From: Al Viro <viro@zeniv.linux.org.uk>
To: Aleksa Sarai <cyphar@cyphar.com>
Cc: Jeff Layton <jlayton@kernel.org>,
"J. Bruce Fields" <bfields@fieldses.org>,
Arnd Bergmann <arnd@arndb.de>,
David Howells <dhowells@redhat.com>,
Shuah Khan <shuah@kernel.org>,
Shuah Khan <skhan@linuxfoundation.org>,
Andy Lutomirski <luto@kernel.org>,
Christian Brauner <christian@brauner.io>,
Eric Biederman <ebiederm@xmission.com>,
Andrew Morton <akpm@linux-foundation.org>,
Alexei Starovoitov <ast@kernel.org>,
Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
Tycho Andersen <tycho@tycho.ws>,
David Drysdale <drysdale@google.com>,
Chanho Min <chanho.min@lge.com>, Oleg Nesterov <oleg@redhat.com>,
Aleksa Sarai <asarai@suse.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
containers@lists.linux-foundation.org,
linux-alpha@vger.kernel.org
Subject: Re: [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions
Date: Fri, 12 Jul 2019 04:14:54 +0000 [thread overview]
Message-ID: <20190712041454.GG17978@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20190706145737.5299-2-cyphar@cyphar.com>
On Sun, Jul 07, 2019 at 12:57:28AM +1000, Aleksa Sarai wrote:
> @@ -514,7 +516,14 @@ static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
> p->stack = p->internal;
> p->dfd = dfd;
> p->name = name;
> - p->total_link_count = old ? old->total_link_count : 0;
> + p->total_link_count = 0;
> + p->acc_mode = 0;
> + p->opath_mask = FMODE_PATH_READ | FMODE_PATH_WRITE;
> + if (old) {
> + p->total_link_count = old->total_link_count;
> + p->acc_mode = old->acc_mode;
> + p->opath_mask = old->opath_mask;
> + }
Huh? Could somebody explain why traversals of NFS4 referrals should inherit
->acc_mode and ->opath_mask?
> static __always_inline
> -const char *get_link(struct nameidata *nd)
> +const char *get_link(struct nameidata *nd, bool trailing)
> {
> struct saved *last = nd->stack + nd->depth - 1;
> struct dentry *dentry = last->link.dentry;
> @@ -1081,6 +1134,44 @@ const char *get_link(struct nameidata *nd)
> } else {
> res = get(dentry, inode, &last->done);
> }
> + /* If we just jumped it was because of a magic-link. */
> + if (unlikely(nd->flags & LOOKUP_JUMPED)) {
That's not quite guaranteed (it is possible to bind a symlink on top
of a regular file, and you will get LOOKUP_JUMPED on the entry into
trailing_symlink() when looking the result up). Moreover, why bother
with LOOKUP_JUMPED here? See that
nd->last_type = LAST_BIND;
several lines prior? That's precisely to be able to recognize those
suckers.
And _that_ would've avoided another piece of ugliness - your LOOKUP_JUMPED
kludge forces you to handle that cra^Wsclero^Wvaluable security hardening
in get_link(), instead of trailing_symlink() where you apparently want
it to be. Simply because nd_jump_root() done later in get_link() will set
LOOKUP_JUMPED for absolute symlinks, confusing your test.
Moreover, I'm not sure that trailing_symlink() is the right place for
that either - I would be rather tempted to fold do_o_path() into
path_openat(), inline path_lookupat() there (as in
s = path_init(nd, flags);
while (!(error = link_path_walk(s, nd))
&& ((error = lookup_last(nd)) > 0)) {
s = trailing_symlink(nd);
}
if (!error)
error = complete_walk(nd);
if (!error && nd->flags & LOOKUP_DIRECTORY)
if (!d_can_lookup(nd->path.dentry))
error = -ENOTDIR;
if (!error) {
audit_inode(nd->name, nd->path.dentry, 0);
error = vfs_open(&nd->path, file);
}
terminate_walk(nd);
- we don't need LOOKUP_DOWN there) and then we only care about the
two callers of trailing_symlink() that are in path_openat(). Which
is where you have your ->acc_mode and ->opath_mask without the need
to dump them into nameidata. Or to bring that mess into the
things like stat(2) et.al. - it simply doesn't belong there.
In any case, this "bool trailing" is completely wrong; whether that
check belongs in trailing_symlink() or (some of) its callers, putting
it into get_link() is a mistake, forced by kludgy check for procfs-style
symlinks.
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@zeniv.linux.org.uk>
To: Aleksa Sarai <cyphar@cyphar.com>
Cc: Jeff Layton <jlayton@kernel.org>,
"J. Bruce Fields" <bfields@fieldses.org>,
Arnd Bergmann <arnd@arndb.de>,
David Howells <dhowells@redhat.com>,
Shuah Khan <shuah@kernel.org>,
Shuah Khan <skhan@linuxfoundation.org>,
Andy Lutomirski <luto@kernel.org>,
Christian Brauner <christian@brauner.io>,
Eric Biederman <ebiederm@xmission.com>,
Andrew Morton <akpm@linux-foundation.org>,
Alexei Starovoitov <ast@kernel.org>,
Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
Tycho Andersen <tycho@tycho.ws>,
David Drysdale <drysdale@google.com>,
Chanho Min <chanho.min@lge.com>, Oleg Nesterov <oleg@redhat.com>,
Aleksa Sarai <asarai@suse.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
containers@lists.linux-foundation.org,
linux-alpha@vger.kernel.org, linux-api@vger.kernel.org,
linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
linux-fsdevel@vger.kernel.org, linux-ia64@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org,
linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-s390@vger.kernel.org, linux-sh@vger.kernel.org,
linux-xtensa@linux-xtensa.org, sparclinux@vger.kernel.org
Subject: Re: [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions
Date: Fri, 12 Jul 2019 05:14:54 +0100 [thread overview]
Message-ID: <20190712041454.GG17978@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20190706145737.5299-2-cyphar@cyphar.com>
On Sun, Jul 07, 2019 at 12:57:28AM +1000, Aleksa Sarai wrote:
> @@ -514,7 +516,14 @@ static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
> p->stack = p->internal;
> p->dfd = dfd;
> p->name = name;
> - p->total_link_count = old ? old->total_link_count : 0;
> + p->total_link_count = 0;
> + p->acc_mode = 0;
> + p->opath_mask = FMODE_PATH_READ | FMODE_PATH_WRITE;
> + if (old) {
> + p->total_link_count = old->total_link_count;
> + p->acc_mode = old->acc_mode;
> + p->opath_mask = old->opath_mask;
> + }
Huh? Could somebody explain why traversals of NFS4 referrals should inherit
->acc_mode and ->opath_mask?
> static __always_inline
> -const char *get_link(struct nameidata *nd)
> +const char *get_link(struct nameidata *nd, bool trailing)
> {
> struct saved *last = nd->stack + nd->depth - 1;
> struct dentry *dentry = last->link.dentry;
> @@ -1081,6 +1134,44 @@ const char *get_link(struct nameidata *nd)
> } else {
> res = get(dentry, inode, &last->done);
> }
> + /* If we just jumped it was because of a magic-link. */
> + if (unlikely(nd->flags & LOOKUP_JUMPED)) {
That's not quite guaranteed (it is possible to bind a symlink on top
of a regular file, and you will get LOOKUP_JUMPED on the entry into
trailing_symlink() when looking the result up). Moreover, why bother
with LOOKUP_JUMPED here? See that
nd->last_type = LAST_BIND;
several lines prior? That's precisely to be able to recognize those
suckers.
And _that_ would've avoided another piece of ugliness - your LOOKUP_JUMPED
kludge forces you to handle that cra^Wsclero^Wvaluable security hardening
in get_link(), instead of trailing_symlink() where you apparently want
it to be. Simply because nd_jump_root() done later in get_link() will set
LOOKUP_JUMPED for absolute symlinks, confusing your test.
Moreover, I'm not sure that trailing_symlink() is the right place for
that either - I would be rather tempted to fold do_o_path() into
path_openat(), inline path_lookupat() there (as in
s = path_init(nd, flags);
while (!(error = link_path_walk(s, nd))
&& ((error = lookup_last(nd)) > 0)) {
s = trailing_symlink(nd);
}
if (!error)
error = complete_walk(nd);
if (!error && nd->flags & LOOKUP_DIRECTORY)
if (!d_can_lookup(nd->path.dentry))
error = -ENOTDIR;
if (!error) {
audit_inode(nd->name, nd->path.dentry, 0);
error = vfs_open(&nd->path, file);
}
terminate_walk(nd);
- we don't need LOOKUP_DOWN there) and then we only care about the
two callers of trailing_symlink() that are in path_openat(). Which
is where you have your ->acc_mode and ->opath_mask without the need
to dump them into nameidata. Or to bring that mess into the
things like stat(2) et.al. - it simply doesn't belong there.
