Re: [RFC] struct filename, io_uring and audit troubles

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Al Viro <viro@zeniv.linux.org.uk>
To: Jens Axboe <axboe@kernel.dk>
Cc: linux-fsdevel@vger.kernel.org, io-uring@vger.kernel.org
Subject: Re: [RFC] struct filename, io_uring and audit troubles
Date: Tue, 24 Sep 2024 22:40:46 +0100	[thread overview]
Message-ID: <20240924214046.GG3550746@ZenIV> (raw)
In-Reply-To: <20240923203659.GD3550746@ZenIV>

On Mon, Sep 23, 2024 at 09:36:59PM +0100, Al Viro wrote:

> 	* go through the VFS side of things and make sure we have a consistent
> set of helpers that would take struct filename * - *not* the ad-hoc mix we
> have right now, when that's basically driven by io_uring borging them in
> one by one - or duplicates them without bothering to share helpers.
> E.g. mkdirat(2) does getname() and passes it to do_mkdirat(), which
> consumes the sucker; so does mknodat(2), but do_mknodat() is static.  OTOH,
> path_setxattr() does setxattr_copy(), then retry_estale loop with
> user_path_at() + mnt_want_write() + do_setxattr() + mnt_drop_write() + path_put()
> as a body, while on io_uring side we have retry_estale loop with filename_lookup() +
> (io_uring helper that does mnt_want_write() + do_setxattr() + mnt_drop_write()) +
> path_put().
> 	Sure, that user_path_at() call is getname() + filename_lookup() + putname(),
> so they are equivalent, but keeping that shite in sync is going to be trouble.

BTW, re mess around xattr:
static int __io_getxattr_prep(struct io_kiocb *req,
                              const struct io_uring_sqe *sqe)
{
...
        ix->ctx.cvalue = u64_to_user_ptr(READ_ONCE(sqe->addr2));
	ix->ctx.size = READ_ONCE(sqe->len);
...
        ret = strncpy_from_user(ix->ctx.kname->name, name,
				sizeof(ix->ctx.kname->name));

}

int io_fgetxattr(struct io_kiocb *req, unsigned int issue_flags)
{
...
        ret = do_getxattr(file_mnt_idmap(req->file),
			req->file->f_path.dentry,
			&ix->ctx);
...
}

ssize_t
do_getxattr(struct mnt_idmap *idmap, struct dentry *d,
        struct xattr_ctx *ctx)
{
...
        if (error > 0) {
		if (ctx->size && copy_to_user(ctx->value, ctx->kvalue, error))
...
}

and we have
struct xattr_ctx {
        /* Value of attribute */
	union {
		const void __user *cvalue;
		void __user *value;
	};
	...
}

Undefined behaviour aside, there's something odd going on here:
why do we bother with copy-in in ->prep() when we do copy-out in
->issue() anyway?  ->issue() does run with initiator's ->mm in use,
right?

IOW, what's the io_uring policy on what gets copied in ->prep() vs.
in ->issue()?

next prev parent reply	other threads:[~2024-09-24 21:40 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-22  0:49 [RFC] struct filename, io_uring and audit troubles Al Viro
2024-09-22  4:10 ` Al Viro
2024-09-22 15:09   ` Al Viro
2024-09-23  1:50 ` Al Viro
2024-09-23  6:30   ` Jens Axboe
2024-09-23 12:54     ` Paul Moore
2024-09-23 14:48       ` Al Viro
2024-09-23 16:14         ` Paul Moore
2024-09-23 18:17           ` Al Viro
2024-09-23 23:49             ` Paul Moore
2024-09-23 20:36           ` Al Viro
2024-09-24  0:11             ` Paul Moore
2024-09-24  7:01               ` Al Viro
2024-09-24 23:17                 ` Paul Moore
2024-09-25 20:44               ` Al Viro
2024-09-25 20:58                 ` Paul Moore
2024-09-24 21:40             ` Al Viro [this message]
2024-09-25  6:01               ` Jens Axboe
2024-09-25 17:39                 ` Al Viro
2024-09-25 17:58                   ` Jens Axboe
2024-09-26  3:56                 ` Al Viro
2024-09-23 15:07     ` Al Viro
2024-09-24 11:15       ` Jens Axboe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240924214046.GG3550746@ZenIV \
    --to=viro@zeniv.linux.org.uk \
    --cc=axboe@kernel.dk \
    --cc=io-uring@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.