From: Al Viro <viro@zeniv.linux.org.uk>
To: Christian Brauner <christian@brauner.io>
Cc: gregkh@linuxfoundation.org, devel@driverdev.osuosl.org,
linux-fsdevel@vger.kernel.org, tkjos@google.com
Subject: Re: [PATCH 2/5] binderfs: prevent renaming the control dentry
Date: Fri, 18 Jan 2019 22:55:52 +0000 [thread overview]
Message-ID: <20190118225552.GZ2217@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20190118145344.11532-3-christian@brauner.io>
On Fri, Jan 18, 2019 at 03:53:41PM +0100, Christian Brauner wrote:
> We don't allow to unlink it since it is crucial for binderfs to be useable
> but if we allow to rename it we make the unlink trivial to bypass. So
> prevent renaming too and simply treat the control dentry as immutable.
>
> Take the opportunity and turn the check for the control dentry into a
> separate helper is_binderfs_control_device() since it's now used in two
> places.
> Additionally, replace the custom rename dance we did with call to
> simple_rename().
Umm...
> +static inline bool is_binderfs_control_device(const struct inode *inode,
> + const struct dentry *dentry)
> +{
> + return BINDERFS_I(inode)->control_dentry == dentry;
> +}
What do you need an inode for?
static inline struct binderfs_info *BINDERFS_I(const struct inode *inode)
{
return inode->i_sb->s_fs_info;
}
so it looks like all you care about is the superblock. Which can be
had simply as dentry->d_sb...
Besides, what's the point of calling is_binderfs_device() in ->rename()?
If your directory methods are given dentries from another filesystem,
the kernel is already FUBAR. So your rename should simply do
if (is_binderfs_control_device(old_dentry) ||
is_binderfs_control_device(new_dentry))
return -EPERM;
return simple_rename(......);
and that's it...
next prev parent reply other threads:[~2019-01-18 22:55 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 14:53 [PATCH 0/5] binderfs: debug galore Christian Brauner
2019-01-18 14:53 ` [PATCH 1/5] binderfs: remove outdated comment Christian Brauner
2019-01-18 14:53 ` [PATCH 2/5] binderfs: prevent renaming the control dentry Christian Brauner
2019-01-18 22:55 ` Al Viro [this message]
2019-01-19 15:10 ` Christian Brauner
2019-01-18 14:53 ` [PATCH 3/5] binderfs: rework binderfs_fill_super() Christian Brauner
2019-01-18 23:03 ` Al Viro
2019-01-19 15:12 ` Christian Brauner
2019-01-18 14:53 ` [PATCH 4/5] binderfs: kill_litter_super() before cleanup Christian Brauner
2019-01-18 14:53 ` [PATCH 5/5] binderfs: drop lock in binderfs_binder_ctl_create Christian Brauner
2019-01-18 23:26 ` [PATCH 0/5] binderfs: debug galore Al Viro
2019-01-19 15:55 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190118225552.GZ2217@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=christian@brauner.io \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tkjos@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.