In any case, this "bool trailing" is completely wrong; whether that
check belongs in trailing_symlink() or (some of) its callers, putting
it into get_link() is a mistake, forced by kludgy check for procfs-style
symlinks.
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@zeniv.linux.org.uk>
To: Aleksa Sarai <cyphar@cyphar.com>
Cc: Jeff Layton <jlayton@kernel.org>,
"J. Bruce Fields" <bfields@fieldses.org>,
Arnd Bergmann <arnd@arndb.de>,
David Howells <dhowells@redhat.com>,
Shuah Khan <shuah@kernel.org>,
Shuah Khan <skhan@linuxfoundation.org>,
Andy Lutomirski <luto@kernel.org>,
Christian Brauner <christian@brauner.io>,
Eric Biederman <ebiederm@xmission.com>,
Andrew Morton <akpm@linux-foundation.org>,
Alexei Starovoitov <ast@kernel.org>,
Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
Tycho Andersen <tycho@tycho.ws>,
David Drysdale <drysdale@google.com>,
Chanho Min <chanho.min@lge.com>, Oleg Nesterov <oleg@redhat.com>,
Aleksa Sarai <asarai@suse.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
containers@lists.linux-foundation.org,
linux-alpha@vger.kernel.org
Subject: Re: [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions
Date: Fri, 12 Jul 2019 05:14:54 +0100 [thread overview]
Message-ID: <20190712041454.GG17978@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20190706145737.5299-2-cyphar@cyphar.com>
On Sun, Jul 07, 2019 at 12:57:28AM +1000, Aleksa Sarai wrote:
> @@ -514,7 +516,14 @@ static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
> p->stack = p->internal;
> p->dfd = dfd;
> p->name = name;
> - p->total_link_count = old ? old->total_link_count : 0;
> + p->total_link_count = 0;
> + p->acc_mode = 0;
> + p->opath_mask = FMODE_PATH_READ | FMODE_PATH_WRITE;
> + if (old) {
> + p->total_link_count = old->total_link_count;
> + p->acc_mode = old->acc_mode;
> + p->opath_mask = old->opath_mask;
> + }
Huh? Could somebody explain why traversals of NFS4 referrals should inherit
->acc_mode and ->opath_mask?
> static __always_inline
> -const char *get_link(struct nameidata *nd)
> +const char *get_link(struct nameidata *nd, bool trailing)
> {
> struct saved *last = nd->stack + nd->depth - 1;
> struct dentry *dentry = last->link.dentry;
> @@ -1081,6 +1134,44 @@ const char *get_link(struct nameidata *nd)
> } else {
> res = get(dentry, inode, &last->done);
> }
> + /* If we just jumped it was because of a magic-link. */
> + if (unlikely(nd->flags & LOOKUP_JUMPED)) {
That's not quite guaranteed (it is possible to bind a symlink on top
of a regular file, and you will get LOOKUP_JUMPED on the entry into
trailing_symlink() when looking the result up). Moreover, why bother
with LOOKUP_JUMPED here? See that
nd->last_type = LAST_BIND;
several lines prior? That's precisely to be able to recognize those
suckers.
And _that_ would've avoided another piece of ugliness - your LOOKUP_JUMPED
kludge forces you to handle that cra^Wsclero^Wvaluable security hardening
in get_link(), instead of trailing_symlink() where you apparently want
it to be. Simply because nd_jump_root() done later in get_link() will set
LOOKUP_JUMPED for absolute symlinks, confusing your test.
Moreover, I'm not sure that trailing_symlink() is the right place for
that either - I would be rather tempted to fold do_o_path() into
path_openat(), inline path_lookupat() there (as in
s = path_init(nd, flags);
while (!(error = link_path_walk(s, nd))
&& ((error = lookup_last(nd)) > 0)) {
s = trailing_symlink(nd);
}
if (!error)
error = complete_walk(nd);
if (!error && nd->flags & LOOKUP_DIRECTORY)
if (!d_can_lookup(nd->path.dentry))
error = -ENOTDIR;
if (!error) {
audit_inode(nd->name, nd->path.dentry, 0);
error = vfs_open(&nd->path, file);
}
terminate_walk(nd);
- we don't need LOOKUP_DOWN there) and then we only care about the
two callers of trailing_symlink() that are in path_openat(). Which
is where you have your ->acc_mode and ->opath_mask without the need
to dump them into nameidata. Or to bring that mess into the
things like stat(2) et.al. - it simply doesn't belong there.
In any case, this "bool trailing" is completely wrong; whether that
check belongs in trailing_symlink() or (some of) its callers, putting
it into get_link() is a mistake, forced by kludgy check for procfs-style
symlinks.
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@zeniv.linux.org.uk>
To: Aleksa Sarai <cyphar@cyphar.com>
Cc: linux-ia64@vger.kernel.org, linux-sh@vger.kernel.org,
Alexei Starovoitov <ast@kernel.org>,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
linux-kselftest@vger.kernel.org, sparclinux@vger.kernel.org,
Shuah Khan <shuah@kernel.org>,
linux-arch@vger.kernel.org, linux-s390@vger.kernel.org,
Tycho Andersen <tycho@tycho.ws>, Aleksa Sarai <asarai@suse.de>,
linux-arm-kernel@lists.infradead.org, linux-mips@vger.kernel.org,
linux-xtensa@linux-xtensa.org, Kees Cook <keescook@chromium.org>,
Arnd Bergmann <arnd@arndb.de>, Jann Horn <jannh@google.com>,
linuxppc-dev@lists.ozlabs.org, linux-m68k@lists.linux-m68k.org,
Andy Lutomirski <luto@kernel.org>,
Shuah Khan <skhan@linuxfoundation.org>,
David Drysdale <drysdale@google.com>,
Christian Brauner <christian@brauner.io>,
"J. Bruce Fields" <bfields@fieldses.org>,
linux-parisc@vger.kernel.org, linux-api@vger.kernel.org,
Chanho Min <chanho.min@lge.com>, Jeff Layton <jlayton@kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
Eric Biederman <ebiederm@xmission.com>,
linux-alpha@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
containers@lists.linux-foundation.org
Subject: Re: [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions
Date: Fri, 12 Jul 2019 05:14:54 +0100 [thread overview]
Message-ID: <20190712041454.GG17978@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20190706145737.5299-2-cyphar@cyphar.com>
On Sun, Jul 07, 2019 at 12:57:28AM +1000, Aleksa Sarai wrote:
> @@ -514,7 +516,14 @@ static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
> p->stack = p->internal;
> p->dfd = dfd;
> p->name = name;
> - p->total_link_count = old ? old->total_link_count : 0;
> + p->total_link_count = 0;
> + p->acc_mode = 0;
> + p->opath_mask = FMODE_PATH_READ | FMODE_PATH_WRITE;
> + if (old) {
> + p->total_link_count = old->total_link_count;
> + p->acc_mode = old->acc_mode;
> + p->opath_mask = old->opath_mask;
> + }
Huh? Could somebody explain why traversals of NFS4 referrals should inherit
->acc_mode and ->opath_mask?
> static __always_inline
> -const char *get_link(struct nameidata *nd)
> +const char *get_link(struct nameidata *nd, bool trailing)
> {
> struct saved *last = nd->stack + nd->depth - 1;
> struct dentry *dentry = last->link.dentry;
> @@ -1081,6 +1134,44 @@ const char *get_link(struct nameidata *nd)
> } else {
> res = get(dentry, inode, &last->done);
> }
> + /* If we just jumped it was because of a magic-link. */
> + if (unlikely(nd->flags & LOOKUP_JUMPED)) {
That's not quite guaranteed (it is possible to bind a symlink on top
of a regular file, and you will get LOOKUP_JUMPED on the entry into
trailing_symlink() when looking the result up). Moreover, why bother
with LOOKUP_JUMPED here? See that
nd->last_type = LAST_BIND;
several lines prior? That's precisely to be able to recognize those
suckers.
And _that_ would've avoided another piece of ugliness - your LOOKUP_JUMPED
kludge forces you to handle that cra^Wsclero^Wvaluable security hardening
in get_link(), instead of trailing_symlink() where you apparently want
it to be. Simply because nd_jump_root() done later in get_link() will set
LOOKUP_JUMPED for absolute symlinks, confusing your test.
