Received: by 2002:a05:7412:bb8d:b0:d7:7d3a:4fe2 with SMTP id js13csp11969rdb;
        Mon, 14 Aug 2023 08:09:39 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHvNyjXs3i+pJu+sc/z0kN79t31G6w4JSeW1UJD7FtzCMlXlsXGq5BgeDdHFEOwdXojmSxZ
X-Received: by 2002:a05:6808:2010:b0:3a4:ccf:6a63 with SMTP id q16-20020a056808201000b003a40ccf6a63mr13735251oiw.55.1692025779503;
        Mon, 14 Aug 2023 08:09:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1692025779; cv=none;
        d=google.com; s=arc-20160816;
        b=IEy8GGQr5oQ5lb1HK3VI4iFXAhclpTCIYGgdS03TwJU8pjMRoePA+6VH5+KjzGfbst
         eJnAagmfa39kMzYu313nv6E7brt1T22BWbrycw/yl2Zr43ggX/TXNTWPfCnD2SqRIN5G
         Xbl3hODvfLTDJbScoG+HEaawVtgI13B5xg4cQ/1hS5B4qFIOguSLUwtB+AqDY5epKj4B
         oYDo8MZN/32/Mt2wlEZ4Njr9AXNZhFj5biF/YEF7AUiOizi1e3uyJChlwRHpqCW67Sjd
         ZRQW3aTELCg+LEWH4ZvTvVCh+t5pfga8CEahQtaYuo+vEGho701qNX5GsyXo2S9jNy6h
         3J2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:message-id:date
         :references:organization:in-reply-to:subject:cc:to:from
         :dkim-signature:dkim-signature;
        bh=B6QIsNcUwY8iaBQqkPm5CJUyjIlEcOaJL8XUAsTGurs=;
        fh=k9OfdnI6XRCzrwokjBMFiYIUilYmm8DuDW/ukbB0Pgc=;
        b=S4m0RoL+gm36eOoVTOkC0/pJMZKIzEiCVOdBV00Q4WJ8lUAspQVGmcypY2P/l0B7BG
         eEPDBUWxL4Gl+GV9wdBBw/PQQAKPAPDBA95Ujufh3bVd52mDc++g41P7czNI2nJWsa/G
         3njar/GLZlUk5G1A4tRD8Sbjw2GAFBQ6lynbI/MPiikATi2E2fQGqWg8uwwlrtx3uDUF
         lrFU0cNeWXfSxyRejlTvCGDDp9dQXkbLxGR7ckTbl0LxUF6E40Ot7b31A/xExZ+dIxMW
         Tzs0MwsLFAIHnBDf4brY9xxO+2FCOpNMVXiqOMDAkjfL86FoRJ0GHvAXZlqASfSDbhhd
         3uOg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=d0ip1fpo;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=EMCLmF8D;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-ext4-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id m129-20020a633f87000000b00565d4cce6f9si171565pga.97.2023.08.14.08.08.25;
        Mon, 14 Aug 2023 08:09:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=d0ip1fpo;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=EMCLmF8D;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229625AbjHNOuk (ORCPT <rfc822;jacky.kernel@gmail.com>
        + 99 others); Mon, 14 Aug 2023 10:50:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60904 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232574AbjHNOuV (ORCPT
        <rfc822;linux-ext4@vger.kernel.org>); Mon, 14 Aug 2023 10:50:21 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A041A10E3;
        Mon, 14 Aug 2023 07:50:16 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id 556941FD60;
        Mon, 14 Aug 2023 14:50:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1692024615; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=B6QIsNcUwY8iaBQqkPm5CJUyjIlEcOaJL8XUAsTGurs=;
        b=d0ip1fpopDbZZIpEG2n3ugzEJDCgNjtoWycFPUrAgciZqLVQXjz5vH9T/jrLsIVIpoCg0w
        D4JrQl8IX/TT6mKO6w11eu6jZgcP39M/xI2ZdgkATpnKJEFFwNIdLqmRn+Yu61RA5PBVsA
        qSWnEpZ4P+rDioQqbjMVhBdJBGy1Pso=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1692024615;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=B6QIsNcUwY8iaBQqkPm5CJUyjIlEcOaJL8XUAsTGurs=;
        b=EMCLmF8DPJ4gucLOmtGbdPWovgTA592tSqk9udFjlxy6BE/iRLBkhKYf01o3XmDnF04e8h
        qOFz+0n8e9NifWCA==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 01810138EE;
        Mon, 14 Aug 2023 14:50:14 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id AG+pMCY/2mT+BQAAMHmgww
        (envelope-from <krisman@suse.de>); Mon, 14 Aug 2023 14:50:14 +0000
From:   Gabriel Krisman Bertazi <krisman@suse.de>
To:     Eric Biggers <ebiggers@kernel.org>
Cc:     viro@zeniv.linux.org.uk, brauner@kernel.org, tytso@mit.edu,
        jaegeuk@kernel.org, linux-fsdevel@vger.kernel.org,
        linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net,
        Gabriel Krisman Bertazi <krisman@collabora.com>
Subject: Re: [PATCH v5 06/10] libfs: Validate negative dentries in
 case-insensitive directories
In-Reply-To: <20230812024145.GD971@sol.localdomain> (Eric Biggers's message of
        "Fri, 11 Aug 2023 19:41:45 -0700")
Organization: SUSE
References: <20230812004146.30980-1-krisman@suse.de>
        <20230812004146.30980-7-krisman@suse.de>
        <20230812024145.GD971@sol.localdomain>
Date:   Mon, 14 Aug 2023 10:50:13 -0400
Message-ID: <87a5ut7k62.fsf@suse.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
        SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_SHORT autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-ext4.vger.kernel.org>
X-Mailing-List: linux-ext4@vger.kernel.org

Eric Biggers <ebiggers@kernel.org> writes:

> On Fri, Aug 11, 2023 at 08:41:42PM -0400, Gabriel Krisman Bertazi wrote:
>> +	/*
>> +	 * Filesystems will call into d_revalidate without setting
>> +	 * LOOKUP_ flags even for file creation (see lookup_one*
>> +	 * variants).  Reject negative dentries in this case, since we
>> +	 * can't know for sure it won't be used for creation.
>> +	 */
>> +	if (!flags)
>> +		return 0;
>> +
>> +	/*
>> +	 * If the lookup is for creation, then a negative dentry can
>> +	 * only be reused if it's a case-sensitive match, not just a
>> +	 * case-insensitive one.  This is needed to make the new file be
>> +	 * created with the name the user specified, preserving case.
>> +	 */
>> +	if (flags & (LOOKUP_CREATE | LOOKUP_RENAME_TARGET)) {
>> +		/*
>> +		 * ->d_name won't change from under us in the creation
>> +		 * path only, since d_revalidate during creation and
>> +		 * renames is always called with the parent inode
>> +		 * locked.  It isn't the case for all lookup callpaths,
>> +		 * so ->d_name must not be touched outside
>> +		 * (LOOKUP_CREATE|LOOKUP_RENAME_TARGET) context.
>> +		 */
>> +		if (dentry->d_name.len != name->len ||
>> +		    memcmp(dentry->d_name.name, name->name, name->len))
>> +			return 0;
>> +	}
>
> This is still really confusing to me.  Can you consider the below?  The code is
> the same except for the reordering, but the explanation is reworked to be much
> clearer (IMO).  Anything I am misunderstanding?
>
> 	/*
> 	 * If the lookup is for creation, then a negative dentry can only be
> 	 * reused if it's a case-sensitive match, not just a case-insensitive
> 	 * one.  This is needed to make the new file be created with the name
> 	 * the user specified, preserving case.
> 	 *
> 	 * LOOKUP_CREATE or LOOKUP_RENAME_TARGET cover most creations.  In these
> 	 * cases, ->d_name is stable and can be compared to 'name' without
> 	 * taking ->d_lock because the caller holds dir->i_rwsem for write.
> 	 * (This is because the directory lock blocks the dentry from being
> 	 * concurrently instantiated, and negative dentries are never moved.)
> 	 *
> 	 * All other creations actually use flags==0.  These come from the edge
> 	 * case of filesystems calling functions like lookup_one() that do a
> 	 * lookup without setting the lookup flags at all.  Such lookups might
> 	 * or might not be for creation, and if not don't guarantee stable
> 	 * ->d_name.  Therefore, invalidate all negative dentries when flags==0.
> 	 */
> 	if (flags & (LOOKUP_CREATE | LOOKUP_RENAME_TARGET)) {
> 		if (dentry->d_name.len != name->len ||
> 		    memcmp(dentry->d_name.name, name->name, name->len))
> 			return 0;
> 	}
> 	if (!flags)
> 		return 0;

I don't see it as particularly better or less confusing than the
original. but I also don't mind taking it into the next iteration.

-- 
Gabriel Krisman Bertazi