Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp1007432ybj; Thu, 7 May 2020 12:33:08 -0700 (PDT) X-Google-Smtp-Source: APiQypKYA/DKCUe4JFMfDwr9KtRXYvR4POZrF+rJYPNIoeqGEBfU+s9dUOnBewdu2Q7rOEL/smT7 X-Received: by 2002:a05:6402:1bc8:: with SMTP id ch8mr13269048edb.53.1588879988055; Thu, 07 May 2020 12:33:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588879988; cv=none; d=google.com; s=arc-20160816; b=eD4x4DkqCZQaCV84w3lHdTbw9ABNMohDvxrmGvxjNRl2HshGOXws6N48Ew/lO23LLN E8G6xkVz2tS2loBWcS0Na7xh7Zba/SnuPhMzivQjKDZL4GaIsVJ35aRAdmLzS12cHe6j 5yYs07qi+FhkijUcIMDHl9JNP+DLI0R4gBJWu0ULA7w2b/LqbSbXqTsRUAnWwXu/vt92 9VvxPwzmTDvo9ii0seatl9NKip8hPbj6XGxFvFBzEdv+sst1QFnIGeBNnsicGiQRXVhC 4xXsMqieVHkzaniI+Ve0OLGAV5K1yEc+gxrLaPT0nASo5eYoJHMNIQk922gubbxwIcsW 5mzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=EqSgSrbPuPOlGpNN60LUV1ruZvfeagEioH0V0aOKBqM=; b=yG5AicPEQNQ9wnOUIrR6E4B11FgUPyfpJYHy/K+2NJvSvk9f2pMbbgUyk/PayVQMcW yTG32OVYlfGHSSkffik52V3D+f6q384r7R59Y8LIoOsqt4RaokKD0AX2shtAkNzA5Rf0 9CMOHyBZO29B+c0CNf7AyooGm9c4GqeiFRnoJG4buIbpwtRrLdelMvNqSN+2+n7jgIb8 UHZNvD/Afv8kmjkVHfjBH+J3R+Gh+3ZPaZix6hDqv85yN0NyNsWeu1P89tqeIatbj4DG JYD4BW85YpXUs/waWltxWh5vFNgMJFX90jzucEBDLWh4Knp4vLVWOBP2EmgxCtDIropc PzjQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d24si3702932edq.199.2020.05.07.12.32.44; Thu, 07 May 2020 12:33:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728420AbgEGT3J (ORCPT + 99 others); Thu, 7 May 2020 15:29:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726367AbgEGT3G (ORCPT ); Thu, 7 May 2020 15:29:06 -0400 Received: from ZenIV.linux.org.uk (zeniv.linux.org.uk [IPv6:2002:c35c:fd02::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32798C05BD43; Thu, 7 May 2020 12:29:06 -0700 (PDT) Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1jWmCd-003ASV-I0; Thu, 07 May 2020 19:29:03 +0000 Date: Thu, 7 May 2020 20:29:03 +0100 From: Al Viro To: Jens Axboe Cc: Max Kellermann , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] fs/io_uring: fix O_PATH fds in openat, openat2, statx Message-ID: <20200507192903.GG23230@ZenIV.linux.org.uk> References: <20200507185725.15840-1-mk@cm4all.com> <20200507190131.GF23230@ZenIV.linux.org.uk> <4cac0e53-656c-50f0-3766-ae3cc6c0310a@kernel.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4cac0e53-656c-50f0-3766-ae3cc6c0310a@kernel.dk> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 07, 2020 at 01:05:23PM -0600, Jens Axboe wrote: > On 5/7/20 1:01 PM, Al Viro wrote: > > On Thu, May 07, 2020 at 08:57:25PM +0200, Max Kellermann wrote: > >> If an operation's flag `needs_file` is set, the function > >> io_req_set_file() calls io_file_get() to obtain a `struct file*`. > >> > >> This fails for `O_PATH` file descriptors, because those have no > >> `struct file*` > > > > O_PATH descriptors most certainly *do* have that. What the hell > > are you talking about? > > Yeah, hence I was interested in the test case. Since this is > bypassing that part, was assuming we'd have some logic error > that attempted a file grab for a case where we shouldn't. Just in case - you do realize that you should either resolve the descriptor yourself (and use the resulting struct file *, without letting anyone even look at the descriptor) *or* pass the descriptor as-is and don't even look at the descriptor table? Once more, with feeling: Descriptor tables are inherently sharable objects. You can't resolve a descriptor twice and assume you'll get the same thing both times. You can't insert something into descriptor table and assume that the same slot will be holding the same struct file reference after the descriptor table has been unlocked. Again, resolving the descriptor more than once in course of syscall is almost always a serious bug; there are very few exceptions and none of the mentioned in that patch are anywhere near those. IOW, that patch will either immediately break things on O_PATH (if you are really passing struct file *) or it's probably correct, but the reason is entirely different - it's that you are passing descriptor, which gets resolved by whatever you are calling, in which case io_uring has no business resolving it. And if that's the case, you are limited to real descriptors - your descriptor table lookalikes won't be of any use.