Moreover, I'm not sure that trailing_symlink() is the right place for
that either - I would be rather tempted to fold do_o_path() into
path_openat(), inline path_lookupat() there (as in
s = path_init(nd, flags);
while (!(error = link_path_walk(s, nd))
&& ((error = lookup_last(nd)) > 0)) {
s = trailing_symlink(nd);
}
if (!error)
error = complete_walk(nd);
if (!error && nd->flags & LOOKUP_DIRECTORY)
if (!d_can_lookup(nd->path.dentry))
error = -ENOTDIR;
if (!error) {
audit_inode(nd->name, nd->path.dentry, 0);
error = vfs_open(&nd->path, file);
}
terminate_walk(nd);
- we don't need LOOKUP_DOWN there) and then we only care about the
two callers of trailing_symlink() that are in path_openat(). Which
is where you have your ->acc_mode and ->opath_mask without the need
to dump them into nameidata. Or to bring that mess into the
things like stat(2) et.al. - it simply doesn't belong there.
In any case, this "bool trailing" is completely wrong; whether that
check belongs in trailing_symlink() or (some of) its callers, putting
it into get_link() is a mistake, forced by kludgy check for procfs-style
symlinks.
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@zeniv.linux.org.uk>
To: Aleksa Sarai <cyphar@cyphar.com>
Cc: linux-ia64@vger.kernel.org, linux-sh@vger.kernel.org,
Alexei Starovoitov <ast@kernel.org>,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
linux-kselftest@vger.kernel.org, sparclinux@vger.kernel.org,
Shuah Khan <shuah@kernel.org>,
linux-arch@vger.kernel.org, linux-s390@vger.kernel.org,
Tycho Andersen <tycho@tycho.ws>, Aleksa Sarai <asarai@suse.de>,
linux-arm-kernel@lists.infradead.org, linux-mips@vger.kernel.org,
linux-xtensa@linux-xtensa.org, Kees Cook <keescook@chromium.org>,
Arnd Bergmann <arnd@arndb.de>, Jann Horn <jannh@google.com>,
linuxppc-dev@lists.ozlabs.org, linux-m68k@lists.linux-m68k.org,
Andy Lutomirski <luto@kernel.org>,
Shuah Khan <skhan@linuxfoundation.org>,
David Drysdale <drysdale@google.com>,
Christian Brauner <christian@brauner.io>,
"J. Bruce Fields" <bfields@fieldses.org>,
linux-parisc@vger.kernel.org, linux-api@vger.kernel.org,
Chanho Min <chanho.min@lge.com>, Jeff Layton <jlayton@kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
Eric Biederman <ebiederm@xmission.com>,
linux-alpha@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
containers@lists.linux-foundation.org
Subject: Re: [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions
Date: Fri, 12 Jul 2019 05:14:54 +0100 [thread overview]
Message-ID: <20190712041454.GG17978@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20190706145737.5299-2-cyphar@cyphar.com>
On Sun, Jul 07, 2019 at 12:57:28AM +1000, Aleksa Sarai wrote:
> @@ -514,7 +516,14 @@ static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
> p->stack = p->internal;
> p->dfd = dfd;
> p->name = name;
> - p->total_link_count = old ? old->total_link_count : 0;
> + p->total_link_count = 0;
> + p->acc_mode = 0;
> + p->opath_mask = FMODE_PATH_READ | FMODE_PATH_WRITE;
> + if (old) {
> + p->total_link_count = old->total_link_count;
> + p->acc_mode = old->acc_mode;
> + p->opath_mask = old->opath_mask;
> + }
Huh? Could somebody explain why traversals of NFS4 referrals should inherit
->acc_mode and ->opath_mask?
> static __always_inline
> -const char *get_link(struct nameidata *nd)
> +const char *get_link(struct nameidata *nd, bool trailing)
> {
> struct saved *last = nd->stack + nd->depth - 1;
> struct dentry *dentry = last->link.dentry;
> @@ -1081,6 +1134,44 @@ const char *get_link(struct nameidata *nd)
> } else {
> res = get(dentry, inode, &last->done);
> }
> + /* If we just jumped it was because of a magic-link. */
> + if (unlikely(nd->flags & LOOKUP_JUMPED)) {
That's not quite guaranteed (it is possible to bind a symlink on top
of a regular file, and you will get LOOKUP_JUMPED on the entry into
trailing_symlink() when looking the result up). Moreover, why bother
with LOOKUP_JUMPED here? See that
nd->last_type = LAST_BIND;
several lines prior? That's precisely to be able to recognize those
suckers.
