From: Vivek Goyal <vgoyal@redhat.com>
To: Greg Kurz <groug@kaod.org>
Cc: virtio-fs@redhat.com, qemu-devel@nongnu.org, miklos@szeredi.hu
Subject: Re: [Virtio-fs] [PATCH v7 2/7] virtiofsd: Fix xattr operations overwriting errno
Date: Tue, 29 Jun 2021 09:22:36 -0400 [thread overview]
Message-ID: <20210629132236.GB5231@redhat.com> (raw)
In-Reply-To: <20210629150343.5cf10a26@bahia.lan>
On Tue, Jun 29, 2021 at 03:03:43PM +0200, Greg Kurz wrote:
> On Mon, 28 Jun 2021 16:31:27 +0100
> "Dr. David Alan Gilbert" <dgilbert@redhat.com> wrote:
>
> > * Vivek Goyal (vgoyal@redhat.com) wrote:
> > > getxattr/setxattr/removexattr/listxattr operations handle regualar
> > > and non-regular files differently. For the case of non-regular files
> > > we do fchdir(/proc/self/fd) and the xattr operation and then revert
> > > back to original working directory. After this we are saving errno
> > > and that's buggy because fchdir() will overwrite the errno.
> > >
> > > FCHDIR_NOFAIL(lo->proc_self_fd);
> > > ret = getxattr(procname, name, value, size);
> > > FCHDIR_NOFAIL(lo->root.fd);
> > >
> > > if (ret == -1)
> > > saverr = errno
> > >
> > > In above example, if getxattr() failed, we will still return 0 to caller
> > > as errno must have been written by FCHDIR_NOFAIL(lo->root.fd) call.
>
> This assertion doesn't look right.
>
> From the errno(3) manual page:
>
> The value in errno is significant only when the return value of
> the call indicated an error (i.e., -1 from most system calls; -1
> or NULL from most library functions); a function that succeeds is
> allowed to change errno. The value of errno is never set to zero
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
> by any system call or library function.
Ok. So it will not set errno to 0. But it also says "a function that
succeeds is allowed to change errno". So that means a successful
fchdir(fd) can change errno to something else and we lost original
error code returned by getxattr() operation. Even "assert(fchdir_res == 0)"
will not kick in because fchdir() succeeded.
IOW, with current code we can still lose original error code as experienced
while executing getxattr()/setxattr()/listxattr(). So it makese sense
to fix it.
Vivek
> > > Fix all such instances and capture "errno" early and save in "saverr"
> > > variable.
> > >
> > > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> >
> > I think the existing code is actually safe; I don't think fchdir
> > will/should set errno unless there's an error, and we're explictly
> > asserting there isn't one.
> >
> > However, I do prefer doing this save since we already have the save
> > variables and it makes the chance of screwing it up from any other
> > forgotten syscall less likely, so
> >
>
> Agreed. With this rationale in the changelog:
>
> Reviewed-by: Greg Kurz <groug@kaod.org>
>
> >
> > Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> >
> > > ---
> > > tools/virtiofsd/passthrough_ll.c | 16 ++++++++++------
> > > 1 file changed, 10 insertions(+), 6 deletions(-)
> > >
> > > diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> > > index 49c21fd855..ec91b3c133 100644
> > > --- a/tools/virtiofsd/passthrough_ll.c
> > > +++ b/tools/virtiofsd/passthrough_ll.c
> > > @@ -2791,15 +2791,17 @@ static void lo_getxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name,
> > > goto out_err;
> > > }
> > > ret = fgetxattr(fd, name, value, size);
> > > + saverr = ret == -1 ? errno : 0;
> > > } else {
> > > /* fchdir should not fail here */
> > > FCHDIR_NOFAIL(lo->proc_self_fd);
> > > ret = getxattr(procname, name, value, size);
> > > + saverr = ret == -1 ? errno : 0;
> > > FCHDIR_NOFAIL(lo->root.fd);
> > > }
> > >
> > > if (ret == -1) {
> > > - goto out_err;
> > > + goto out;
> > > }
> > > if (size) {
> > > saverr = 0;
> > > @@ -2864,15 +2866,17 @@ static void lo_listxattr(fuse_req_t req, fuse_ino_t ino, size_t size)
> > > goto out_err;
> > > }
> > > ret = flistxattr(fd, value, size);
> > > + saverr = ret == -1 ? errno : 0;
> > > } else {
> > > /* fchdir should not fail here */
> > > FCHDIR_NOFAIL(lo->proc_self_fd);
> > > ret = listxattr(procname, value, size);
> > > + saverr = ret == -1 ? errno : 0;
> > > FCHDIR_NOFAIL(lo->root.fd);
> > > }
> > >
> > > if (ret == -1) {
> > > - goto out_err;
> > > + goto out;
> > > }
> > > if (size) {
> > > saverr = 0;
> > > @@ -2998,15 +3002,15 @@ static void lo_setxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name,
> > > goto out;
> > > }
> > > ret = fsetxattr(fd, name, value, size, flags);
> > > + saverr = ret == -1 ? errno : 0;
> > > } else {
> > > /* fchdir should not fail here */
> > > FCHDIR_NOFAIL(lo->proc_self_fd);
> > > ret = setxattr(procname, name, value, size, flags);
> > > + saverr = ret == -1 ? errno : 0;
> > > FCHDIR_NOFAIL(lo->root.fd);
> > > }
> > >
> > > - saverr = ret == -1 ? errno : 0;
> > > -
> > > out:
> > > if (fd >= 0) {
> > > close(fd);
> > > @@ -3064,15 +3068,15 @@ static void lo_removexattr(fuse_req_t req, fuse_ino_t ino, const char *in_name)
> > > goto out;
> > > }
> > > ret = fremovexattr(fd, name);
> > > + saverr = ret == -1 ? errno : 0;
> > > } else {
> > > /* fchdir should not fail here */
> > > FCHDIR_NOFAIL(lo->proc_self_fd);
> > > ret = removexattr(procname, name);
> > > + saverr = ret == -1 ? errno : 0;
> > > FCHDIR_NOFAIL(lo->root.fd);
> > > }
> > >
> > > - saverr = ret == -1 ? errno : 0;
> > > -
> > > out:
> > > if (fd >= 0) {
> > > close(fd);
> > > --
> > > 2.25.4
> > >
>
WARNING: multiple messages have this Message-ID (diff)
From: Vivek Goyal <vgoyal@redhat.com>
To: Greg Kurz <groug@kaod.org>
Cc: virtio-fs@redhat.com, qemu-devel@nongnu.org,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
miklos@szeredi.hu
Subject: Re: [Virtio-fs] [PATCH v7 2/7] virtiofsd: Fix xattr operations overwriting errno
Date: Tue, 29 Jun 2021 09:22:36 -0400 [thread overview]
Message-ID: <20210629132236.GB5231@redhat.com> (raw)
In-Reply-To: <20210629150343.5cf10a26@bahia.lan>
On Tue, Jun 29, 2021 at 03:03:43PM +0200, Greg Kurz wrote:
> On Mon, 28 Jun 2021 16:31:27 +0100
> "Dr. David Alan Gilbert" <dgilbert@redhat.com> wrote:
>
> > * Vivek Goyal (vgoyal@redhat.com) wrote:
> > > getxattr/setxattr/removexattr/listxattr operations handle regualar
> > > and non-regular files differently. For the case of non-regular files
> > > we do fchdir(/proc/self/fd) and the xattr operation and then revert
> > > back to original working directory. After this we are saving errno
> > > and that's buggy because fchdir() will overwrite the errno.
> > >
> > > FCHDIR_NOFAIL(lo->proc_self_fd);
> > > ret = getxattr(procname, name, value, size);
> > > FCHDIR_NOFAIL(lo->root.fd);
> > >
> > > if (ret == -1)
> > > saverr = errno
> > >
> > > In above example, if getxattr() failed, we will still return 0 to caller
> > > as errno must have been written by FCHDIR_NOFAIL(lo->root.fd) call.
>
> This assertion doesn't look right.
>
> From the errno(3) manual page:
>
> The value in errno is significant only when the return value of
> the call indicated an error (i.e., -1 from most system calls; -1
> or NULL from most library functions); a function that succeeds is
> allowed to change errno. The value of errno is never set to zero
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
> by any system call or library function.
Ok. So it will not set errno to 0. But it also says "a function that
succeeds is allowed to change errno". So that means a successful
fchdir(fd) can change errno to something else and we lost original
error code returned by getxattr() operation. Even "assert(fchdir_res == 0)"
will not kick in because fchdir() succeeded.
IOW, with current code we can still lose original error code as experienced
while executing getxattr()/setxattr()/listxattr(). So it makese sense
to fix it.
