From: Al Viro <viro@ZenIV.linux.org.uk>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: Matthew Wilcox <willy@infradead.org>,
xfs <linux-xfs@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [PATCH] vfs: check ->get_link return value
Date: Tue, 2 Oct 2018 02:54:10 +0100 [thread overview]
Message-ID: <20181002015410.GM32577@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20181002002332.GA6706@magnolia>
On Mon, Oct 01, 2018 at 05:23:32PM -0700, Darrick J. Wong wrote:
> get_link doesn't need the EFSCORRUPTED return; all two of its callers
> handle null pointer returns correctly and they don't return the ->get_link
> return value directly to userspace.
>
> It's just these two functions below whose callers assume they have to
> deal an error pointer or that it's totally safe to dereference it.
No. The only case when ->get_link() has any business returning NULL is
when it has done nd_jump_link(). Those should never come without explicit
->readlink() and they should never be fed to vfs_get_link(), so they are
not a problem; anything else is a filesystem driver bug, plain and simple.
Check for NULL in fs/namei.c:get_link() is *NOT* "defensive programming"
bullshit; there it can legitimately happen (aforementioned procfs-style
symlinks). Note that there it is not an error at all.
Current calling conventions are:
* return ERR_PTR(-E...) on error
* return pointer to symlink body to be traversed on success
* return NULL when ->get_link() instances has jumped to destination
on its own and there's no "symlink body" to be traversed. For such symlinks
we obviously need an explicit ->readlink() (for whatever string we want
readlink(2) to return). These should not be occur on anything NFS-exported
or on overlayfs layers, since neither NFSD nor overlayfs don't know what
to do with such.
What you are proposing is a weird change along the lines of "if you
accidentally return NULL it will be treated as empty body, except when it
occurs on NFS exports or overlayfs layers; in such cases it will be
interpreted as fs corruption. $DEITY help you if real procfs-style
symlink hits one of those, since nd_jump_link() called by those will
oops in such conditions".
As a mitigation strategy it sucks. As part of calling conventions it's
confusing and AFAICS absolutely pointless.
NAK. And I'm really curious - what has lead to that? Because procfs-style
symlink in such conditions would have oopsed before it returned from
->get_link()...
next prev parent reply other threads:[~2018-10-02 8:35 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-01 22:45 [PATCH] vfs: check ->get_link return value Darrick J. Wong
2018-10-01 23:21 ` Dave Chinner
2018-10-01 23:33 ` Darrick J. Wong
2018-10-01 23:53 ` Dave Chinner
2018-10-01 23:52 ` Matthew Wilcox
2018-10-02 0:23 ` Darrick J. Wong
2018-10-02 1:54 ` Al Viro [this message]
2018-10-02 1:31 ` Al Viro
2018-10-02 2:07 ` Darrick J. Wong
2018-10-02 2:47 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181002015410.GM32577@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=darrick.wong@oracle.com \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).