And _that_ would've avoided another piece of ugliness - your LOOKUP_JUMPED
kludge forces you to handle that cra^Wsclero^Wvaluable security hardening
in get_link(), instead of trailing_symlink() where you apparently want
it to be. Simply because nd_jump_root() done later in get_link() will set
LOOKUP_JUMPED for absolute symlinks, confusing your test.
Moreover, I'm not sure that trailing_symlink() is the right place for
that either - I would be rather tempted to fold do_o_path() into
path_openat(), inline path_lookupat() there (as in
s = path_init(nd, flags);
while (!(error = link_path_walk(s, nd))
&& ((error = lookup_last(nd)) > 0)) {
s = trailing_symlink(nd);
}
if (!error)
error = complete_walk(nd);
if (!error && nd->flags & LOOKUP_DIRECTORY)
if (!d_can_lookup(nd->path.dentry))
error = -ENOTDIR;
if (!error) {
audit_inode(nd->name, nd->path.dentry, 0);
error = vfs_open(&nd->path, file);
}
terminate_walk(nd);
- we don't need LOOKUP_DOWN there) and then we only care about the
two callers of trailing_symlink() that are in path_openat(). Which
is where you have your ->acc_mode and ->opath_mask without the need
to dump them into nameidata. Or to bring that mess into the
things like stat(2) et.al. - it simply doesn't belong there.
In any case, this "bool trailing" is completely wrong; whether that
check belongs in trailing_symlink() or (some of) its callers, putting
it into get_link() is a mistake, forced by kludgy check for procfs-style
symlinks.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-07-12 4:14 UTC|newest]
Thread overview: 243+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-06 14:57 [PATCH v9 00/10] namei: openat2(2) path resolution restrictions Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-12 4:14 ` Al Viro [this message]
2019-07-12 4:14 ` Al Viro
2019-07-12 4:14 ` Al Viro
2019-07-12 4:14 ` Al Viro
2019-07-12 4:14 ` Al Viro
2019-07-12 6:36 ` Al Viro
2019-07-12 6:36 ` Al Viro
2019-07-12 6:36 ` Al Viro
2019-07-12 6:36 ` Al Viro
2019-07-12 6:36 ` Al Viro
2019-07-12 12:20 ` Aleksa Sarai
2019-07-12 12:20 ` Aleksa Sarai
2019-07-12 12:20 ` Aleksa Sarai
2019-07-12 12:20 ` Aleksa Sarai
2019-07-12 12:20 ` Aleksa Sarai
2019-07-12 12:20 ` Aleksa Sarai
2019-07-12 13:10 ` Al Viro
2019-07-12 13:10 ` Al Viro
2019-07-12 13:10 ` Al Viro
2019-07-12 13:10 ` Al Viro
2019-07-12 13:10 ` Al Viro
2019-07-14 7:11 ` Aleksa Sarai
2019-07-14 7:11 ` Aleksa Sarai
2019-07-14 7:11 ` Aleksa Sarai
2019-07-14 7:11 ` Aleksa Sarai
2019-07-14 7:11 ` Aleksa Sarai
2019-07-06 14:57 ` [PATCH v9 02/10] procfs: switch magic-link modes to be more sane Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` [PATCH v9 03/10] open: O_EMPTYPATH: procfs-less file descriptor re-opening Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` [PATCH v9 04/10] namei: split out nd->dfd handling to dirfd_path_init Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-12 4:20 ` Al Viro
2019-07-12 4:20 ` Al Viro
2019-07-12 4:20 ` Al Viro
2019-07-12 4:20 ` Al Viro
2019-07-12 4:20 ` Al Viro
2019-07-12 12:07 ` Aleksa Sarai
2019-07-12 12:07 ` Aleksa Sarai
2019-07-12 12:07 ` Aleksa Sarai
2019-07-12 12:07 ` Aleksa Sarai
2019-07-12 12:07 ` Aleksa Sarai
2019-07-12 12:12 ` Aleksa Sarai
2019-07-12 12:12 ` Aleksa Sarai
2019-07-12 12:12 ` Aleksa Sarai
2019-07-12 12:12 ` Aleksa Sarai
2019-07-12 12:12 ` Aleksa Sarai
2019-07-12 12:12 ` Aleksa Sarai
2019-07-06 14:57 ` [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-12 4:33 ` Al Viro
2019-07-12 4:33 ` Al Viro
2019-07-12 4:33 ` Al Viro
2019-07-12 4:33 ` Al Viro
2019-07-12 4:33 ` Al Viro
2019-07-12 4:33 ` Al Viro
2019-07-12 10:57 ` Aleksa Sarai
2019-07-12 10:57 ` Aleksa Sarai
2019-07-12 10:57 ` Aleksa Sarai
2019-07-12 10:57 ` Aleksa Sarai
2019-07-12 10:57 ` Aleksa Sarai
2019-07-12 12:39 ` Al Viro
2019-07-12 12:39 ` Al Viro
2019-07-12 12:39 ` Al Viro
2019-07-12 12:39 ` Al Viro
2019-07-12 12:39 ` Al Viro
2019-07-12 12:39 ` Al Viro
2019-07-12 12:55 ` Al Viro
2019-07-12 12:55 ` Al Viro
2019-07-12 12:55 ` Al Viro
2019-07-12 12:55 ` Al Viro
2019-07-12 12:55 ` Al Viro
2019-07-12 13:25 ` Al Viro
2019-07-12 13:25 ` Al Viro
2019-07-12 13:25 ` Al Viro
2019-07-12 13:25 ` Al Viro
2019-07-12 13:25 ` Al Viro
2019-07-12 13:25 ` Al Viro
2019-07-12 15:00 ` Al Viro
2019-07-12 15:00 ` Al Viro
2019-07-12 15:00 ` Al Viro
2019-07-12 15:00 ` Al Viro
2019-07-12 15:00 ` Al Viro
2019-07-13 2:41 ` Al Viro
2019-07-13 2:41 ` Al Viro
2019-07-13 2:41 ` Al Viro
2019-07-13 2:41 ` Al Viro
2019-07-13 2:41 ` Al Viro
2019-07-14 3:58 ` Al Viro
2019-07-14 3:58 ` Al Viro
2019-07-14 3:58 ` Al Viro
2019-07-14 3:58 ` Al Viro
2019-07-14 3:58 ` Al Viro
2019-07-16 8:03 ` Aleksa Sarai
2019-07-16 8:03 ` Aleksa Sarai
2019-07-16 8:03 ` Aleksa Sarai
2019-07-16 8:03 ` Aleksa Sarai
2019-07-16 8:03 ` Aleksa Sarai
2019-07-14 7:00 ` Aleksa Sarai
2019-07-14 7:00 ` Aleksa Sarai
2019-07-14 7:00 ` Aleksa Sarai
2019-07-14 7:00 ` Aleksa Sarai
2019-07-14 7:00 ` Aleksa Sarai
2019-07-14 14:36 ` Al Viro
2019-07-14 14:36 ` Al Viro
2019-07-14 14:36 ` Al Viro
2019-07-14 14:36 ` Al Viro
2019-07-14 14:36 ` Al Viro
2019-07-18 3:17 ` Aleksa Sarai
2019-07-18 3:17 ` Aleksa Sarai
2019-07-18 3:17 ` Aleksa Sarai
2019-07-18 3:17 ` Aleksa Sarai
2019-07-18 3:17 ` Aleksa Sarai
2019-07-14 10:31 ` Aleksa Sarai
2019-07-14 10:31 ` Aleksa Sarai
2019-07-14 10:31 ` Aleksa Sarai
2019-07-14 10:31 ` Aleksa Sarai
2019-07-14 10:31 ` Aleksa Sarai
2019-07-06 14:57 ` [PATCH v9 06/10] namei: LOOKUP_IN_ROOT: chroot-like path resolution Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` [PATCH v9 07/10] namei: aggressively check for nd->root escape on ".." resolution Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` [PATCH v9 08/10] open: openat2(2) syscall Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-18 14:48 ` Rasmus Villemoes
2019-07-18 14:48 ` Rasmus Villemoes
2019-07-18 14:48 ` Rasmus Villemoes
2019-07-18 14:48 ` Rasmus Villemoes
2019-07-18 14:48 ` Rasmus Villemoes
2019-07-18 15:21 ` Aleksa Sarai
2019-07-18 15:21 ` Aleksa Sarai
2019-07-18 15:21 ` Aleksa Sarai
2019-07-18 15:21 ` Aleksa Sarai
2019-07-18 15:21 ` Aleksa Sarai
2019-07-18 15:10 ` Arnd Bergmann
2019-07-18 15:10 ` Arnd Bergmann
