Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2159002iof; Tue, 7 Jun 2022 21:43:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXMKSkqHLgqVh5PI32TLN9zBMEgd0GP2xE1aJqp2czPsxX7jxU2M6SU99AHDPQS3jL4Q0h X-Received: by 2002:a17:902:f64f:b0:156:f1cc:b284 with SMTP id m15-20020a170902f64f00b00156f1ccb284mr31180591plg.147.1654663398284; Tue, 07 Jun 2022 21:43:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654663398; cv=none; d=google.com; s=arc-20160816; b=eNymLdz6K9cb0l67otDFsOov5HJXLTzy9/15Edhl3ViK7jsQcwYgv/QdZ62K6mFyjR hT9rzVV60pD9xFKOr64OjvHpei7SgItugNWm2xVii4A7Hc3+PAlgzEAxSNhfNjJPTdZJ tuDGtOXRqZ2rr+bs3Z218DqZmNxZYVOWOnCD2La+w2vxKI1KUkmY3sGtVWzWUB//7BCM Oh8Hia8uon2TZ8za1mk2uwTI+3hwRK/EioWMlhLrrKVkG6Czs9ZNxtv47Dz5e6ZuWOBV 97GuyRFfZmpI4A6vUkaKZbwR81uefFVJqgXtmui9AaGXJPG8qKuBoCdgDmAoLLkeNB81 z4oA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=EnkEOmhPrqh2D4k3tHU1H0RuvtUPK4K0jq5RGmjFiRM=; b=QWISg1ZXwfz64Fn11osRCQKpLbkFbst15FkpC9zm10gagZijUsoQRFeMbNVp/IqOg9 QPOehdXFGi7BaPRilJ4aXeWgLRAhqLN4X+tJFrMXTXyC4NsA909Z5XPK21eubeZfLb2t xM/5tU4KTFBQKfwJ45mFBlQ6EuGgH9Zf0guVDpvclFX7WmCRRm+O8ys0nbN2MaaT5P1o REHguAwrDVHX3i5qAnq4jVQQ+x8862Ol+GsgZ00AQeJL+Q0iBs6CXlQxUSoMoMeEapfx PNRAyNs/4qBIJLr2dtCxIcMQPQr3wJ2Mki54cQIW2V8zcMQBXO+Waeu94Taqwj/6ZO+K jsYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=pRzDPsdu; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id 20-20020a630114000000b003fd4101223bsi1913781pgb.798.2022.06.07.21.43.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jun 2022 21:43:18 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=pRzDPsdu; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 7FD8844C39B; Tue, 7 Jun 2022 21:13:15 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236790AbiFGFbO (ORCPT + 99 others); Tue, 7 Jun 2022 01:31:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44286 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236784AbiFGFbL (ORCPT ); Tue, 7 Jun 2022 01:31:11 -0400 Received: from zeniv-ca.linux.org.uk (zeniv-ca.linux.org.uk [IPv6:2607:5300:60:148a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 01342AE25F; Mon, 6 Jun 2022 22:31:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=EnkEOmhPrqh2D4k3tHU1H0RuvtUPK4K0jq5RGmjFiRM=; b=pRzDPsduT5NyGMnydxA8f55N1Z h43zYeCDXeJ4jbqeMxub++tJvQaYCnl9LXpVFkkPQJIHyNsNRG6n+i/jtLoDCEUl6vHwdQ/vLiftm flsxT6hH0wXg+KozawQ/WSFIxnZ8lG6CMh7u42i0uB1GK52LqAsdcqoXE2zQftjm+hQkR5yJl9E7n fIU/sIcEdDIGZTrXVWk3WJUbLs30lHdFzIkJvK+pXszZus+2y8aX5h6I70caMsBoBuFCvOPCFgMT+ s7famyRFrsLq/BXR57ZG4dbGBOLjpR9/yL9PDqHNJLO80Le7559c+JiSTQS6moH8bu+mOY2Tlc4UX I1v+x5Hg==; Received: from viro by zeniv-ca.linux.org.uk with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1nyRo3-004age-8C; Tue, 07 Jun 2022 05:31:07 +0000 Date: Tue, 7 Jun 2022 05:31:07 +0000 From: Al Viro To: Oliver Ford Cc: linux-fsdevel@vger.kernel.org, jack@suse.cz, amir73il@gmail.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/1] fs: inotify: Add full paths option to inotify Message-ID: References: <20220606224241.25254-1-ojford@gmail.com> <20220606224241.25254-2-ojford@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220606224241.25254-2-ojford@gmail.com> Sender: Al Viro X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 06, 2022 at 11:42:41PM +0100, Oliver Ford wrote: > @@ -203,6 +204,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, > { > struct inotify_event inotify_event; > struct inotify_event_info *event; > + struct path event_path; > + struct inotify_inode_mark *i_mark; > size_t event_size = sizeof(struct inotify_event); > size_t name_len; > size_t pad_name_len; > @@ -210,6 +213,18 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, > pr_debug("%s: group=%p event=%p\n", __func__, group, fsn_event); > > event = INOTIFY_E(fsn_event); > + /* ensure caller has access to view the full path */ > + if (event->mask & IN_FULL_PATHS && event->mask & IN_MOVE_SELF && > + kern_path(event->name, 0, &event_path)) { > + i_mark = inotify_idr_find(group, event->wd); > + if (likely(i_mark)) { > + fsnotify_destroy_mark(&i_mark->fsn_mark, group); > + /* match ref taken by inotify_idr_find */ > + fsnotify_put_mark(&i_mark->fsn_mark); > + } > + return -EACCES; > + } > + What. The. Hell? Could you please explain how is it not a massive dentry and mount leak and just what is being attempted here, anyway? Incidentally, who said that pathname will be still resolving to whatever it used to resolve to back when the operation had happened? Or that it would make any sense for the read(2) caller, while we are at it... NAKed-by: Al Viro