Received: by 2002:a05:7412:6592:b0:d7:7d3a:4fe2 with SMTP id m18csp1345234rdg; Fri, 11 Aug 2023 19:58:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGGYP5Kw1A2zWd2PxOAj4QvtHKsb8jLGXBaJ/hgtBe6tIoYBMmSTt6IwBhgVpTD2axGgQMG X-Received: by 2002:a05:6808:19a0:b0:3a7:500a:a481 with SMTP id bj32-20020a05680819a000b003a7500aa481mr5490473oib.3.1691809105683; Fri, 11 Aug 2023 19:58:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691809105; cv=none; d=google.com; s=arc-20160816; b=X0HOOyMNJadHw3JKqyYJgsZjVEJ5FEG172Jjc9hdF5TNmOZl2h1KRCSbzkdxrH5K8E sjQW3vN3YJl31u4zq0USDfvL3TLZ1Ljc0zTbfKIR4SeM3lhOyTbaxsldiFUlgJHGJ2oO I0mNhmzU1HixBqUlzt9rUgl08P6sckHYzqZ+ABw0kAjyN6hfn9wcdFg8TzYG5vdA8eCL +yzsiBbzHva6Q2XuntiBHJxlIXHiJhZ914SbtnlHHvuQADIISMVO8sSyAm1amZ1L/gIR rByRGjKGXOOdlz13v9K+xEYR044JJLtNSY7kWajFme5He+rqjgcfJ/AFrrWaKkskHuKZ 4uuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=8r5rfkI/f0JWxTa0P0wyT+P3RB7GX5WL1neTUGTiUmY=; fh=nL118WpnY3LGXPi0GP5e49DxM7+TEZhr95g9EGwQjuY=; b=CRolJnQO7lTONpX+/BDS//Py4ZdH3Eyhb4G6KLQ+NAb+ntvbXlMbn3AmPqJ3UcVEvN grM2UeBIXN0+zxLCp7RRSsm5Auih1qdUQpFIM9hxZgTrLBqMq5JD9K/G0euSZLRyiE91 mLMYRhj7wN4wUrlidIbCGpobpQYQSVRwt0E8beU6p/uR+8vM/ZmunmrepjCSC/beXslR FN6wv/h5QhDVkxJ/TgRvMYqLrsVdaLhfHUduzE7FGn8+/WecmkL1kvBouoK+kDJ6oDxV u2iZ5cMnn/FABgP5qSok9pEJrg8n3wvb7FqZhVaUVcysxBB3O5ZYSMj54jjwehUsXPa9 qJDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=M6JQnBlN; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b26-20020a6567da000000b0053f3b62c207si4240275pgs.767.2023.08.11.19.58.11; Fri, 11 Aug 2023 19:58:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=M6JQnBlN; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233100AbjHLClt (ORCPT + 99 others); Fri, 11 Aug 2023 22:41:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234770AbjHLClt (ORCPT ); Fri, 11 Aug 2023 22:41:49 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E79C268C; Fri, 11 Aug 2023 19:41:48 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0ADD06422F; Sat, 12 Aug 2023 02:41:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C349C433C8; Sat, 12 Aug 2023 02:41:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691808107; bh=Qf0UrKAKMrDNExp3AQ1BgZvKh1gbqbBiuVEpYRftFYQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=M6JQnBlN6gPmRaJcxSle3PgLqulDOpl6MrlQtLwU2djzM9v6MFqzrfW6iIL/vNYkq gyUqetOQzUya+qHJC1Iib0L83q+CcCH1k5F0DSldK6nDNEtrIm27bd0u+0BmbqdIGO kqvHWyLhLuGQhhLVgSA4mHpu4ROacoNAnqfDXILsLNG1hjjPOpvUSvIDMNpGRTFuD7 yDNPaTg+KF2/Mp7m0iQuw7WQo00MtYitS4Dya2TPmbQz9WA/y2cVFyaMaJKoaWLdU5 mf8dAbv724oV7pG6f+83UyqYnnPVW5Y+lNKTuUqt7yJwDVqxZMZ94P9itFMgTBbM3h Ru3S/R+5TgO/A== Date: Fri, 11 Aug 2023 19:41:45 -0700 From: Eric Biggers To: Gabriel Krisman Bertazi Cc: viro@zeniv.linux.org.uk, brauner@kernel.org, tytso@mit.edu, jaegeuk@kernel.org, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, Gabriel Krisman Bertazi Subject: Re: [PATCH v5 06/10] libfs: Validate negative dentries in case-insensitive directories Message-ID: <20230812024145.GD971@sol.localdomain> References: <20230812004146.30980-1-krisman@suse.de> <20230812004146.30980-7-krisman@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230812004146.30980-7-krisman@suse.de> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_SHORT autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Fri, Aug 11, 2023 at 08:41:42PM -0400, Gabriel Krisman Bertazi wrote: > + /* > + * Filesystems will call into d_revalidate without setting > + * LOOKUP_ flags even for file creation (see lookup_one* > + * variants). Reject negative dentries in this case, since we > + * can't know for sure it won't be used for creation. > + */ > + if (!flags) > + return 0; > + > + /* > + * If the lookup is for creation, then a negative dentry can > + * only be reused if it's a case-sensitive match, not just a > + * case-insensitive one. This is needed to make the new file be > + * created with the name the user specified, preserving case. > + */ > + if (flags & (LOOKUP_CREATE | LOOKUP_RENAME_TARGET)) { > + /* > + * ->d_name won't change from under us in the creation > + * path only, since d_revalidate during creation and > + * renames is always called with the parent inode > + * locked. It isn't the case for all lookup callpaths, > + * so ->d_name must not be touched outside > + * (LOOKUP_CREATE|LOOKUP_RENAME_TARGET) context. > + */ > + if (dentry->d_name.len != name->len || > + memcmp(dentry->d_name.name, name->name, name->len)) > + return 0; > + } This is still really confusing to me. Can you consider the below? The code is the same except for the reordering, but the explanation is reworked to be much clearer (IMO). Anything I am misunderstanding? /* * If the lookup is for creation, then a negative dentry can only be * reused if it's a case-sensitive match, not just a case-insensitive * one. This is needed to make the new file be created with the name * the user specified, preserving case. * * LOOKUP_CREATE or LOOKUP_RENAME_TARGET cover most creations. In these * cases, ->d_name is stable and can be compared to 'name' without * taking ->d_lock because the caller holds dir->i_rwsem for write. * (This is because the directory lock blocks the dentry from being * concurrently instantiated, and negative dentries are never moved.) * * All other creations actually use flags==0. These come from the edge * case of filesystems calling functions like lookup_one() that do a * lookup without setting the lookup flags at all. Such lookups might * or might not be for creation, and if not don't guarantee stable * ->d_name. Therefore, invalidate all negative dentries when flags==0. */ if (flags & (LOOKUP_CREATE | LOOKUP_RENAME_TARGET)) { if (dentry->d_name.len != name->len || memcmp(dentry->d_name.name, name->name, name->len)) return 0; } if (!flags) return 0;