2019-07-18 15:10 ` Arnd Bergmann
2019-07-18 15:10 ` Arnd Bergmann
2019-07-18 15:10 ` Arnd Bergmann
2019-07-18 15:10 ` Arnd Bergmann
2019-07-18 16:12 ` Aleksa Sarai
2019-07-18 16:12 ` Aleksa Sarai
2019-07-18 16:12 ` Aleksa Sarai
2019-07-18 16:12 ` Aleksa Sarai
2019-07-18 16:12 ` Aleksa Sarai
2019-07-18 16:12 ` Aleksa Sarai
2019-07-18 21:29 ` Arnd Bergmann
2019-07-18 21:29 ` Arnd Bergmann
2019-07-18 21:29 ` Arnd Bergmann
2019-07-18 21:29 ` Arnd Bergmann
2019-07-18 21:29 ` Arnd Bergmann
2019-07-18 21:29 ` Arnd Bergmann
2019-07-19 2:12 ` Dmitry V. Levin
2019-07-19 2:12 ` Dmitry V. Levin
2019-07-19 2:12 ` Dmitry V. Levin
2019-07-19 2:12 ` Dmitry V. Levin
2019-07-19 2:12 ` Dmitry V. Levin
2019-07-19 2:12 ` Dmitry V. Levin
2019-07-19 2:12 ` Dmitry V. Levin
2019-07-19 10:29 ` Christian Brauner
2019-07-19 10:29 ` Christian Brauner
2019-07-19 10:29 ` Christian Brauner
2019-07-19 10:29 ` Christian Brauner
2019-07-19 10:29 ` Christian Brauner
2019-07-19 10:29 ` Christian Brauner
2019-07-19 1:59 ` Dmitry V. Levin
2019-07-19 1:59 ` Dmitry V. Levin
2019-07-19 1:59 ` Dmitry V. Levin
2019-07-19 1:59 ` Dmitry V. Levin
2019-07-19 1:59 ` Dmitry V. Levin
2019-07-19 2:19 ` Aleksa Sarai
2019-07-19 2:19 ` Aleksa Sarai
2019-07-19 2:19 ` Aleksa Sarai
2019-07-19 2:19 ` Aleksa Sarai
2019-07-19 2:19 ` Aleksa Sarai
2019-07-06 14:57 ` [PATCH v9 09/10] kselftest: save-and-restore errno to allow for %m formatting Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` [PATCH v9 10/10] selftests: add openat2(2) selftests Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-06 14:57 ` Aleksa Sarai
2019-07-08 1:15 ` Michael Ellerman
2019-07-08 1:15 ` Michael Ellerman
2019-07-08 1:15 ` Michael Ellerman
2019-07-08 1:15 ` Michael Ellerman
2019-07-08 1:15 ` Michael Ellerman
2019-07-08 1:15 ` Michael Ellerman
2019-07-08 1:15 ` Michael Ellerman
2019-07-08 5:47 ` Aleksa Sarai
2019-07-08 5:47 ` Aleksa Sarai
2019-07-08 5:47 ` Aleksa Sarai
2019-07-08 5:47 ` Aleksa Sarai
2019-07-08 5:47 ` Aleksa Sarai
2019-07-12 15:11 ` [PATCH v9 00/10] namei: openat2(2) path resolution restrictions Al Viro
2019-07-12 15:11 ` Al Viro
2019-07-12 15:11 ` Al Viro
2019-07-12 15:11 ` Al Viro
2019-07-12 15:11 ` Al Viro
2019-07-12 15:32 ` Aleksa Sarai
2019-07-12 15:32 ` Aleksa Sarai
2019-07-12 15:32 ` Aleksa Sarai
2019-07-12 15:32 ` Aleksa Sarai
2019-07-12 15:32 ` Aleksa Sarai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190712041454.GG17978@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=asarai@suse.de \
--cc=ast@kernel.org \
--cc=bfields@fieldses.org \
--cc=chanho.min@lge.com \
--cc=christian@brauner.io \
--cc=containers@lists.linux-foundation.org \
--cc=cyphar@cyphar.com \
--cc=dhowells@redhat.com \
--cc=drysdale@google.com \
--cc=ebiederm@xmission.com \
--cc=jannh@google.com \
--cc=jlayton@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-alpha@vger.kernel.org \
--cc=luto@kernel.org \
--cc=oleg@redhat.com \
--cc=shuah@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=torvalds@linux-foundation.org \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.