Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp5402341rwb; Wed, 17 Aug 2022 17:20:51 -0700 (PDT) X-Google-Smtp-Source: AA6agR4vIXrZkfIIWvA23IEneM3a3Dgjy0HdcW5VXhPAO6xFv+NU03zJBP5XN2uC+u/0YeEfKQ9+ X-Received: by 2002:a17:90b:4a51:b0:1f5:8308:6ed7 with SMTP id lb17-20020a17090b4a5100b001f583086ed7mr6121425pjb.177.1660782051380; Wed, 17 Aug 2022 17:20:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660782051; cv=none; d=google.com; s=arc-20160816; b=m8tp4KK4MxA3FSFSFLjEKDbCyUJHfvOWFugoJbR9c+MunHu4RQScAbGn5sFLR5Xy10 v7VWp6sWN/Z+b5VAx7x1Ku2CivcQytuRcVBk8A9RBZaD1qe4yUVqjrdoVYdJcsQUvsv9 W/FPAn5Kk12MdqgevWDyVRpXj2NaJ/7X8x/HP4tQL3hj5Z9M5DVZTM0rnrq52y+veviQ Ha2fWeQwI4yo3RxmsCI5w7UZQrfkidRlgiZR5lNu9yha9UUd9n3tykVcBYZnfxY/t1un OOVE3UUU411HEnQ0NDBoJC527PE2PupujdD+FUT+Mfi0Hv7WjIoRphUrF2fw8X/iTXoa pWIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=weSEynBDXhIM0E6Muk7SHAMx0Zr8QIPwnPSVCXZYwi0=; b=HxSiJfhXg1MwJHZ37/hiJPG8Wn1x0oCFTJqgVfPyIFyCQSqhlwfLBPE6bNyOH0gOyH 2QXJUvLf0sa93GadP8VSpKW+NAa8QHD1JwFsUg94wEUbvb7zn/hsbenwhFo9ylaR94FP ebqC/PJsBUXlswaTcnKrEh3pH4IrDsR2XJ6XA4zqvXFj/hvmIEqOL0u3mnXDWatZeb9m DoIT4tqc6o21l664ENVzFDP5WRSRUu+TsoQ+ssP+GDjzgze3+aKQNoFkghJFQBqHckhU zLrDPZRKEd7ArHeOAUIU7qgkvCB1TuYFNMaAGWe21bX0HEj7OCAy5NwLQIuBBCTpgg/i ajkA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=bZsk9YlO; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k185-20020a636fc2000000b00429f5da7c73si163798pgc.166.2022.08.17.17.20.25; Wed, 17 Aug 2022 17:20:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=bZsk9YlO; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241809AbiHRABa (ORCPT + 99 others); Wed, 17 Aug 2022 20:01:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242275AbiHRAB1 (ORCPT ); Wed, 17 Aug 2022 20:01:27 -0400 Received: from zeniv.linux.org.uk (zeniv.linux.org.uk [IPv6:2a03:a000:7:0:5054:ff:fe1c:15ff]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39D78979F0; Wed, 17 Aug 2022 17:01:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=weSEynBDXhIM0E6Muk7SHAMx0Zr8QIPwnPSVCXZYwi0=; b=bZsk9YlO1Dkeoq/LDchmPuISqE dJs6h4PAbG8MZfGQQtD1+jLfB31ZCP0Ktzj92Kr/NiazuKpLWw9BgANGz2wERj2/jmYhxsn1vjSe/ AHcIfehiKeONSIupgUdvczekJxVoCgUjq6hMQhWVV2SlSX10dClE8gHkaMxWFp0UmUthV55AhA3UO 6wzccH7H6277HGUhncZCdN/aePq/1P03eGkd6x5nM0sqgcBu2gh8c/Q4pb1lgPCDRWxCr5pF2xkd4 vK29bSkHKfNmP3Szt4cNj9JOmM0DzLI0gB5ZKsVye5lxPm4m+eYiAqhOyAQoHALfkHE37keBuKUsq 0SEyHLbg==; Received: from viro by zeniv.linux.org.uk with local (Exim 4.95 #2 (Red Hat Linux)) id 1oOSyS-005XAV-Pv; Thu, 18 Aug 2022 00:01:25 +0000 Date: Thu, 18 Aug 2022 01:01:24 +0100 From: Al Viro To: Olga Kornievskaia Cc: linux-nfs , Olga Kornievskaia , linux-fsdevel Subject: Re: [RFC] problems with alloc_file_pseudo() use in __nfs42_ssc_open() Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: Al Viro X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, Aug 17, 2022 at 06:32:15PM -0400, Olga Kornievskaia wrote: > On Wed, Aug 17, 2022 at 6:18 PM Al Viro wrote: > > > > My apologies for having missed that back when the SSC > > patchset had been done (and missing the problems after it got > > merged, actually). > > > > 1) if this > > r_ino = nfs_fhget(ss_mnt->mnt_sb, src_fh, fattr); > > in __nfs42_ssc_open() yields a directory inode, we are screwed > > as soon as it's passed to alloc_file_pseudo() - a *lot* of places > > in dcache handling would break if we do that. It's not too > > nice for a regular file from non-cooperating filesystem, but for > > directory ones it's deadly. > > This inode is created to make an appearance of an opened file to do > (an NFS) read, it's never a directory. Er... Where does the fhandle come from? From my reading it's a client-sent data; I don't know what trust model do you assume, but the price of getting multiple dentries over the same directory inode is high. Bogus or compromised client should not be able to cause severe corruption of kernel data structures...