Vivek
> > > Fix all such instances and capture "errno" early and save in "saverr"
> > > variable.
> > >
> > > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> >
> > I think the existing code is actually safe; I don't think fchdir
> > will/should set errno unless there's an error, and we're explictly
> > asserting there isn't one.
> >
> > However, I do prefer doing this save since we already have the save
> > variables and it makes the chance of screwing it up from any other
> > forgotten syscall less likely, so
> >
>
> Agreed. With this rationale in the changelog:
>
> Reviewed-by: Greg Kurz <groug@kaod.org>
>
> >
> > Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> >
> > > ---
> > > tools/virtiofsd/passthrough_ll.c | 16 ++++++++++------
> > > 1 file changed, 10 insertions(+), 6 deletions(-)
> > >
> > > diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> > > index 49c21fd855..ec91b3c133 100644
> > > --- a/tools/virtiofsd/passthrough_ll.c
> > > +++ b/tools/virtiofsd/passthrough_ll.c
> > > @@ -2791,15 +2791,17 @@ static void lo_getxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name,
> > > goto out_err;
> > > }
> > > ret = fgetxattr(fd, name, value, size);
> > > + saverr = ret == -1 ? errno : 0;
> > > } else {
> > > /* fchdir should not fail here */
> > > FCHDIR_NOFAIL(lo->proc_self_fd);
> > > ret = getxattr(procname, name, value, size);
> > > + saverr = ret == -1 ? errno : 0;
> > > FCHDIR_NOFAIL(lo->root.fd);
> > > }
> > >
> > > if (ret == -1) {
> > > - goto out_err;
> > > + goto out;
> > > }
> > > if (size) {
> > > saverr = 0;
> > > @@ -2864,15 +2866,17 @@ static void lo_listxattr(fuse_req_t req, fuse_ino_t ino, size_t size)
> > > goto out_err;
> > > }
> > > ret = flistxattr(fd, value, size);
> > > + saverr = ret == -1 ? errno : 0;
> > > } else {
> > > /* fchdir should not fail here */
> > > FCHDIR_NOFAIL(lo->proc_self_fd);
> > > ret = listxattr(procname, value, size);
> > > + saverr = ret == -1 ? errno : 0;
> > > FCHDIR_NOFAIL(lo->root.fd);
> > > }
> > >
> > > if (ret == -1) {
> > > - goto out_err;
> > > + goto out;
> > > }
> > > if (size) {
> > > saverr = 0;
> > > @@ -2998,15 +3002,15 @@ static void lo_setxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name,
> > > goto out;
> > > }
> > > ret = fsetxattr(fd, name, value, size, flags);
> > > + saverr = ret == -1 ? errno : 0;
> > > } else {
> > > /* fchdir should not fail here */
> > > FCHDIR_NOFAIL(lo->proc_self_fd);
> > > ret = setxattr(procname, name, value, size, flags);
> > > + saverr = ret == -1 ? errno : 0;
> > > FCHDIR_NOFAIL(lo->root.fd);
> > > }
> > >
> > > - saverr = ret == -1 ? errno : 0;
> > > -
> > > out:
> > > if (fd >= 0) {
> > > close(fd);
> > > @@ -3064,15 +3068,15 @@ static void lo_removexattr(fuse_req_t req, fuse_ino_t ino, const char *in_name)
> > > goto out;
> > > }
> > > ret = fremovexattr(fd, name);
> > > + saverr = ret == -1 ? errno : 0;
> > > } else {
> > > /* fchdir should not fail here */
> > > FCHDIR_NOFAIL(lo->proc_self_fd);
> > > ret = removexattr(procname, name);
> > > + saverr = ret == -1 ? errno : 0;
> > > FCHDIR_NOFAIL(lo->root.fd);
> > > }
> > >
> > > - saverr = ret == -1 ? errno : 0;
> > > -
> > > out:
