From: Al Viro <viro@zeniv.linux.org.uk>
To: linux-fsdevel@vger.kernel.org
Cc: torvalds@linux-foundation.org, brauner@kernel.org, jack@suse.cz,
mjguzik@gmail.com, paul@paul-moore.com, axboe@kernel.dk,
audit@vger.kernel.org, io-uring@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v4 10/59] get rid of audit_reusename()
Date: Thu, 8 Jan 2026 07:37:14 +0000 [thread overview]
Message-ID: <20260108073803.425343-11-viro@zeniv.linux.org.uk> (raw)
In-Reply-To: <20260108073803.425343-1-viro@zeniv.linux.org.uk>
Originally we tried to avoid multiple insertions into audit names array
during retry loop by a cute hack - memorize the userland pointer and
if there already is a match, just grab an extra reference to it.
Cute as it had been, it had problems - two identical pointers had
audit aux entries merged, two identical strings did not. Having
different behaviour for syscalls that differ only by addresses of
otherwise identical string arguments is obviously wrong - if nothing
else, compiler can decide to merge identical string literals.
Besides, this hack does nothing for non-audited processes - they get
a fresh copy for retry. It's not time-critical, but having behaviour
subtly differ that way is bogus.
These days we have very few places that import filename more than once
(9 functions total) and it's easy to massage them so we get rid of all
re-imports. With that done, we don't need audit_reusename() anymore.
There's no need to memorize userland pointer either.
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/namei.c | 11 +++--------
include/linux/audit.h | 11 -----------
include/linux/fs.h | 1 -
kernel/auditsc.c | 23 -----------------------
4 files changed, 3 insertions(+), 43 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index bf0f66f0e9b9..f22cfdff72ab 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -125,9 +125,8 @@
#define EMBEDDED_NAME_MAX (PATH_MAX - offsetof(struct filename, iname))
-static inline void initname(struct filename *name, const char __user *uptr)
+static inline void initname(struct filename *name)
{
- name->uptr = uptr;
name->aname = NULL;
atomic_set(&name->refcnt, 1);
}
@@ -139,10 +138,6 @@ getname_flags(const char __user *filename, int flags)
char *kname;
int len;
- result = audit_reusename(filename);
- if (result)
- return result;
-
result = __getname();
if (unlikely(!result))
return ERR_PTR(-ENOMEM);
@@ -210,7 +205,7 @@ getname_flags(const char __user *filename, int flags)
return ERR_PTR(-ENAMETOOLONG);
}
}
- initname(result, filename);
+ initname(result);
audit_getname(result);
return result;
}
@@ -268,7 +263,7 @@ struct filename *getname_kernel(const char * filename)
return ERR_PTR(-ENAMETOOLONG);
}
memcpy((char *)result->name, filename, len);
- initname(result, NULL);
+ initname(result);
audit_getname(result);
return result;
}
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 536f8ee8da81..d936a604d056 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -316,7 +316,6 @@ extern void __audit_uring_exit(int success, long code);
extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1,
unsigned long a2, unsigned long a3);
extern void __audit_syscall_exit(int ret_success, long ret_value);
-extern struct filename *__audit_reusename(const __user char *uptr);
extern void __audit_getname(struct filename *name);
extern void __audit_inode(struct filename *name, const struct dentry *dentry,
unsigned int flags);
@@ -380,12 +379,6 @@ static inline void audit_syscall_exit(void *pt_regs)
__audit_syscall_exit(success, return_code);
}
}
-static inline struct filename *audit_reusename(const __user char *name)
-{
- if (unlikely(!audit_dummy_context()))
- return __audit_reusename(name);
- return NULL;
-}
static inline void audit_getname(struct filename *name)
{
if (unlikely(!audit_dummy_context()))
@@ -624,10 +617,6 @@ static inline struct audit_context *audit_context(void)
{
return NULL;
}
-static inline struct filename *audit_reusename(const __user char *name)
-{
- return NULL;
-}
static inline void audit_getname(struct filename *name)
{ }
static inline void audit_inode(struct filename *name,
diff --git a/include/linux/fs.h b/include/linux/fs.h
index f5c9cf28c4dc..2244c54d3bfa 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2411,7 +2411,6 @@ extern struct kobject *fs_kobj;
struct audit_names;
struct filename {
const char *name; /* pointer to actual string */
- const __user char *uptr; /* original userland pointer */
atomic_t refcnt;
struct audit_names *aname;
const char iname[];
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index dd0563a8e0be..67d8da927381 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2169,29 +2169,6 @@ static struct audit_names *audit_alloc_name(struct audit_context *context,
return aname;
}
-/**
- * __audit_reusename - fill out filename with info from existing entry
- * @uptr: userland ptr to pathname
- *
- * Search the audit_names list for the current audit context. If there is an
- * existing entry with a matching "uptr" then return the filename
- * associated with that audit_name. If not, return NULL.
- */
-struct filename *
-__audit_reusename(const __user char *uptr)
-{
- struct audit_context *context = audit_context();
- struct audit_names *n;
-
- list_for_each_entry(n, &context->names_list, list) {
- if (!n->name)
- continue;
- if (n->name->uptr == uptr)
- return refname(n->name);
- }
- return NULL;
-}
-
/**
* __audit_getname - add a name to the list
* @name: name to add
--
2.47.3
next prev parent reply other threads:[~2026-01-08 7:36 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-08 7:37 [PATCH v4 00/59] struct filename series Al Viro
2026-01-08 7:37 ` [PATCH v4 01/59] do_faccessat(): import pathname only once Al Viro
2026-01-08 7:37 ` [PATCH v4 02/59] do_fchmodat(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 03/59] do_fchownat(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 04/59] do_utimes_path(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 05/59] chdir(2): " Al Viro
2026-01-08 7:37 ` [PATCH v4 06/59] chroot(2): " Al Viro
2026-01-08 7:37 ` [PATCH v4 07/59] user_statfs(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 08/59] do_sys_truncate(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 09/59] do_readlinkat(): " Al Viro
2026-01-08 7:37 ` Al Viro [this message]
2026-01-08 7:37 ` [PATCH v4 11/59] ntfs: ->d_compare() must not block Al Viro
2026-01-08 7:37 ` [PATCH v4 12/59] getname_flags() massage, part 1 Al Viro
2026-01-08 7:37 ` [PATCH v4 13/59] getname_flags() massage, part 2 Al Viro
2026-01-08 7:37 ` [PATCH v4 14/59] struct filename: use names_cachep only for getname() and friends Al Viro
2026-01-08 7:37 ` [PATCH v4 15/59] struct filename: saner handling of long names Al Viro
2026-01-13 15:31 ` Mark Brown
2026-01-13 15:39 ` Al Viro
2026-01-13 17:51 ` Mark Brown
2026-01-13 19:07 ` Al Viro
2026-01-13 19:17 ` Al Viro
2026-01-08 7:37 ` [PATCH v4 16/59] fs: hide names_cache behind runtime const machinery Al Viro
2026-01-08 7:37 ` [PATCH v4 17/59] allow to use CLASS() for struct filename * Al Viro
2026-01-08 7:37 ` [PATCH v4 18/59] switch __getname_maybe_null() to CLASS(filename_flags) Al Viro
2026-01-08 7:37 ` [PATCH v4 19/59] allow incomplete imports of filenames Al Viro
2026-01-08 7:37 ` [PATCH v4 20/59] struct filename ->refcnt doesn't need to be atomic Al Viro
2026-01-08 7:37 ` [PATCH v4 21/59] file_getattr(): filename_lookup() accepts ERR_PTR() as filename Al Viro
2026-01-08 7:37 ` [PATCH v4 22/59] file_setattr(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 23/59] move_mount(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 24/59] ksmbd_vfs_path_lookup(): vfs_path_parent_lookup() accepts ERR_PTR() as name Al Viro
2026-01-08 7:37 ` [PATCH v4 25/59] ksmbd_vfs_rename(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 26/59] do_filp_open(): DTRT when getting ERR_PTR() as pathname Al Viro
2026-01-08 7:37 ` [PATCH v4 27/59] rename do_filp_open() to do_file_open() Al Viro
2026-01-08 7:37 ` [PATCH v4 28/59] do_sys_openat2(): get rid of useless check, switch to CLASS(filename) Al Viro
2026-01-08 7:37 ` [PATCH v4 29/59] simplify the callers of file_open_name() Al Viro
2026-01-08 7:37 ` [PATCH v4 30/59] simplify the callers of do_open_execat() Al Viro
2026-01-08 7:37 ` [PATCH v4 31/59] simplify the callers of alloc_bprm() Al Viro
2026-01-08 7:37 ` [PATCH v4 32/59] switch {alloc,free}_bprm() to CLASS() Al Viro
2026-01-08 7:37 ` [PATCH v4 33/59] file_[gs]etattr(2): switch to CLASS(filename_maybe_null) Al Viro
2026-01-08 7:37 ` [PATCH v4 34/59] mount_setattr(2): don't mess with LOOKUP_EMPTY Al Viro
2026-01-08 7:37 ` [PATCH v4 35/59] do_open_execat(): don't care about LOOKUP_EMPTY Al Viro
2026-01-08 7:37 ` [PATCH v4 36/59] vfs_open_tree(): use CLASS(filename_uflags) Al Viro
2026-01-08 7:37 ` [PATCH v4 37/59] name_to_handle_at(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 38/59] fspick(2): use CLASS(filename_flags) Al Viro
2026-01-08 7:37 ` [PATCH v4 39/59] do_fchownat(): unspaghettify a bit Al Viro
2026-01-08 7:37 ` [PATCH v4 40/59] chdir(2): " Al Viro
2026-01-08 7:37 ` [PATCH v4 41/59] do_utimes_path(): switch to CLASS(filename_uflags) Al Viro
2026-01-08 7:37 ` [PATCH v4 42/59] do_sys_truncate(): switch to CLASS(filename) Al Viro
2026-01-08 7:37 ` [PATCH v4 43/59] do_readlinkat(): switch to CLASS(filename_flags) Al Viro
2026-01-08 7:37 ` [PATCH v4 44/59] do_f{chmod,chown,access}at(): use CLASS(filename_uflags) Al Viro
2026-01-08 7:37 ` [PATCH v4 45/59] do_{renameat2,linkat,symlinkat}(): use CLASS(filename_consume) Al Viro
2026-01-08 7:37 ` [PATCH v4 46/59] do_{mknodat,mkdirat,unlinkat,rmdir}(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 47/59] namei.c: convert getname_kernel() callers to CLASS(filename_kernel) Al Viro
2026-01-08 7:37 ` [PATCH v4 48/59] namei.c: switch user pathname imports to CLASS(filename{,_flags}) Al Viro
2026-01-08 7:37 ` [PATCH v4 49/59] filename_...xattr(): don't consume filename reference Al Viro
2026-01-08 7:37 ` [PATCH v4 50/59] move_mount(2): switch to CLASS(filename_maybe_null) Al Viro
2026-01-08 7:37 ` [PATCH v4 51/59] chroot(2): switch to CLASS(filename) Al Viro
2026-01-08 7:37 ` [PATCH v4 52/59] quotactl_block(): " Al Viro
2026-01-08 7:37 ` [PATCH v4 53/59] statx: switch to CLASS(filename_maybe_null) Al Viro
2026-01-08 7:37 ` [PATCH v4 54/59] user_statfs(): switch to CLASS(filename) Al Viro
2026-01-08 7:37 ` [PATCH v4 55/59] mqueue: " Al Viro
2026-01-08 7:38 ` [PATCH v4 56/59] ksmbd: use CLASS(filename_kernel) Al Viro
2026-01-08 7:38 ` [PATCH v4 57/59] alpha: switch osf_mount() to strndup_user() Al Viro
2026-01-08 7:38 ` [PATCH v4 58/59] sysfs(2): fs_index() argument is _not_ a pathname Al Viro
2026-01-08 7:38 ` [PATCH v4 59/59] switch init_mkdir() to use of do_mkdirat(), etc Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260108073803.425343-11-viro@zeniv.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=audit@vger.kernel.org \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=io-uring@vger.kernel.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjguzik@gmail.com \
--cc=paul@paul-moore.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox