From: Al Viro <viro@zeniv.linux.org.uk>
To: linux-fsdevel@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
Mateusz Guzik <mjguzik@gmail.com>,
Paul Moore <paul@paul-moore.com>, Jens Axboe <axboe@kernel.dk>,
audit@vger.kernel.org, io-uring@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v5 23/68] allow incomplete imports of filenames
Date: Wed, 14 Jan 2026 04:32:25 +0000 [thread overview]
Message-ID: <20260114043310.3885463-24-viro@zeniv.linux.org.uk> (raw)
In-Reply-To: <20260114043310.3885463-1-viro@zeniv.linux.org.uk>
There are two filename-related problems in io_uring and its
interplay with audit.
Filenames are imported when request is submitted and used when
it is processed. Unfortunately, the latter may very well
happen in a different thread. In that case the reference to
filename is put into the wrong audit_context - that of submitting
thread, not the processing one. Audit logics is called by
the latter, and it really wants to be able to find the names
in audit_context current (== processing) thread.
Another related problem is the headache with refcounts -
normally all references to given struct filename are visible
only to one thread (the one that uses that struct filename).
io_uring violates that - an extra reference is stashed in
audit_context of submitter. It gets dropped when submitter
returns to userland, which can happen simultaneously with
processing thread deciding to drop the reference it got.
We paper over that by making refcount atomic, but that means
pointless headache for everyone.
Solution: the notion of partially imported filenames. Namely,
already copied from userland, but *not* exposed to audit yet.
io_uring can create that in submitter thread, and complete the
import (obtaining the usual reference to struct filename) in
processing thread.
Object: struct delayed_filename.
Primitives for working with it:
delayed_getname(&delayed_filename, user_string) - copies the name from
userland, returning 0 and stashing the address of (still incomplete)
struct filename in delayed_filename on success and returning -E... on
error.
delayed_getname_uflags(&delayed_filename, user_string, atflags) -
similar, in the same relation to delayed_getname() as getname_uflags()
is to getname()
complete_getname(&delayed_filename) - completes the import of filename
stashed in delayed_filename and returns struct filename to caller,
emptying delayed_filename.
CLASS(filename_complete_delayed, name)(&delayed_filename) - variant of
CLASS(filename) with complete_getname() for constructor.
dismiss_delayed_filename(&delayed_filename) - destructor; drops whatever
might be stashed in delayed_filename, emptying it.
putname_to_delayed(&delayed_filename, name) - if name is shared, stashes
its copy into delayed_filename and drops the reference to name, otherwise
stashes the name itself in there.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/namei.c | 66 +++++++++++++++++++++++++---
include/linux/fs.h | 12 +++++
io_uring/fs.c | 101 +++++++++++++++++++++++--------------------
io_uring/openclose.c | 26 +++++------
io_uring/statx.c | 17 +++-----
io_uring/xattr.c | 30 +++++--------
6 files changed, 157 insertions(+), 95 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index f1a2161bd691..b76cc43fe89d 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -172,8 +172,8 @@ static int getname_long(struct filename *name, const char __user *filename)
return 0;
}
-struct filename *
-getname_flags(const char __user *filename, int flags)
+static struct filename *
+do_getname(const char __user *filename, int flags, bool incomplete)
{
struct filename *result;
char *kname;
@@ -214,10 +214,17 @@ getname_flags(const char __user *filename, int flags)
}
initname(result);
- audit_getname(result);
+ if (likely(!incomplete))
+ audit_getname(result);
return result;
}
+struct filename *
+getname_flags(const char __user *filename, int flags)
+{
+ return do_getname(filename, flags, false);
+}
+
struct filename *getname_uflags(const char __user *filename, int uflags)
{
int flags = (uflags & AT_EMPTY_PATH) ? LOOKUP_EMPTY : 0;
@@ -242,7 +249,7 @@ struct filename *__getname_maybe_null(const char __user *pathname)
return no_free_ptr(name);
}
-struct filename *getname_kernel(const char * filename)
+static struct filename *do_getname_kernel(const char *filename, bool incomplete)
{
struct filename *result;
int len = strlen(filename) + 1;
@@ -267,9 +274,15 @@ struct filename *getname_kernel(const char * filename)
}
result->name = p;
initname(result);
- audit_getname(result);
+ if (likely(!incomplete))
+ audit_getname(result);
return result;
}
+
+struct filename *getname_kernel(const char *filename)
+{
+ return do_getname_kernel(filename, false);
+}
EXPORT_SYMBOL(getname_kernel);
void putname(struct filename *name)
@@ -294,6 +307,49 @@ void putname(struct filename *name)
}
EXPORT_SYMBOL(putname);
+static inline int __delayed_getname(struct delayed_filename *v,
+ const char __user *string, int flags)
+{
+ v->__incomplete_filename = do_getname(string, flags, true);
+ return PTR_ERR_OR_ZERO(v->__incomplete_filename);
+}
+
+int delayed_getname(struct delayed_filename *v, const char __user *string)
+{
+ return __delayed_getname(v, string, 0);
+}
+
+int delayed_getname_uflags(struct delayed_filename *v, const char __user *string,
+ int uflags)
+{
+ int flags = (uflags & AT_EMPTY_PATH) ? LOOKUP_EMPTY : 0;
+ return __delayed_getname(v, string, flags);
+}
+
+int putname_to_delayed(struct delayed_filename *v, struct filename *name)
+{
+ if (likely(atomic_read(&name->refcnt) == 1)) {
+ v->__incomplete_filename = name;
+ return 0;
+ }
+ v->__incomplete_filename = do_getname_kernel(name->name, true);
+ putname(name);
+ return PTR_ERR_OR_ZERO(v->__incomplete_filename);
+}
+
+void dismiss_delayed_filename(struct delayed_filename *v)
+{
+ putname(no_free_ptr(v->__incomplete_filename));
+}
+
+struct filename *complete_getname(struct delayed_filename *v)
+{
+ struct filename *res = no_free_ptr(v->__incomplete_filename);
+ if (!IS_ERR(res))
+ audit_getname(res);
+ return res;
+}
+
/**
* check_acl - perform ACL permission checking
* @idmap: idmap of the mount the inode was found from
diff --git a/include/linux/fs.h b/include/linux/fs.h
index f0f1e8034539..f1612a7dffd0 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2516,6 +2516,17 @@ static inline struct filename *getname_maybe_null(const char __user *name, int f
extern void putname(struct filename *name);
DEFINE_FREE(putname, struct filename *, if (!IS_ERR_OR_NULL(_T)) putname(_T))
+struct delayed_filename {
+ struct filename *__incomplete_filename; // don't touch
+};
+#define INIT_DELAYED_FILENAME(ptr) \
+ ((void)(*(ptr) = (struct delayed_filename){}))
+int delayed_getname(struct delayed_filename *, const char __user *);
+int delayed_getname_uflags(struct delayed_filename *v, const char __user *, int);
+void dismiss_delayed_filename(struct delayed_filename *);
+int putname_to_delayed(struct delayed_filename *, struct filename *);
+struct filename *complete_getname(struct delayed_filename *);
+
static inline struct filename *refname(struct filename *name)
{
atomic_inc(&name->refcnt);
@@ -2527,6 +2538,7 @@ EXTEND_CLASS(filename, _kernel, getname_kernel(p), const char *p)
EXTEND_CLASS(filename, _flags, getname_flags(p, f), const char __user *p, unsigned int f)
EXTEND_CLASS(filename, _uflags, getname_uflags(p, f), const char __user *p, unsigned int f)
EXTEND_CLASS(filename, _maybe_null, getname_maybe_null(p, f), const char __user *p, unsigned int f)
+EXTEND_CLASS(filename, _complete_delayed, complete_getname(p), struct delayed_filename *p)
extern int finish_open(struct file *file, struct dentry *dentry,
int (*open)(struct inode *, struct file *));
diff --git a/io_uring/fs.c b/io_uring/fs.c
index 37079a414eab..c04c6282210a 100644
--- a/io_uring/fs.c
+++ b/io_uring/fs.c
@@ -19,8 +19,8 @@ struct io_rename {
struct file *file;
int old_dfd;
int new_dfd;
- struct filename *oldpath;
- struct filename *newpath;
+ struct delayed_filename oldpath;
+ struct delayed_filename newpath;
int flags;
};
@@ -28,22 +28,22 @@ struct io_unlink {
struct file *file;
int dfd;
int flags;
- struct filename *filename;
+ struct delayed_filename filename;
};
struct io_mkdir {
struct file *file;
int dfd;
umode_t mode;
- struct filename *filename;
+ struct delayed_filename filename;
};
struct io_link {
struct file *file;
int old_dfd;
int new_dfd;
- struct filename *oldpath;
- struct filename *newpath;
+ struct delayed_filename oldpath;
+ struct delayed_filename newpath;
int flags;
};
@@ -51,6 +51,7 @@ int io_renameat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
struct io_rename *ren = io_kiocb_to_cmd(req, struct io_rename);
const char __user *oldf, *newf;
+ int err;
if (sqe->buf_index || sqe->splice_fd_in)
return -EINVAL;
@@ -63,14 +64,14 @@ int io_renameat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
ren->new_dfd = READ_ONCE(sqe->len);
ren->flags = READ_ONCE(sqe->rename_flags);
- ren->oldpath = getname(oldf);
- if (IS_ERR(ren->oldpath))
- return PTR_ERR(ren->oldpath);
+ err = delayed_getname(&ren->oldpath, oldf);
+ if (unlikely(err))
+ return err;
- ren->newpath = getname(newf);
- if (IS_ERR(ren->newpath)) {
- putname(ren->oldpath);
- return PTR_ERR(ren->newpath);
+ err = delayed_getname(&ren->newpath, newf);
+ if (unlikely(err)) {
+ dismiss_delayed_filename(&ren->oldpath);
+ return err;
}
req->flags |= REQ_F_NEED_CLEANUP;
@@ -85,8 +86,9 @@ int io_renameat(struct io_kiocb *req, unsigned int issue_flags)
WARN_ON_ONCE(issue_flags & IO_URING_F_NONBLOCK);
- ret = do_renameat2(ren->old_dfd, ren->oldpath, ren->new_dfd,
- ren->newpath, ren->flags);
+ ret = do_renameat2(ren->old_dfd, complete_getname(&ren->oldpath),
+ ren->new_dfd, complete_getname(&ren->newpath),
+ ren->flags);
req->flags &= ~REQ_F_NEED_CLEANUP;
io_req_set_res(req, ret, 0);
@@ -97,14 +99,15 @@ void io_renameat_cleanup(struct io_kiocb *req)
{
struct io_rename *ren = io_kiocb_to_cmd(req, struct io_rename);
- putname(ren->oldpath);
- putname(ren->newpath);
+ dismiss_delayed_filename(&ren->oldpath);
+ dismiss_delayed_filename(&ren->newpath);
}
int io_unlinkat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
struct io_unlink *un = io_kiocb_to_cmd(req, struct io_unlink);
const char __user *fname;
+ int err;
if (sqe->off || sqe->len || sqe->buf_index || sqe->splice_fd_in)
return -EINVAL;
@@ -118,9 +121,9 @@ int io_unlinkat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
return -EINVAL;
fname = u64_to_user_ptr(READ_ONCE(sqe->addr));
- un->filename = getname(fname);
- if (IS_ERR(un->filename))
- return PTR_ERR(un->filename);
+ err = delayed_getname(&un->filename, fname);
+ if (unlikely(err))
+ return err;
req->flags |= REQ_F_NEED_CLEANUP;
req->flags |= REQ_F_FORCE_ASYNC;
@@ -135,9 +138,9 @@ int io_unlinkat(struct io_kiocb *req, unsigned int issue_flags)
WARN_ON_ONCE(issue_flags & IO_URING_F_NONBLOCK);
if (un->flags & AT_REMOVEDIR)
- ret = do_rmdir(un->dfd, un->filename);
+ ret = do_rmdir(un->dfd, complete_getname(&un->filename));
else
- ret = do_unlinkat(un->dfd, un->filename);
+ ret = do_unlinkat(un->dfd, complete_getname(&un->filename));
req->flags &= ~REQ_F_NEED_CLEANUP;
io_req_set_res(req, ret, 0);
@@ -148,13 +151,14 @@ void io_unlinkat_cleanup(struct io_kiocb *req)
{
struct io_unlink *ul = io_kiocb_to_cmd(req, struct io_unlink);
- putname(ul->filename);
+ dismiss_delayed_filename(&ul->filename);
}
int io_mkdirat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
struct io_mkdir *mkd = io_kiocb_to_cmd(req, struct io_mkdir);
const char __user *fname;
+ int err;
if (sqe->off || sqe->rw_flags || sqe->buf_index || sqe->splice_fd_in)
return -EINVAL;
@@ -165,9 +169,9 @@ int io_mkdirat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
mkd->mode = READ_ONCE(sqe->len);
fname = u64_to_user_ptr(READ_ONCE(sqe->addr));
- mkd->filename = getname(fname);
- if (IS_ERR(mkd->filename))
- return PTR_ERR(mkd->filename);
+ err = delayed_getname(&mkd->filename, fname);
+ if (unlikely(err))
+ return err;
req->flags |= REQ_F_NEED_CLEANUP;
req->flags |= REQ_F_FORCE_ASYNC;
@@ -181,7 +185,7 @@ int io_mkdirat(struct io_kiocb *req, unsigned int issue_flags)
WARN_ON_ONCE(issue_flags & IO_URING_F_NONBLOCK);
- ret = do_mkdirat(mkd->dfd, mkd->filename, mkd->mode);
+ ret = do_mkdirat(mkd->dfd, complete_getname(&mkd->filename), mkd->mode);
req->flags &= ~REQ_F_NEED_CLEANUP;
io_req_set_res(req, ret, 0);
@@ -192,13 +196,14 @@ void io_mkdirat_cleanup(struct io_kiocb *req)
{
struct io_mkdir *md = io_kiocb_to_cmd(req, struct io_mkdir);
- putname(md->filename);
+ dismiss_delayed_filename(&md->filename);
}
int io_symlinkat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
struct io_link *sl = io_kiocb_to_cmd(req, struct io_link);
const char __user *oldpath, *newpath;
+ int err;
if (sqe->len || sqe->rw_flags || sqe->buf_index || sqe->splice_fd_in)
return -EINVAL;
@@ -209,14 +214,14 @@ int io_symlinkat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
oldpath = u64_to_user_ptr(READ_ONCE(sqe->addr));
newpath = u64_to_user_ptr(READ_ONCE(sqe->addr2));
- sl->oldpath = getname(oldpath);
- if (IS_ERR(sl->oldpath))
- return PTR_ERR(sl->oldpath);
+ err = delayed_getname(&sl->oldpath, oldpath);
+ if (unlikely(err))
+ return err;
- sl->newpath = getname(newpath);
- if (IS_ERR(sl->newpath)) {
- putname(sl->oldpath);
- return PTR_ERR(sl->newpath);
+ err = delayed_getname(&sl->newpath, newpath);
+ if (unlikely(err)) {
+ dismiss_delayed_filename(&sl->oldpath);
+ return err;
}
req->flags |= REQ_F_NEED_CLEANUP;
@@ -231,7 +236,8 @@ int io_symlinkat(struct io_kiocb *req, unsigned int issue_flags)
WARN_ON_ONCE(issue_flags & IO_URING_F_NONBLOCK);
- ret = do_symlinkat(sl->oldpath, sl->new_dfd, sl->newpath);
+ ret = do_symlinkat(complete_getname(&sl->oldpath), sl->new_dfd,
+ complete_getname(&sl->newpath));
req->flags &= ~REQ_F_NEED_CLEANUP;
io_req_set_res(req, ret, 0);
@@ -242,6 +248,7 @@ int io_linkat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
struct io_link *lnk = io_kiocb_to_cmd(req, struct io_link);
const char __user *oldf, *newf;
+ int err;
if (sqe->buf_index || sqe->splice_fd_in)
return -EINVAL;
@@ -254,14 +261,14 @@ int io_linkat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
newf = u64_to_user_ptr(READ_ONCE(sqe->addr2));
lnk->flags = READ_ONCE(sqe->hardlink_flags);
- lnk->oldpath = getname_uflags(oldf, lnk->flags);
- if (IS_ERR(lnk->oldpath))
- return PTR_ERR(lnk->oldpath);
+ err = delayed_getname_uflags(&lnk->oldpath, oldf, lnk->flags);
+ if (unlikely(err))
+ return err;
- lnk->newpath = getname(newf);
- if (IS_ERR(lnk->newpath)) {
- putname(lnk->oldpath);
- return PTR_ERR(lnk->newpath);
+ err = delayed_getname(&lnk->newpath, newf);
+ if (unlikely(err)) {
+ dismiss_delayed_filename(&lnk->oldpath);
+ return err;
}
req->flags |= REQ_F_NEED_CLEANUP;
@@ -276,8 +283,8 @@ int io_linkat(struct io_kiocb *req, unsigned int issue_flags)
WARN_ON_ONCE(issue_flags & IO_URING_F_NONBLOCK);
- ret = do_linkat(lnk->old_dfd, lnk->oldpath, lnk->new_dfd,
- lnk->newpath, lnk->flags);
+ ret = do_linkat(lnk->old_dfd, complete_getname(&lnk->oldpath),
+ lnk->new_dfd, complete_getname(&lnk->newpath), lnk->flags);
req->flags &= ~REQ_F_NEED_CLEANUP;
io_req_set_res(req, ret, 0);
@@ -288,6 +295,6 @@ void io_link_cleanup(struct io_kiocb *req)
{
struct io_link *sl = io_kiocb_to_cmd(req, struct io_link);
- putname(sl->oldpath);
- putname(sl->newpath);
+ dismiss_delayed_filename(&sl->oldpath);
+ dismiss_delayed_filename(&sl->newpath);
}
diff --git a/io_uring/openclose.c b/io_uring/openclose.c
index 15dde9bd6ff6..aa3acb06247f 100644
--- a/io_uring/openclose.c
+++ b/io_uring/openclose.c
@@ -23,7 +23,7 @@ struct io_open {
struct file *file;
int dfd;
u32 file_slot;
- struct filename *filename;
+ struct delayed_filename filename;
struct open_how how;
unsigned long nofile;
};
@@ -67,12 +67,9 @@ static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe
open->dfd = READ_ONCE(sqe->fd);
fname = u64_to_user_ptr(READ_ONCE(sqe->addr));
- open->filename = getname(fname);
- if (IS_ERR(open->filename)) {
- ret = PTR_ERR(open->filename);
- open->filename = NULL;
+ ret = delayed_getname(&open->filename, fname);
+ if (unlikely(ret))
return ret;
- }
req->flags |= REQ_F_NEED_CLEANUP;
open->file_slot = READ_ONCE(sqe->file_index);
@@ -121,6 +118,7 @@ int io_openat2(struct io_kiocb *req, unsigned int issue_flags)
struct file *file;
bool resolve_nonblock, nonblock_set;
bool fixed = !!open->file_slot;
+ CLASS(filename_complete_delayed, name)(&open->filename);
int ret;
ret = build_open_flags(&open->how, &op);
@@ -140,7 +138,7 @@ int io_openat2(struct io_kiocb *req, unsigned int issue_flags)
goto err;
}
- file = do_filp_open(open->dfd, open->filename, &op);
+ file = do_filp_open(open->dfd, name, &op);
if (IS_ERR(file)) {
/*
* We could hang on to this 'fd' on retrying, but seems like
@@ -152,9 +150,13 @@ int io_openat2(struct io_kiocb *req, unsigned int issue_flags)
ret = PTR_ERR(file);
/* only retry if RESOLVE_CACHED wasn't already set by application */
- if (ret == -EAGAIN &&
- (!resolve_nonblock && (issue_flags & IO_URING_F_NONBLOCK)))
- return -EAGAIN;
+ if (ret == -EAGAIN && !resolve_nonblock &&
+ (issue_flags & IO_URING_F_NONBLOCK)) {
+ ret = putname_to_delayed(&open->filename,
+ no_free_ptr(name));
+ if (likely(!ret))
+ return -EAGAIN;
+ }
goto err;
}
@@ -167,7 +169,6 @@ int io_openat2(struct io_kiocb *req, unsigned int issue_flags)
ret = io_fixed_fd_install(req, issue_flags, file,
open->file_slot);
err:
- putname(open->filename);
req->flags &= ~REQ_F_NEED_CLEANUP;
if (ret < 0)
req_set_fail(req);
@@ -184,8 +185,7 @@ void io_open_cleanup(struct io_kiocb *req)
{
struct io_open *open = io_kiocb_to_cmd(req, struct io_open);
- if (open->filename)
- putname(open->filename);
+ dismiss_delayed_filename(&open->filename);
}
int __io_close_fixed(struct io_ring_ctx *ctx, unsigned int issue_flags,
diff --git a/io_uring/statx.c b/io_uring/statx.c
index 5111e9befbfe..7bcae4a6c4a3 100644
--- a/io_uring/statx.c
+++ b/io_uring/statx.c
@@ -16,7 +16,7 @@ struct io_statx {
int dfd;
unsigned int mask;
unsigned int flags;
- struct filename *filename;
+ struct delayed_filename filename;
struct statx __user *buffer;
};
@@ -24,6 +24,7 @@ int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
struct io_statx *sx = io_kiocb_to_cmd(req, struct io_statx);
const char __user *path;
+ int ret;
if (sqe->buf_index || sqe->splice_fd_in)
return -EINVAL;
@@ -36,14 +37,10 @@ int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
sx->buffer = u64_to_user_ptr(READ_ONCE(sqe->addr2));
sx->flags = READ_ONCE(sqe->statx_flags);
- sx->filename = getname_uflags(path, sx->flags);
-
- if (IS_ERR(sx->filename)) {
- int ret = PTR_ERR(sx->filename);
+ ret = delayed_getname_uflags(&sx->filename, path, sx->flags);
- sx->filename = NULL;
+ if (unlikely(ret))
return ret;
- }
req->flags |= REQ_F_NEED_CLEANUP;
req->flags |= REQ_F_FORCE_ASYNC;
@@ -53,11 +50,12 @@ int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
int io_statx(struct io_kiocb *req, unsigned int issue_flags)
{
struct io_statx *sx = io_kiocb_to_cmd(req, struct io_statx);
+ CLASS(filename_complete_delayed, name)(&sx->filename);
int ret;
WARN_ON_ONCE(issue_flags & IO_URING_F_NONBLOCK);
- ret = do_statx(sx->dfd, sx->filename, sx->flags, sx->mask, sx->buffer);
+ ret = do_statx(sx->dfd, name, sx->flags, sx->mask, sx->buffer);
io_req_set_res(req, ret, 0);
return IOU_COMPLETE;
}
@@ -66,6 +64,5 @@ void io_statx_cleanup(struct io_kiocb *req)
{
struct io_statx *sx = io_kiocb_to_cmd(req, struct io_statx);
- if (sx->filename)
- putname(sx->filename);
+ dismiss_delayed_filename(&sx->filename);
}
diff --git a/io_uring/xattr.c b/io_uring/xattr.c
index 322b94ff9e4b..0fb4e5303500 100644
--- a/io_uring/xattr.c
+++ b/io_uring/xattr.c
@@ -19,16 +19,14 @@
struct io_xattr {
struct file *file;
struct kernel_xattr_ctx ctx;
- struct filename *filename;
+ struct delayed_filename filename;
};
void io_xattr_cleanup(struct io_kiocb *req)
{
struct io_xattr *ix = io_kiocb_to_cmd(req, struct io_xattr);
- if (ix->filename)
- putname(ix->filename);
-
+ dismiss_delayed_filename(&ix->filename);
kfree(ix->ctx.kname);
kvfree(ix->ctx.kvalue);
}
@@ -48,7 +46,7 @@ static int __io_getxattr_prep(struct io_kiocb *req,
const char __user *name;
int ret;
- ix->filename = NULL;
+ INIT_DELAYED_FILENAME(&ix->filename);
ix->ctx.kvalue = NULL;
name = u64_to_user_ptr(READ_ONCE(sqe->addr));
ix->ctx.value = u64_to_user_ptr(READ_ONCE(sqe->addr2));
@@ -93,11 +91,7 @@ int io_getxattr_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
path = u64_to_user_ptr(READ_ONCE(sqe->addr3));
- ix->filename = getname(path);
- if (IS_ERR(ix->filename))
- return PTR_ERR(ix->filename);
-
- return 0;
+ return delayed_getname(&ix->filename, path);
}
int io_fgetxattr(struct io_kiocb *req, unsigned int issue_flags)
@@ -119,8 +113,8 @@ int io_getxattr(struct io_kiocb *req, unsigned int issue_flags)
WARN_ON_ONCE(issue_flags & IO_URING_F_NONBLOCK);
- ret = filename_getxattr(AT_FDCWD, ix->filename, LOOKUP_FOLLOW, &ix->ctx);
- ix->filename = NULL;
+ ret = filename_getxattr(AT_FDCWD, complete_getname(&ix->filename),
+ LOOKUP_FOLLOW, &ix->ctx);
io_xattr_finish(req, ret);
return IOU_COMPLETE;
}
@@ -132,7 +126,7 @@ static int __io_setxattr_prep(struct io_kiocb *req,
const char __user *name;
int ret;
- ix->filename = NULL;
+ INIT_DELAYED_FILENAME(&ix->filename);
name = u64_to_user_ptr(READ_ONCE(sqe->addr));
ix->ctx.cvalue = u64_to_user_ptr(READ_ONCE(sqe->addr2));
ix->ctx.kvalue = NULL;
@@ -169,11 +163,7 @@ int io_setxattr_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
path = u64_to_user_ptr(READ_ONCE(sqe->addr3));
- ix->filename = getname(path);
- if (IS_ERR(ix->filename))
- return PTR_ERR(ix->filename);
-
- return 0;
+ return delayed_getname(&ix->filename, path);
}
int io_fsetxattr_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
@@ -200,8 +190,8 @@ int io_setxattr(struct io_kiocb *req, unsigned int issue_flags)
WARN_ON_ONCE(issue_flags & IO_URING_F_NONBLOCK);
- ret = filename_setxattr(AT_FDCWD, ix->filename, LOOKUP_FOLLOW, &ix->ctx);
- ix->filename = NULL;
+ ret = filename_setxattr(AT_FDCWD, complete_getname(&ix->filename),
+ LOOKUP_FOLLOW, &ix->ctx);
io_xattr_finish(req, ret);
return IOU_COMPLETE;
}
--
2.47.3
next prev parent reply other threads:[~2026-01-14 4:31 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-14 4:32 [PATCH v5 00/68] struct filename series Al Viro
2026-01-14 4:32 ` [PATCH v5 01/68] init_mknod(): turn into a trivial wrapper for do_mknodat() Al Viro
2026-01-14 4:32 ` [PATCH v5 02/68] init_mkdir(): turn into a trivial wrapper for do_mkdirat() Al Viro
2026-01-14 4:32 ` [PATCH v5 03/68] init_symlink(): turn into a trivial wrapper for do_symlinkat() Al Viro
2026-01-14 4:32 ` [PATCH v5 04/68] init_link(): turn into a trivial wrapper for do_linkat() Al Viro
2026-01-14 4:32 ` [PATCH v5 05/68] allow to use CLASS() for struct filename * Al Viro
2026-01-14 4:32 ` [PATCH v5 06/68] do_faccessat(): import pathname only once Al Viro
2026-01-14 4:32 ` [PATCH v5 07/68] do_fchmodat(): " Al Viro
2026-01-14 4:32 ` [PATCH v5 08/68] do_fchownat(): " Al Viro
2026-01-14 4:32 ` [PATCH v5 09/68] do_utimes_path(): " Al Viro
2026-01-14 4:32 ` [PATCH v5 10/68] chdir(2): " Al Viro
2026-01-14 4:32 ` [PATCH v5 11/68] chroot(2): " Al Viro
2026-01-14 4:32 ` [PATCH v5 12/68] user_statfs(): " Al Viro
2026-01-14 4:32 ` [PATCH v5 13/68] do_sys_truncate(): " Al Viro
2026-01-14 4:32 ` [PATCH v5 14/68] do_readlinkat(): " Al Viro
2026-01-14 4:32 ` [PATCH v5 15/68] get rid of audit_reusename() Al Viro
2026-01-14 4:32 ` [PATCH v5 16/68] ntfs: ->d_compare() must not block Al Viro
2026-01-14 4:32 ` [PATCH v5 17/68] getname_flags() massage, part 1 Al Viro
2026-01-14 4:32 ` [PATCH v5 18/68] getname_flags() massage, part 2 Al Viro
2026-01-14 4:32 ` [PATCH v5 19/68] struct filename: use names_cachep only for getname() and friends Al Viro
2026-01-14 4:32 ` [PATCH v5 20/68] struct filename: saner handling of long names Al Viro
2026-01-14 4:32 ` [PATCH v5 21/68] fs: hide names_cache behind runtime const machinery Al Viro
2026-01-14 4:32 ` [PATCH v5 22/68] switch __getname_maybe_null() to CLASS(filename_flags) Al Viro
2026-01-14 4:32 ` Al Viro [this message]
2026-01-14 4:32 ` [PATCH v5 24/68] struct filename ->refcnt doesn't need to be atomic Al Viro
2026-01-14 4:32 ` [PATCH v5 25/68] file_getattr(): filename_lookup() accepts ERR_PTR() as filename Al Viro
2026-01-14 4:32 ` [PATCH v5 26/68] file_setattr(): " Al Viro
2026-01-14 4:32 ` [PATCH v5 27/68] move_mount(): " Al Viro
2026-01-14 4:32 ` [PATCH v5 28/68] ksmbd_vfs_path_lookup(): vfs_path_parent_lookup() accepts ERR_PTR() as name Al Viro
2026-01-14 4:32 ` [PATCH v5 29/68] ksmbd_vfs_rename(): " Al Viro
2026-01-14 4:32 ` [PATCH v5 30/68] do_filp_open(): DTRT when getting ERR_PTR() as pathname Al Viro
2026-01-14 4:32 ` [PATCH v5 31/68] rename do_filp_open() to do_file_open() Al Viro
2026-01-14 4:32 ` [PATCH v5 32/68] do_sys_openat2(): get rid of useless check, switch to CLASS(filename) Al Viro
2026-01-14 4:32 ` [PATCH v5 33/68] simplify the callers of file_open_name() Al Viro
2026-01-14 4:32 ` [PATCH v5 34/68] simplify the callers of do_open_execat() Al Viro
2026-01-14 4:32 ` [PATCH v5 35/68] simplify the callers of alloc_bprm() Al Viro
2026-01-14 4:32 ` [PATCH v5 36/68] execve: fold {compat_,}do_execve{,at}() into their sole callers Al Viro
2026-01-14 4:32 ` [PATCH v5 37/68] do_execveat_common(): don't consume filename reference Al Viro
2026-01-14 4:32 ` [PATCH v5 38/68] switch {alloc,free}_bprm() to CLASS() Al Viro
2026-01-14 4:32 ` [PATCH v5 39/68] non-consuming variant of do_renameat2() Al Viro
2026-01-14 4:32 ` [PATCH v5 40/68] non-consuming variant of do_linkat() Al Viro
2026-01-14 4:32 ` [PATCH v5 41/68] non-consuming variant of do_symlinkat() Al Viro
2026-01-14 4:32 ` [PATCH v5 42/68] non-consuming variant of do_mkdirat() Al Viro
2026-01-14 4:32 ` [PATCH v5 43/68] non-consuming variant of do_mknodat() Al Viro
2026-01-14 4:32 ` [PATCH v5 44/68] non-consuming variants of do_{unlinkat,rmdir}() Al Viro
2026-01-14 4:32 ` [PATCH v5 45/68] file_[gs]etattr(2): switch to CLASS(filename_maybe_null) Al Viro
2026-01-14 4:32 ` [PATCH v5 46/68] mount_setattr(2): don't mess with LOOKUP_EMPTY Al Viro
2026-01-14 4:32 ` [PATCH v5 47/68] do_open_execat(): don't care about LOOKUP_EMPTY Al Viro
2026-01-14 4:32 ` [PATCH v5 48/68] vfs_open_tree(): use CLASS(filename_uflags) Al Viro
2026-01-14 4:32 ` [PATCH v5 49/68] name_to_handle_at(): " Al Viro
2026-01-14 4:32 ` [PATCH v5 50/68] fspick(2): use CLASS(filename_flags) Al Viro
2026-01-14 4:32 ` [PATCH v5 51/68] do_fchownat(): unspaghettify a bit Al Viro
2026-01-14 4:32 ` [PATCH v5 52/68] chdir(2): " Al Viro
2026-01-14 4:32 ` [PATCH v5 53/68] do_utimes_path(): switch to CLASS(filename_uflags) Al Viro
2026-01-14 4:32 ` [PATCH v5 54/68] do_sys_truncate(): switch to CLASS(filename) Al Viro
2026-01-14 4:32 ` [PATCH v5 55/68] do_readlinkat(): switch to CLASS(filename_flags) Al Viro
2026-01-14 4:32 ` [PATCH v5 56/68] do_f{chmod,chown,access}at(): use CLASS(filename_uflags) Al Viro
2026-01-14 4:32 ` [PATCH v5 57/68] namei.c: convert getname_kernel() callers to CLASS(filename_kernel) Al Viro
2026-01-14 4:33 ` [PATCH v5 58/68] namei.c: switch user pathname imports to CLASS(filename{,_flags}) Al Viro
2026-01-14 4:33 ` [PATCH v5 59/68] filename_...xattr(): don't consume filename reference Al Viro
2026-01-14 4:33 ` [PATCH v5 60/68] move_mount(2): switch to CLASS(filename_maybe_null) Al Viro
2026-01-14 4:33 ` [PATCH v5 61/68] chroot(2): switch to CLASS(filename) Al Viro
2026-01-14 4:33 ` [PATCH v5 62/68] quotactl_block(): " Al Viro
2026-01-14 4:33 ` [PATCH v5 63/68] statx: switch to CLASS(filename_maybe_null) Al Viro
2026-01-14 4:33 ` [PATCH v5 64/68] user_statfs(): switch to CLASS(filename) Al Viro
2026-01-14 4:33 ` [PATCH v5 65/68] mqueue: " Al Viro
2026-01-14 4:33 ` [PATCH v5 66/68] ksmbd: use CLASS(filename_kernel) Al Viro
2026-01-14 4:33 ` [PATCH v5 67/68] alpha: switch osf_mount() to strndup_user() Al Viro
2026-01-14 4:33 ` [PATCH v5 68/68] sysfs(2): fs_index() argument is _not_ a pathname Al Viro
2026-01-14 10:41 ` David Laight
2026-01-14 14:35 ` Al Viro
2026-01-14 16:51 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260114043310.3885463-24-viro@zeniv.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=audit@vger.kernel.org \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=io-uring@vger.kernel.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjguzik@gmail.com \
--cc=paul@paul-moore.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox