From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Chinner <dgc@sgi.com>
Subject: Re: openg and path_to_handle
Date: Thu, 7 Dec 2006 07:57:33 +1100
Message-ID: <20061206205733.GD33919298@melbourne.sgi.com>
References: <20061129122313.GG14315@parisc-linux.org> <20061129123913.GA15994@infradead.org> <4570ACD1.7060800@mcs.anl.gov> <f158dc670612011835u2bbd39d2sbe8abf2a9d6b9e23@mail.gmail.com> <4574BF52.6090600@mcs.anl.gov> <f158dc670612050847y197c232bp6f967934c5769bf3@mail.gmail.com> <20061206094805.GB33919298@melbourne.sgi.com> <4576E783.7020402@mcs.anl.gov> <20061206160439.GV3013@parisc-linux.org> <4576EDC7.7040109@mcs.anl.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Matthew Wilcox <matthew@wil.cx>, David Chinner <dgc@sgi.com>,
	Latchesar Ionkov <lionkov@lanl.gov>,
	Christoph Hellwig <hch@infradead.org>,
	Gary Grider <ggrider@lanl.gov>, linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from omx2-ext.sgi.com ([192.48.171.19]:40561 "EHLO omx2.sgi.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S937636AbWLFU6A (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 6 Dec 2006 15:58:00 -0500
To: Rob Ross <rross@mcs.anl.gov>
Content-Disposition: inline
In-Reply-To: <4576EDC7.7040109@mcs.anl.gov>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Wed, Dec 06, 2006 at 10:20:23AM -0600, Rob Ross wrote:
> Matthew Wilcox wrote:
> >On Wed, Dec 06, 2006 at 09:53:39AM -0600, Rob Ross wrote:
> >>David Chinner wrote:
> >>>Does anyone here know about the XFS libhandle API? This has been
> >>>around for years and it does _exactly_ what these proposed syscalls
> >>>are supposed to do (and more).
> >>Thanks for pointing these out Dave. These are indeed along the same 
> >>lines as the openg()/openfh() approach.
> >>
> >>One difference is that they appear to perform permission checking on the 
> >>open_by_handle(), which means that the entire path needs to be encoded 
> >>in the handle, and makes it difficult to eliminate the path traversal 
> >>overhead on N open_by_handle() operations.
> >
> >Another (and highly important) difference is that usage is restricted to
> >root:
> >
> >xfs_open_by_handle(...)
> >...
> >        if (!capable(CAP_SYS_ADMIN))
> >		return -XFS_ERROR(EPERM);
> 
> I assume that this is because the implementation chose not to do the 
> path encoding in the handle? Because if they did, they could do full 
> path permission checking as part of the open_by_handle.

The original use of this interface (if I understand the Irix history
correctly - this is way before my time at SGI) was a userspace NFS
server and so permission checks were done after the filehandle was
opened and a stat could be done on the fd and mode/uid/gid could be
compared to what was in the NFS request. Paths were never needed for
this because everything needed could be obtained directly from
the inode.

Cheers,

Dave.
-- 
Dave Chinner
Principal Engineer
SGI Australian Software Group