Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp417041pxu; Tue, 5 Jan 2021 15:04:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJxkaHRDwZpSTIQcdOqlq5RArta05gkeQely88jhmyLG1/UNO5cFQtagLMkCabholjlezFRe X-Received: by 2002:a17:906:af79:: with SMTP id os25mr1083044ejb.275.1609887845824; Tue, 05 Jan 2021 15:04:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609887845; cv=none; d=google.com; s=arc-20160816; b=ECz/zPP5a+octai+orNdFXTJpKj8f0lc4PfxgTkyCjTELTgkq6wQYUZJv2GKimpoms WwZ8pQDc7og5gSrV52Ko2FP9d1lQWZL6Sas2bvLSKM1znIoUm61Q7XLWqa08ZWL4dSZS uvId56ddeEckaArDGA4Vnm9729NspedGqxDjVDmKH7B/8KSpt9oMGxbSTBb7VTaxAHuF pHX9isRjWgCpMT+FOLkxhOWoxza02hRorjmin/80kilU7Yy2Z9oHHJu3nrhmhzuMs8vP kZh/Yq4noQ1USYzoLhlJ63bZ4rK0TA0jOMMRNDNJ/NQYs6PeBedLyrB3XCfDcdiCL6du fU+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=HTn8QnGDBQwUtXAGH+o2CupvRi7icUrSyvJoOLS9tqo=; b=i6ryDPLNE2VVrifrcXTu+60OMP3ByR8KFlW6KFew/nn2jvQRbhixH4CPUdhNzqPPbl w2X+eWm7aYLL+dxYKUWUI0gFTKvo24blAt6tplyPzxOeF8SOS5+TmPYpg5tNOu7bl3dz kXF+8PofOgDJjTWSEusz5X9NFWfhAk3VIjWzCOb48tuRPMSknWB2Rpa3z1F0Aj8/dZC3 vwgN3q2Esc316V3j/D3+W3f+n3Fk0DSgJLDnKFzIVFgJwcfMoYzdV03i5pa8iPVk+Eve tcogFwPnfMIx4Nk9g4tkS66GVC4xeUtoLwlKlYF+UVGwklqMvyTSrp5uRvNyYLE6PB2J 7YHQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h17si236069ejc.592.2021.01.05.15.03.42; Tue, 05 Jan 2021 15:04:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727739AbhAEVNs (ORCPT + 99 others); Tue, 5 Jan 2021 16:13:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35594 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726773AbhAEVNr (ORCPT ); Tue, 5 Jan 2021 16:13:47 -0500 Received: from ZenIV.linux.org.uk (zeniv.linux.org.uk [IPv6:2002:c35c:fd02::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A492C061574; Tue, 5 Jan 2021 13:13:07 -0800 (PST) Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1kwtdF-007AYs-Vb; Tue, 05 Jan 2021 21:12:46 +0000 Date: Tue, 5 Jan 2021 21:12:45 +0000 From: Al Viro To: Linus Torvalds Cc: Alexey Dobriyan , James Morris , "Serge E. Hallyn" , LSM List , Paul Moore , Stephen Smalley , Eric Paris , SElinux list , Casey Schaufler , Eric Biederman , linux-fsdevel , Linux Kernel Mailing List , Matthew Wilcox , Stephen Brennan Subject: Re: [PATCH v4] proc: Allow pid_revalidate() during LOOKUP_RCU Message-ID: <20210105211245.GY3579531@ZenIV.linux.org.uk> References: <20210104232123.31378-1-stephen.s.brennan@oracle.com> <20210105055935.GT3579531@ZenIV.linux.org.uk> <20210105165005.GV3579531@ZenIV.linux.org.uk> <20210105195937.GX3579531@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: Al Viro Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 05, 2021 at 12:38:31PM -0800, Linus Torvalds wrote: > This whole thing isn't important enough to get the dentry lock. It's > more of a hint than anything else. > > Why isn't the fix to just use READ_ONCE() of the name pointer, and do > it under RCU? Umm... Take a look at audit_log_untrustedstring() - it really assumes that string is not changing under it. It could be massaged to be resilent to such changes, and it's not even all that hard (copy the sucker byte-by-byte, checking them for prohibited characters, with fallback to hex dump if it finds one), but I really don't want to mess with that for -stable and TBH I don't see the point - if the system is spending enough time in spewing into audit for contention and/or cacheline pingpong to matter, you are FUBAR anyway. In this case dumber is better; sure, if it was just a string copy with the accuracy in face of concurrent renames not guaranteed, I'd be all for "let's see if we can just use %pd printf, or go for open-coded analogue of such". But here the lack of whitespaces and quotes in the output is expected by userland tools and that's more sensitive than the accuracy... Again, if there's anybody seriously interested in analogue of %pd with that (or some other) form of quoting, it could be done. But I don't think it's a good idea for -stable and it obviously can be done on top of the minimal race fix.