public inbox for [email protected]
 help / color / mirror / Atom feed
From: Christian Brauner <[email protected]>
To: Dmitry Kadashev <[email protected]>
Cc: Jens Axboe <[email protected]>,
	Alexander Viro <[email protected]>,
	Pavel Begunkov <[email protected]>,
	Christoph Hellwig <[email protected]>,
	[email protected],
	io-uring <[email protected]>
Subject: Re: [PATCH v3 1/2] fs: make do_mkdirat() take struct filename
Date: Thu, 15 Apr 2021 16:09:32 +0200	[thread overview]
Message-ID: <20210415140932.uriiqjx3klzzmluu@wittgenstein> (raw)
In-Reply-To: <CAOKbgA6Tn9uLJCAWOzWfysQDmFWcPBCOT6x47D-q-+_tu9z2Hg@mail.gmail.com>

On Thu, Apr 15, 2021 at 05:41:07PM +0700, Dmitry Kadashev wrote:
> On Thu, Apr 15, 2021 at 5:09 PM Christian Brauner
> <[email protected]> wrote:
> >
> > On Thu, Apr 15, 2021 at 12:08:20PM +0200, Christian Brauner wrote:
> > > Would something like this help?
> 
> Thanks for the reply, Christian!
> 
> But it's not the AT_EMPTY_PATH / LOOKUP_EMPTY part that is tricky, it's
> the fact that do_linkat() allows AT_EMPTY_PATH only if the process has
> CAP_DAC_READ_SEARCH capability. But AT_EMPTY_PATH is processed during
> getname(), so if do_linkat() accepts struct filename* then there is no
> bullet-proof way to force the capability.
> 
> We could do something like this:
> 
> do_linkat(oldfd, getname_uflags(oldname, flags), newfd,
>           getname(newname), flags);
> 
> I.e. call getname_uflags() without checking the capability and rely on
> the fact that do_linkat() will do the checking. But this is fragile if
> somehow someone passes different flags to getname_uflags and do_linkat.
> And there is no way (that I know of) for do_linkat to actually check
> that AT_EMPTY_PATH was not used if it gets struct filename.
> 
> Or am I creating extra problems and the thing above is OK?

Hm, I get your point but if you e.g. look at fs/exec.c we already do
have that problem today:

 SYSCALL_DEFINE5(execveat,
		int, fd, const char __user *, filename,
		const char __user *const __user *, argv,
		const char __user *const __user *, envp,
		int, flags)
{
	int lookup_flags = (flags & AT_EMPTY_PATH) ? LOOKUP_EMPTY : 0;

	return do_execveat(fd,
			   getname_flags(filename, lookup_flags, NULL),
			   argv, envp, flags);
}

The new simple flag helper would simplify things because right now it
pretends that it cares about multiple flags where it actually just cares
about whether or not empty pathnames are allowed and it forces callers
to translate between flags too.

(Note, just my opinion this might get shot to hell.)

Christian

  reply	other threads:[~2021-04-15 14:09 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-30  5:59 [PATCH v3 0/2] io_uring: add mkdirat support Dmitry Kadashev
2021-03-30  5:59 ` [PATCH v3 1/2] fs: make do_mkdirat() take struct filename Dmitry Kadashev
2021-03-30  7:17   ` Christian Brauner
2021-03-31 10:43     ` Dmitry Kadashev
2021-04-08  8:45     ` Dmitry Kadashev
2021-04-15  7:14       ` Dmitry Kadashev
2021-04-15 10:08         ` Christian Brauner
2021-04-15 10:09           ` Christian Brauner
2021-04-15 10:41             ` Dmitry Kadashev
2021-04-15 14:09               ` Christian Brauner [this message]
2021-05-13  7:45                 ` Dmitry Kadashev
2021-05-14 15:11                   ` Christian Brauner
2021-03-30  5:59 ` [PATCH v3 2/2] io_uring: add support for IORING_OP_MKDIRAT Dmitry Kadashev
2021-03-31  1:31   ` Al Viro
2021-03-31 10:38     ` Dmitry Kadashev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210415140932.uriiqjx3klzzmluu@wittgenstein \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox