd possible slowdowns for the kernel. And yeah, it would probably be best to then at least delay doing option 3 indefinitely, just to make sure user space knows about and actually has a test-case for that EAGAIN happening. Linus