From: Al Viro <viro@zeniv.linux.org.uk>
To: hooanon05g@gmail.com
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: v7.0-rc1, name_to_handle_at(..., AT_EMPTY_PATH)
Date: Fri, 27 Feb 2026 20:07:51 +0000 [thread overview]
Message-ID: <20260227200751.GD3836593@ZenIV> (raw)
In-Reply-To: <20260227184804.GC3836593@ZenIV>
On Fri, Feb 27, 2026 at 06:48:04PM +0000, Al Viro wrote:
> On Sat, Feb 28, 2026 at 12:41:04AM +0900, hooanon05g@gmail.com wrote:
> > Al Viro:
> > > This
> > > struct filename *getname_uflags(const char __user *filename, int uflags)
> > > {
> > > int flags = (uflags & AT_EMPTY_PATH) ? LOOKUP_EMPTY : 0;
> > >
> > > return getname_flags(filename, flags);
> > > }
> > > is where AT_EMPTY_PATH is handled; could you check the arguuments it's getting
> > > in your reproducer and argument passed to getname_flags()?
> >
> > getname_flags() is not a problem.
> > For me, the problem looks that LOOKUP_EMPTY is NOT passed to
> > path_lookupat().
>
> Could you please show me a single place in path_lookupat() where we would
> check for for LOOKUP_EMPTY?
>
> The last point where LOOKUP_EMPTY (or AT_EMPTY_PATH) matters is (and had
> always been) getname_flags(); pathname resolution proper doesn't care.
>
> In theory some out-of-tree filesystem might have been playing silly
> buggers with LOOKUP_EMPTY in its ->d_revalidate(); there's no good
> reason for doing so, though, and none of the in-tree filesystems had
> ever tried to pull that off.
To elaborate a bit: LOOKUP_EMPTY has ever had only one purpose - to tell
getname...() that empty pathname is not to be rejected. This is _all_
- e.g. a combination of LOOKUP_EMPTY with non-empty pathname has always
been possible. It simply does not carry any useful information past
that check on pathname import.
Nothing in pathname resolution checks it; of the few filesystem methods
that might see something of nd->flags, only ->d{_weak}_revalidate() would
have a chance to see that one for an empty pathname (no components to
look up, obviously). And considering how uninformative LOOKUP_EMPTY would
be for that method... not a single in-tree instance had bothered to check.
Note that combination of AT_EMPTY_PATH with a non-empty pathname
has always been legitimate, and it would better behave exactly
like the call the same non-empty pathname and AT_EMPTY_PATH
removed from the flags. So if LOOKUP_EMPTY changes behaviour of
->d_weak_revalidate()/->d_revalidate(), it's almost certainly a bug.
Is your testcase on the mainline kernel? If not, is there an out-of-tree
filesystem involved? Are there any kprobes/bpf programs/etc. stuck
into the guts of fs/namei.c? struct nameidata shouldn't be even visible
to any of those, but...
next prev parent reply other threads:[~2026-02-27 20:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-27 10:44 v7.0-rc1, name_to_handle_at(..., AT_EMPTY_PATH) J. R. Okajima
2026-02-27 15:22 ` Al Viro
2026-02-27 15:41 ` hooanon05g
2026-02-27 18:48 ` Al Viro
2026-02-27 20:07 ` Al Viro [this message]
2026-02-27 22:35 ` hooanon05g
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260227200751.GD3836593@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=hooanon05g@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.