From: Al Viro <viro@ZenIV.linux.org.uk>
To: Aleksa Sarai <cyphar@cyphar.com>
Cc: Aleksa Sarai <asarai@suse.de>, Jann Horn <jannh@google.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
jlayton@kernel.org, Bruce Fields <bfields@fieldses.org>,
Arnd Bergmann <arnd@arndb.de>, Andy Lutomirski <luto@kernel.org>,
David Howells <dhowells@redhat.com>,
christian@brauner.io, Tycho Andersen <tycho@tycho.ws>,
David Drysdale <drysdale@google.com>,
dev@opencontainers.org, containers@lists.linux-foundation.org,
linux-fsdevel@vger.kernel.org,
kernel list <linux-kernel@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH v3 3/3] namei: aggressively check for nd->root escape on ".." resolution
Date: Sat, 13 Oct 2018 10:04:32 +0100 [thread overview]
Message-ID: <20181013090432.GV32577@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20181013085326.gx6rvgqbbyuntfvv@ryuk>
On Sat, Oct 13, 2018 at 07:53:26PM +1100, Aleksa Sarai wrote:
> I didn't know about path_is_under() -- I just checked and it appears to
> not take &rename_lock? From my understanding, in order to protect
> against the rename attack you need to take &rename_lock (or check
> against &rename_lock at least and retry if it changed).
>
> I could definitely use path_is_under() if you prefer, though I think
> that in this case we'd need to take &rename_lock (right?). Also is there
> a speed issue with taking the write-side of a seqlock when we are just
> reading -- is this more efficient than doing a retry like in __d_path?
???
1) it uses is_subdir(), which does deal with rename_lock
2) what it does is taking mount_lock.lock. I.e. the same
thing as the second retry in __d_path(). _If_ it shows
up in profiles, we can switch it to read_seqbegin_or_lock(),
but I'd like to see the profiling data first.
next prev parent reply other threads:[~2018-10-13 9:04 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-09 7:02 [PATCH v3 0/3] namei: implement various lookup restriction AT_* flags Aleksa Sarai
2018-10-09 7:02 ` [PATCH v3 1/3] namei: implement O_BENEATH-style " Aleksa Sarai
2018-10-13 7:33 ` Al Viro
2018-10-13 8:05 ` Al Viro
2018-10-13 8:20 ` Aleksa Sarai
2018-10-13 8:09 ` Aleksa Sarai
2018-10-09 7:02 ` [PATCH v3 2/3] namei: implement AT_THIS_ROOT chroot-like path resolution Aleksa Sarai
2018-10-09 7:02 ` [PATCH v3 3/3] namei: aggressively check for nd->root escape on ".." resolution Aleksa Sarai
2018-10-09 15:19 ` Jann Horn
2018-10-09 15:37 ` Aleksa Sarai
2018-10-09 16:46 ` Jann Horn
2018-10-13 8:22 ` Al Viro
2018-10-13 8:53 ` Aleksa Sarai
2018-10-13 9:04 ` Al Viro [this message]
2018-10-13 9:27 ` Aleksa Sarai
2018-10-17 15:23 ` [PATCH v3 0/3] namei: implement various lookup restriction AT_* flags Aleksa Sarai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181013090432.GV32577@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=arnd@arndb.de \
--cc=asarai@suse.de \
--cc=bfields@fieldses.org \
--cc=christian@brauner.io \
--cc=containers@lists.linux-foundation.org \
--cc=cyphar@cyphar.com \
--cc=dev@opencontainers.org \
--cc=dhowells@redhat.com \
--cc=drysdale@google.com \
--cc=ebiederm@xmission.com \
--cc=jannh@google.com \
--cc=jlayton@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.