Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3092648ybv; Mon, 24 Feb 2020 18:03:50 -0800 (PST) X-Google-Smtp-Source: APXvYqzx69OeOsIR55kkHIq+HEGF4Zi+RWlibM551KpzF1HfFyAyV/6y3JGAIfgU/9A50Cj8KOzz X-Received: by 2002:aca:ba55:: with SMTP id k82mr1594922oif.94.1582596230228; Mon, 24 Feb 2020 18:03:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582596230; cv=none; d=google.com; s=arc-20160816; b=n365hLMz+ZG0/rRllcNf001aXA2tFFR1bgFD5rfCzEy3H47GrQJhuRDW/K+2hrkjEd EuHL26kOnalMvJoWl3AezL3xTrO4ivBZdHT6PdYC4d9h3Jxd7XdNfhJJkHXts9T+xI/E kGI/ObMQGjzt4pB+Eh467vnd7uTmsgLXIVnFnMutgcDobT3/wCbcC2CckYCe67+Kxed1 OFAQBkaFvPXW4iWflPU3gOlszclpHFTaK3OjhvqUiaoBBC75nrogJiuQn1a1Ei/LipbO g/TsaNlTSk7xJ3ZXFb/C867P+a1WG8UABiv0HbgCFfBoctc0HBmruONX6DOG6rpPk/gx TdNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=JL8lwUajHYu+JEChs5a8eQTg5qy05CKstF09aO1nYkQ=; b=mKEph9Q+8Alyoo0ctQaJR7YYMtNh9VnG1dlZ7FX4ACaFYRItpqrcEMqB1tuDZxn0on aXzKqdBNEKEKe1e0C/xXw0g+YdG//hwZcc7H/5CADEaM6EHZkYx3QQZPB8u9lAQ62lUp 7DKJw5t9osZGZA9cGQX5LMOfOOHutZ3K2kddgbraz0vjMbS96nSH01ZNpxAK4mg1BOcE FNZxPovCB3BIGT1CoqjENJM374X06wqW4KueV36UvgMKoWO0XcaCdfkoq/cA5HbYmnfy FtMN/II1XHuFvt70vTOQ+91L1rZ9eIcDyeW9aj0IuAY5HEWEXfyFZCXeI8CnGiMjQz1z f4ig== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w5si7233228otm.45.2020.02.24.18.03.37; Mon, 24 Feb 2020 18:03:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728690AbgBYCDJ (ORCPT + 99 others); Mon, 24 Feb 2020 21:03:09 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:54840 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728546AbgBYCDJ (ORCPT ); Mon, 24 Feb 2020 21:03:09 -0500 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1j6PYx-000diw-1R; Tue, 25 Feb 2020 02:03:07 +0000 Date: Tue, 25 Feb 2020 02:03:07 +0000 From: Al Viro To: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Linus Torvalds , Aleksa Sarai Subject: Re: [RFC][PATCHSET] sanitized pathwalk machinery (v2) Message-ID: <20200225020307.GC23230@ZenIV.linux.org.uk> References: <20200223011154.GY23230@ZenIV.linux.org.uk> <20200225012457.GA138294@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200225012457.GA138294@ZenIV.linux.org.uk> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 25, 2020 at 01:24:57AM +0000, Al Viro wrote: > Incidentally, another inconsistency is LOOKUP_BENEATH treatment in case > when we have walked out of the subtree by way of e.g. procfs symlink and > then ran into .. in the absolute root (that's > if (!follow_up(&nd->path)) > break; > in follow_dotdot()). Shouldn't that give the same reaction as .. > in root (EXDEV on LOOKUP_BENEATH, that is)? It doesn't... > > Another one is about LOOKUP_NO_XDEV again: suppose you have process' > root directly overmounted and cwd in the root of whatever's overmounting > it. Resolution of .. will stay in cwd - we have no parent within the > chroot jail we are in, so we move to whatever's overmounting that root. > Which is the original location. Should we fail on LOOKUP_NO_XDEV here? > Plain .. in the root of chroot jail (not overmounted by anything) does > *not*... FWIW, my preference would be the following (for non-RCU case; RCU one is similar) get_parent(nd) { if (path_equal(&nd->path, &nd->root)) return NULL; if (nd->path.dentry != nd->path.mnt->mnt_root) return dget_parent(nd->path.dentry); m = real_mount(nd->path.mnt); read_seqlock_excl(&mount_lock); while (mnt_has_parent(m)) { d = m->mnt_mountpoint; m = m->mnt_parent; if (&m->mnt == nd->root.mnt && d == nd->root.path) // root break; if (m->mnt_root != d) { if (unlikely(nd->flags & LOOKUP_NO_XDEV)) { read_sequnlock_excl(&mount_lock); return ERR_PTR(-EXDEV); } mntget(&m->mnt); dget(d); read_sequnlock_excl(&mount_lock); path_put(&nd->path); nd->path.mnt = &m->mnt; nd->path.dentry = d; nd->inode = d->d_inode; return dget_parent(d); } } read_sequnlock_excl(&mount_lock); return NULL; } with follow_dotdot() doing parent = get_parent(nd); if (unlikely(IS_ERR(parent))) return PTR_ERR(parent); if (unlikely(!parent)) { .. in root is a rare case bugger off if LOOKUP_BENEATH parent = dget(nd->path.dentry); } else if (unlikely(!path_connected(nd->path.mnt, parent))) { dput(parent); return -ENOENT; } dput(nd->path.dentry); nd->path.dentry = parent; follow_mount(&nd->path); ... with the last part replaced with step_into(nd, WALK_NOFOLLOW, dentry, NULL, 0); later in this series, with similar in RCU case (only there we would want inode and seq supplied, as usual, so it would be get_parent_rcu(nd, &inode, &seq)).