From: Dmitry Kadashev <[email protected]>
To: Jens Axboe <[email protected]>,
Alexander Viro <[email protected]>,
Christian Brauner <[email protected]>
Cc: Pavel Begunkov <[email protected]>,
[email protected], [email protected],
Dmitry Kadashev <[email protected]>
Subject: [PATCH v4 6/6] fs: make do_linkat() take struct filename
Date: Thu, 13 May 2021 18:06:12 +0700 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
Pass in the struct filename pointers instead of the user string, for
uniformity with do_renameat2, do_unlinkat, do_mknodat, etc.
Cc: Al Viro <[email protected]>
Cc: Christian Brauner <[email protected]>
Suggested-by: Christian Brauner <[email protected]>
Link: https://lore.kernel.org/io-uring/20210330071700.kpjoyp5zlni7uejm@wittgenstein/
Signed-off-by: Dmitry Kadashev <[email protected]>
---
Several things concern me about this change:
* Separation of getname_uflags() that uses the AT_EMPTY_PATH flag, and
the capability / permissions check for that AT_EMPTY_PATH flag;
* Ugly new = ERR_PTR(error); to avoid double free;
Feedback / hints on better approaches will be really appreciated.
fs/namei.c | 59 +++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 41 insertions(+), 18 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 010455938826..07b1619dd343 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2447,7 +2447,7 @@ static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path
return err;
}
-int filename_lookup(int dfd, struct filename *name, unsigned flags,
+static int __filename_lookup(int dfd, struct filename *name, unsigned flags,
struct path *path, struct path *root)
{
int retval;
@@ -2469,7 +2469,18 @@ int filename_lookup(int dfd, struct filename *name, unsigned flags,
audit_inode(name, path->dentry,
flags & LOOKUP_MOUNTPOINT ? AUDIT_INODE_NOEVAL : 0);
restore_nameidata();
- putname(name);
+ if (retval)
+ putname(name);
+ return retval;
+}
+
+int filename_lookup(int dfd, struct filename *name, unsigned flags,
+ struct path *path, struct path *root)
+{
+ int retval = __filename_lookup(dfd, name, flags, path, root);
+
+ if (!retval)
+ putname(name);
return retval;
}
@@ -4346,8 +4357,8 @@ EXPORT_SYMBOL(vfs_link);
* with linux 2.0, and to avoid hard-linking to directories
* and other special files. --ADM
*/
-static int do_linkat(int olddfd, const char __user *oldname, int newdfd,
- const char __user *newname, int flags)
+static int do_linkat(int olddfd, struct filename *old, int newdfd,
+ struct filename *new, int flags)
{
struct user_namespace *mnt_userns;
struct dentry *new_dentry;
@@ -4356,31 +4367,36 @@ static int do_linkat(int olddfd, const char __user *oldname, int newdfd,
int how = 0;
int error;
- if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
- return -EINVAL;
+ if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0) {
+ error = -EINVAL;
+ goto out_putnames;
+ }
/*
* To use null names we require CAP_DAC_READ_SEARCH
* This ensures that not everyone will be able to create
* handlink using the passed filedescriptor.
*/
- if (flags & AT_EMPTY_PATH) {
- if (!capable(CAP_DAC_READ_SEARCH))
- return -ENOENT;
- how = LOOKUP_EMPTY;
+ if (flags & AT_EMPTY_PATH && !capable(CAP_DAC_READ_SEARCH)) {
+ error = -ENOENT;
+ goto out_putnames;
}
if (flags & AT_SYMLINK_FOLLOW)
how |= LOOKUP_FOLLOW;
retry:
- error = user_path_at(olddfd, oldname, how, &old_path);
+ error = __filename_lookup(olddfd, old, how, &old_path, NULL);
if (error)
- return error;
+ goto out_putnew;
- new_dentry = user_path_create(newdfd, newname, &new_path,
+ new_dentry = __filename_create(newdfd, new, &new_path,
(how & LOOKUP_REVAL));
error = PTR_ERR(new_dentry);
- if (IS_ERR(new_dentry))
- goto out;
+ if (IS_ERR(new_dentry)) {
+ // On error `new` is freed by __filename_create, prevent extra freeing
+ // below
+ new = ERR_PTR(error);
+ goto out_putpath;
+ }
error = -EXDEV;
if (old_path.mnt != new_path.mnt)
@@ -4408,8 +4424,14 @@ static int do_linkat(int olddfd, const char __user *oldname, int newdfd,
how |= LOOKUP_REVAL;
goto retry;
}
-out:
+out_putpath:
path_put(&old_path);
+out_putnames:
+ if (!IS_ERR(old))
+ putname(old);
+out_putnew:
+ if (!IS_ERR(new))
+ putname(new);
return error;
}
@@ -4417,12 +4439,13 @@ static int do_linkat(int olddfd, const char __user *oldname, int newdfd,
SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
int, newdfd, const char __user *, newname, int, flags)
{
- return do_linkat(olddfd, oldname, newdfd, newname, flags);
+ return do_linkat(olddfd, getname_uflags(oldname, flags),
+ newdfd, getname(newname), flags);
}
SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
{
- return do_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
+ return do_linkat(AT_FDCWD, getname(oldname), AT_FDCWD, getname(newname), 0);
}
/**
--
2.30.2
next prev parent reply other threads:[~2021-05-13 11:08 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-13 11:06 [PATCH v4 0/6] io_uring: add mkdirat support Dmitry Kadashev
2021-05-13 11:06 ` [PATCH v4 1/6] fs: make do_mkdirat() take struct filename Dmitry Kadashev
2021-05-14 14:32 ` Christian Brauner
2021-05-17 9:48 ` Dmitry Kadashev
2021-05-13 11:06 ` [PATCH v4 2/6] io_uring: add support for IORING_OP_MKDIRAT Dmitry Kadashev
2021-05-13 11:06 ` [PATCH v4 3/6] fs: make do_mknodat() take struct filename Dmitry Kadashev
2021-05-13 11:06 ` [PATCH v4 4/6] fs: make do_symlinkat() " Dmitry Kadashev
2021-05-13 11:06 ` [PATCH v4 5/6] namei: add getname_uflags() Dmitry Kadashev
2021-05-14 14:59 ` Christian Brauner
2021-05-13 11:06 ` Dmitry Kadashev [this message]
2021-05-14 14:52 ` [PATCH v4 0/6] io_uring: add mkdirat support Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox