Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3064940ybv; Mon, 24 Feb 2020 17:25:23 -0800 (PST) X-Google-Smtp-Source: APXvYqzLC20YvdBe6ZhvbiWEpKqxMGjmqEkz+l7d+K3I7SIeR8YJoNoDNOR4rNzvrZ0VyhaSNSJC X-Received: by 2002:a05:6808:643:: with SMTP id z3mr1536327oih.19.1582593923778; Mon, 24 Feb 2020 17:25:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582593923; cv=none; d=google.com; s=arc-20160816; b=C+PwBjX2IIFu0qGc9bGQaeiLOMzjdiGHCMihpQcqrj9DowG6f+7w14G9wqxlnYOjjY dHYnwcVvEEbp1Lvlur8Ox4sKxYB1DvcXOrLhGp3SExqo21+EdknJFFN63OFtQjfM9+DP qYJbxABFOkn+7u6rqPx3n9dUXg00ApGhOnJR4fUiD0f3Ev/DYUqYQLIgjZL6zgBwt3ri J4dVT2VHmJ+gJJQUr5hzsuThYAn+2oiouriblVyjX/NK27K0ltkiCSLOrutibo9BNcD9 2SkvWkB/F9R3GUSUr3QEZr5yVwFy5TyoKIUlW/Zb5V21ie7mydvA91U5QgtxsLhUjg18 Jf5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=OX+b3rn/oHn+QUSgcaOgsiWKU97IqJEw4cECCY+4KZs=; b=fwfOHUM3+OVezNFD6g2wDWgDDynVjbkiRSJUPA23r6fh2yxZ/PhAHbnu/Z8fG0yPrn CvkQU/Jj3S2GFLG7ewBIW/A6KRzckBXcPuJcqb5VD4hrUhoRQbxabK2uvRl83OYQsYO8 fCk3iWSi8ft+Y7dMIE70w8BWklp8Kcl6pS8U4dhyAd7vJY8HKhfqWsP1mnArSQebgCCE NXdJn/Vo8c9/X5UbvjEKCcZZrgqhANIqcdHnE9MhC/2VeD8Zvp+id5OBT1CSPHVGuXl6 hvTGlJK/KnrzBXPawNDt5WSPwaXoX2i8jW4ai6tNXvRERwkcH36TUys222JWrgs56BJT JNYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l17si7060498otp.248.2020.02.24.17.25.11; Mon, 24 Feb 2020 17:25:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728659AbgBYBZA (ORCPT + 99 others); Mon, 24 Feb 2020 20:25:00 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:54390 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728135AbgBYBY7 (ORCPT ); Mon, 24 Feb 2020 20:24:59 -0500 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1j6Oy1-000c1D-U6; Tue, 25 Feb 2020 01:24:58 +0000 Date: Tue, 25 Feb 2020 01:24:57 +0000 From: Al Viro To: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Linus Torvalds , Aleksa Sarai Subject: Re: [RFC][PATCHSET] sanitized pathwalk machinery (v2) Message-ID: <20200225012457.GA138294@ZenIV.linux.org.uk> References: <20200223011154.GY23230@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200223011154.GY23230@ZenIV.linux.org.uk> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Feb 23, 2020 at 01:12:21AM +0000, Al Viro wrote: > This is a slightly extended repost of the patchset posted on > Jan 19. Current branch is in vfs.git#work.do_last, the main > difference from the last time around being a bit of do_last() > untangling added in the end of series. #work.openat2 is already > in mainline, which simplifies the series - now it's a straight > branch with no merges. Whee... While trying to massage ".." handling towards the use of regular mount crossing semantics, I've found something interesting. Namely, if you start in a directory with overmounted parent, LOOKUP_NO_XDEV resolution of ../something will bloody well cross into the overmount. Reason: follow_dotdot() (and its RCU counterpart) check for LOOKUP_NO_XDEV when crossing into underlying fs, but not when crossing into overmount of the parent. Interpretation of .. is basically loop: if we are in root // uncommon next = current position else if we are in root of a mounted filesystem // more rare move to underlying mountpoint goto loop else next = parent directory of current position // most common while next is overmounted // _VERY_ uncommon next = whatever's mounted on next move to next The second loop should've been sharing code with the normal mountpoint crossing. It doesn't, which has already lead to interesting inconsistencies (e.g. autofs generally expects ->d_manage() to be called before crossing into it; here it's not done). LOOKUP_NO_XDEV has just added one more... Incidentally, another inconsistency is LOOKUP_BENEATH treatment in case when we have walked out of the subtree by way of e.g. procfs symlink and then ran into .. in the absolute root (that's if (!follow_up(&nd->path)) break; in follow_dotdot()). Shouldn't that give the same reaction as .. in root (EXDEV on LOOKUP_BENEATH, that is)? It doesn't... Another one is about LOOKUP_NO_XDEV again: suppose you have process' root directly overmounted and cwd in the root of whatever's overmounting it. Resolution of .. will stay in cwd - we have no parent within the chroot jail we are in, so we move to whatever's overmounting that root. Which is the original location. Should we fail on LOOKUP_NO_XDEV here? Plain .. in the root of chroot jail (not overmounted by anything) does *not*...