> > > if (fd >= 0) {
> > > close(fd);
> > > --
> > > 2.25.4
> > >
>
next prev parent reply other threads:[~2021-06-29 13:22 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-22 15:08 [Virtio-fs] [PATCH v7 0/7] virtiofsd: Add support to enable/disable posix acls Vivek Goyal
2021-06-22 15:08 ` Vivek Goyal
2021-06-22 15:08 ` [Virtio-fs] [PATCH v7 1/7] virtiofsd: Fix fuse setxattr() API change issue Vivek Goyal
2021-06-22 15:08 ` Vivek Goyal
2021-06-28 14:46 ` [Virtio-fs] " Dr. David Alan Gilbert
2021-06-28 14:46 ` Dr. David Alan Gilbert
2021-06-28 14:54 ` [Virtio-fs] " Vivek Goyal
2021-06-29 12:44 ` Greg Kurz
2021-06-30 10:17 ` Dr. David Alan Gilbert
2021-06-22 15:08 ` [Virtio-fs] [PATCH v7 2/7] virtiofsd: Fix xattr operations overwriting errno Vivek Goyal
2021-06-22 15:08 ` Vivek Goyal
2021-06-28 15:31 ` [Virtio-fs] " Dr. David Alan Gilbert
2021-06-28 15:31 ` Dr. David Alan Gilbert
2021-06-29 13:03 ` [Virtio-fs] " Greg Kurz
2021-06-29 13:03 ` Greg Kurz
2021-06-29 13:22 ` Vivek Goyal [this message]
2021-06-29 13:22 ` Vivek Goyal
2021-06-29 14:35 ` Greg Kurz
2021-06-29 14:35 ` Greg Kurz
2021-06-22 15:08 ` [Virtio-fs] [PATCH v7 3/7] virtiofsd: Add support for extended setxattr Vivek Goyal
2021-06-22 15:08 ` Vivek Goyal
2021-06-28 15:49 ` [Virtio-fs] " Dr. David Alan Gilbert
2021-06-28 15:49 ` Dr. David Alan Gilbert
2021-06-28 18:28 ` [Virtio-fs] " Vivek Goyal
2021-06-28 18:28 ` Vivek Goyal
2021-06-28 18:34 ` [Virtio-fs] " Dr. David Alan Gilbert
2021-06-28 18:34 ` Dr. David Alan Gilbert
2021-06-22 15:08 ` [Virtio-fs] [PATCH v7 4/7] virtiofsd: Add umask to seccom allow list Vivek Goyal
2021-06-22 15:08 ` Vivek Goyal
2021-06-22 15:08 ` [Virtio-fs] [PATCH v7 5/7] virtiofsd: Add capability to change/restore umask Vivek Goyal
2021-06-22 15:08 ` Vivek Goyal
2021-06-28 16:12 ` [Virtio-fs] " Dr. David Alan Gilbert
2021-06-28 16:12 ` Dr. David Alan Gilbert
2021-06-28 18:12 ` [Virtio-fs] " Vivek Goyal
2021-06-28 18:12 ` Vivek Goyal
2021-06-28 18:36 ` [Virtio-fs] " Dr. David Alan Gilbert
2021-06-28 18:36 ` Dr. David Alan Gilbert
2021-06-28 18:46 ` [Virtio-fs] " Vivek Goyal
2021-06-28 18:46 ` Vivek Goyal
2021-06-28 18:51 ` [Virtio-fs] " Dr. David Alan Gilbert
2021-06-28 18:51 ` Dr. David Alan Gilbert
2021-06-22 15:08 ` [Virtio-fs] [PATCH v7 6/7] virtiofsd: Switch creds, drop FSETID for system.posix_acl_access xattr Vivek Goyal
2021-06-22 15:08 ` Vivek Goyal
2021-06-28 17:37 ` [Virtio-fs] " Dr. David Alan Gilbert
2021-06-28 17:37 ` Dr. David Alan Gilbert
2021-06-28 17:55 ` [Virtio-fs] " Dr. David Alan Gilbert
2021-06-28 17:55 ` Dr. David Alan Gilbert
2021-06-22 15:08 ` [Virtio-fs] [PATCH v7 7/7] virtiofsd: Add an option to enable/disable posix acls Vivek Goyal
2021-06-22 15:08 ` Vivek Goyal
2021-06-28 18:26 ` [Virtio-fs] " Dr. David Alan Gilbert
2021-06-28 18:26 ` Dr. David Alan Gilbert
2021-06-30 18:53 ` [Virtio-fs] [PATCH v7 0/7] virtiofsd: Add support " Dr. David Alan Gilbert
2021-06-30 18:53 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210629132236.GB5231@redhat.com \
--to=vgoyal@redhat.com \
--cc=groug@kaod.org \
--cc=miklos@szeredi.hu \
--cc=qemu-devel@nongnu.org \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.