From: Linus Torvalds <torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
To: Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org>
Cc: Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
"Rafael J. Wysocki"
<rafael-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Linux Kernel Mailing List
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-raid-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH 05/24] devtmpfs: open code ksys_chdir and ksys_chroot
Date: Tue, 21 Jul 2020 09:49:17 -0700 [thread overview]
Message-ID: <CAHk-=wi0GQqAq6VSY=O2iWnPuuS54TkyRBH5B9Ca0Kg5A9d2aA@mail.gmail.com> (raw)
In-Reply-To: <20200721162818.197315-6-hch-jcswGhMUV9g@public.gmane.org>
On Tue, Jul 21, 2020 at 9:28 AM Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org> wrote:
>
> +
> + /* traverse into overmounted root and then chroot to it */
> + if (!kern_path("/..", LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path) &&
> + !inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR) &&
> + ns_capable(current_user_ns(), CAP_SYS_CHROOT) &&
> + !security_path_chroot(&path)) {
> + set_fs_pwd(current->fs, &path);
> + set_fs_root(current->fs, &path);
> + }
> + path_put(&path);
This looks wrong.
You're doing "path_put()" even if kern_path() didn't succeed.
As far as I can tell, that will either put some uninitialized garbage
and cause an oops, or put something that has already been released by
the failure path.
Maybe that doesn't happen in practice in this case, but it's still
very very wrong.
Plus you shouldn't have those kinds of insanely complex if-statements
in the first place. That was what caused the bug - trying to be
clever, instead of writing clear code.
I'm not liking how I'm finding fundamental mistakes in patches that
_should_ be trivial conversions with no semantic changes.
Linus
WARNING: multiple messages have this Message-ID (diff)
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-raid@vger.kernel.org,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH 05/24] devtmpfs: open code ksys_chdir and ksys_chroot
Date: Tue, 21 Jul 2020 09:49:17 -0700 [thread overview]
Message-ID: <CAHk-=wi0GQqAq6VSY=O2iWnPuuS54TkyRBH5B9Ca0Kg5A9d2aA@mail.gmail.com> (raw)
In-Reply-To: <20200721162818.197315-6-hch@lst.de>
On Tue, Jul 21, 2020 at 9:28 AM Christoph Hellwig <hch@lst.de> wrote:
>
> +
> + /* traverse into overmounted root and then chroot to it */
> + if (!kern_path("/..", LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path) &&
> + !inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR) &&
> + ns_capable(current_user_ns(), CAP_SYS_CHROOT) &&
> + !security_path_chroot(&path)) {
> + set_fs_pwd(current->fs, &path);
> + set_fs_root(current->fs, &path);
> + }
> + path_put(&path);
This looks wrong.
You're doing "path_put()" even if kern_path() didn't succeed.
As far as I can tell, that will either put some uninitialized garbage
and cause an oops, or put something that has already been released by
the failure path.
Maybe that doesn't happen in practice in this case, but it's still
very very wrong.
Plus you shouldn't have those kinds of insanely complex if-statements
in the first place. That was what caused the bug - trying to be
clever, instead of writing clear code.
I'm not liking how I'm finding fundamental mistakes in patches that
_should_ be trivial conversions with no semantic changes.
Linus
next prev parent reply other threads:[~2020-07-21 16:49 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-21 16:27 add file system helpers that take kernel pointers for the init code v2 Christoph Hellwig
2020-07-21 16:27 ` [PATCH 01/24] fs: refactor do_mount Christoph Hellwig
2020-07-21 16:27 ` [PATCH 02/24] fs: refactor ksys_umount Christoph Hellwig
2020-07-21 16:27 ` [PATCH 03/24] fs: push the getname from do_rmdir into the callers Christoph Hellwig
2020-07-21 16:27 ` [PATCH 04/24] devtmpfs: open code do_mount Christoph Hellwig
2020-07-21 16:27 ` [PATCH 05/24] devtmpfs: open code ksys_chdir and ksys_chroot Christoph Hellwig
[not found] ` <20200721162818.197315-6-hch-jcswGhMUV9g@public.gmane.org>
2020-07-21 16:49 ` Linus Torvalds [this message]
2020-07-21 16:49 ` Linus Torvalds
[not found] ` <CAHk-=wi0GQqAq6VSY=O2iWnPuuS54TkyRBH5B9Ca0Kg5A9d2aA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2020-07-21 17:16 ` Al Viro
2020-07-21 17:16 ` Al Viro
2020-07-21 18:26 ` Christoph Hellwig
2020-07-21 16:28 ` [PATCH 06/24] md: open code vfs_stat in md_setup_drive Christoph Hellwig
[not found] ` <20200721162818.197315-7-hch-jcswGhMUV9g@public.gmane.org>
2020-07-21 16:55 ` Al Viro
2020-07-21 16:55 ` Al Viro
[not found] ` <20200721165539.GT2786714-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2020-07-21 18:27 ` Christoph Hellwig
2020-07-21 18:27 ` Christoph Hellwig
[not found] ` <20200721182701.GB14450-jcswGhMUV9g@public.gmane.org>
2020-07-22 7:44 ` Al Viro
2020-07-22 7:44 ` Al Viro
[not found] ` <20200722074432.GD2786714-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2020-07-22 14:05 ` Christoph Hellwig
2020-07-22 14:05 ` Christoph Hellwig
2020-07-21 16:28 ` [PATCH 07/24] init: initialize ramdisk_execute_command at compile time Christoph Hellwig
2020-07-21 16:28 ` [PATCH 08/24] init: move the prepare_namespace prototype to init/do_mounts.h Christoph Hellwig
2020-07-21 16:28 ` [PATCH 09/24] init: mark create_dev as __init Christoph Hellwig
2020-07-21 16:28 ` [PATCH 10/24] init: open code ksys_umount in handle_initrd Christoph Hellwig
2020-07-21 16:28 ` [PATCH 11/24] init: open code do_utimes in do_utime Christoph Hellwig
[not found] ` <20200721162818.197315-1-hch-jcswGhMUV9g@public.gmane.org>
2020-07-21 16:28 ` [PATCH 12/24] init: add an init_mount helper Christoph Hellwig
2020-07-21 16:28 ` Christoph Hellwig
2020-07-21 16:58 ` Al Viro
2020-07-21 16:28 ` [PATCH 17/24] init: add an init_chown helper Christoph Hellwig
2020-07-21 16:28 ` Christoph Hellwig
2020-07-21 16:28 ` [PATCH 18/24] init: add an init_chmod helper Christoph Hellwig
2020-07-21 16:28 ` Christoph Hellwig
2020-07-21 16:28 ` [PATCH 20/24] init: add an init_link helper Christoph Hellwig
2020-07-21 16:28 ` Christoph Hellwig
2020-07-21 16:28 ` [PATCH 13/24] init: add an init_unlink helper Christoph Hellwig
[not found] ` <20200721162818.197315-14-hch-jcswGhMUV9g@public.gmane.org>
2020-07-21 17:12 ` Al Viro
2020-07-21 17:12 ` Al Viro
2020-07-21 16:28 ` [PATCH 14/24] init: add an init_rmdir helper Christoph Hellwig
2020-07-21 16:28 ` [PATCH 15/24] init: add an init_chdir helper Christoph Hellwig
2020-07-21 16:28 ` [PATCH 16/24] init: add an init_chroot helper Christoph Hellwig
2020-07-21 17:10 ` Al Viro
2020-08-01 18:43 ` kernel test robot
2020-07-21 16:28 ` [PATCH 19/24] init: add an init_eaccess helper Christoph Hellwig
2020-07-21 16:28 ` [PATCH 21/24] init: add an init_symlink helper Christoph Hellwig
2020-07-21 17:00 ` Al Viro
2020-07-21 16:28 ` [PATCH 22/24] init: add an init_mkdir helper Christoph Hellwig
2020-07-21 16:28 ` [PATCH 23/24] init: add an init_mknod helper Christoph Hellwig
2020-07-21 17:02 ` Al Viro
2020-07-21 16:28 ` [PATCH 24/24] init: add an init_lstat helper Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wi0GQqAq6VSY=O2iWnPuuS54TkyRBH5B9Ca0Kg5A9d2aA@mail.gmail.com' \
--to=torvalds-de/tnxtf+jlsfhdxvbkv3wd2fqjk+8+b@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=hch-jcswGhMUV9g@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-raid-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rafael-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.