Re: [PATCH 03/10] fhandle: helper for allocating, reading struct file_handle

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Thomas Bertschinger" <tahbertschinger@gmail.com>
To: "Amir Goldstein" <amir73il@gmail.com>,
	"Thomas Bertschinger" <tahbertschinger@gmail.com>
Cc: <io-uring@vger.kernel.org>, <axboe@kernel.dk>,
	<linux-fsdevel@vger.kernel.org>, <viro@zeniv.linux.org.uk>,
	<brauner@kernel.org>, <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 03/10] fhandle: helper for allocating, reading struct file_handle
Date: Thu, 11 Sep 2025 09:31:37 -0600	[thread overview]
Message-ID: <DCQ2V7HPAAPL.1OIBUT89HV16S@gmail.com> (raw)
In-Reply-To: <CAOQ4uxhkU80A75PVB7bsXs2BGhGqKv0vr8RvLb5TnEiMO__pmw@mail.gmail.com>

On Thu Sep 11, 2025 at 6:15 AM MDT, Amir Goldstein wrote:
> On Wed, Sep 10, 2025 at 11:47 PM Thomas Bertschinger
> <tahbertschinger@gmail.com> wrote:
>>
>> Pull the code for allocating and copying a struct file_handle from
>> userspace into a helper function get_user_handle() just for this.
>>
>> do_handle_open() is updated to call get_user_handle() prior to calling
>> handle_to_path(), and the latter now takes a kernel pointer as a
>> parameter instead of a __user pointer.
>>
>> This new helper, as well as handle_to_path(), are also exposed in
>> fs/internal.h. In a subsequent commit, io_uring will use these helpers
>> to support open_by_handle_at(2) in io_uring.
>>
>> Signed-off-by: Thomas Bertschinger <tahbertschinger@gmail.com>
>> ---
>>  fs/fhandle.c  | 64 +++++++++++++++++++++++++++++----------------------
>>  fs/internal.h |  3 +++
>>  2 files changed, 40 insertions(+), 27 deletions(-)
>>
>> diff --git a/fs/fhandle.c b/fs/fhandle.c
>> index 605ad8e7d93d..36e194dd4cb6 100644
>> --- a/fs/fhandle.c
>> +++ b/fs/fhandle.c
>> @@ -330,25 +330,45 @@ static inline int may_decode_fh(struct handle_to_path_ctx *ctx,
>>         return 0;
>>  }
>>
>> -static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
>> -                  struct path *path, unsigned int o_flags)
>> +struct file_handle *get_user_handle(struct file_handle __user *ufh)
>>  {
>> -       int retval = 0;
>>         struct file_handle f_handle;
>> -       struct file_handle *handle __free(kfree) = NULL;
>> -       struct handle_to_path_ctx ctx = {};
>> -       const struct export_operations *eops;
>> +       struct file_handle *handle;
>>
>>         if (copy_from_user(&f_handle, ufh, sizeof(struct file_handle)))
>> -               return -EFAULT;
>> +               return ERR_PTR(-EFAULT);
>>
>>         if ((f_handle.handle_bytes > MAX_HANDLE_SZ) ||
>>             (f_handle.handle_bytes == 0))
>> -               return -EINVAL;
>> +               return ERR_PTR(-EINVAL);
>>
>>         if (f_handle.handle_type < 0 ||
>>             FILEID_USER_FLAGS(f_handle.handle_type) & ~FILEID_VALID_USER_FLAGS)
>> -               return -EINVAL;
>> +               return ERR_PTR(-EINVAL);
>> +
>> +       handle = kmalloc(struct_size(handle, f_handle, f_handle.handle_bytes),
>> +                        GFP_KERNEL);
>> +       if (!handle) {
>> +               return ERR_PTR(-ENOMEM);
>> +       }
>> +
>> +       /* copy the full handle */
>> +       *handle = f_handle;
>> +       if (copy_from_user(&handle->f_handle,
>> +                          &ufh->f_handle,
>> +                          f_handle.handle_bytes)) {
>> +               return ERR_PTR(-EFAULT);
>> +       }
>> +
>> +       return handle;
>> +}
>> +
>> +int handle_to_path(int mountdirfd, struct file_handle *handle,
>> +                  struct path *path, unsigned int o_flags)
>> +{
>> +       int retval = 0;
>> +       struct handle_to_path_ctx ctx = {};
>> +       const struct export_operations *eops;
>>
>>         retval = get_path_anchor(mountdirfd, &ctx.root);
>>         if (retval)
>> @@ -362,31 +382,16 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
>>         if (retval)
>>                 goto out_path;
>>
>> -       handle = kmalloc(struct_size(handle, f_handle, f_handle.handle_bytes),
>> -                        GFP_KERNEL);
>> -       if (!handle) {
>> -               retval = -ENOMEM;
>> -               goto out_path;
>> -       }
>> -       /* copy the full handle */
>> -       *handle = f_handle;
>> -       if (copy_from_user(&handle->f_handle,
>> -                          &ufh->f_handle,
>> -                          f_handle.handle_bytes)) {
>> -               retval = -EFAULT;
>> -               goto out_path;
>> -       }
>> -
>>         /*
>>          * If handle was encoded with AT_HANDLE_CONNECTABLE, verify that we
>>          * are decoding an fd with connected path, which is accessible from
>>          * the mount fd path.
>>          */
>> -       if (f_handle.handle_type & FILEID_IS_CONNECTABLE) {
>> +       if (handle->handle_type & FILEID_IS_CONNECTABLE) {
>>                 ctx.fh_flags |= EXPORT_FH_CONNECTABLE;
>>                 ctx.flags |= HANDLE_CHECK_SUBTREE;
>>         }
>> -       if (f_handle.handle_type & FILEID_IS_DIR)
>> +       if (handle->handle_type & FILEID_IS_DIR)
>>                 ctx.fh_flags |= EXPORT_FH_DIR_ONLY;
>>         /* Filesystem code should not be exposed to user flags */
>>         handle->handle_type &= ~FILEID_USER_FLAGS_MASK;
>> @@ -400,12 +405,17 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
>>  static long do_handle_open(int mountdirfd, struct file_handle __user *ufh,
>>                            int open_flag)
>>  {
>> +       struct file_handle *handle __free(kfree) = NULL;
>>         long retval = 0;
>>         struct path path __free(path_put) = {};
>>         struct file *file;
>>         const struct export_operations *eops;
>>
>> -       retval = handle_to_path(mountdirfd, ufh, &path, open_flag);
>> +       handle = get_user_handle(ufh);
>> +       if (IS_ERR(handle))
>> +               return PTR_ERR(handle);
>
> I don't think you can use __free(kfree) for something that can be an ERR_PTR.
>
> Thanks,
> Amir.

It looks like the error pointer is correctly handled?

in include/linux/slab.h:

DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T))

next prev parent reply	other threads:[~2025-09-11 15:26 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-10 21:49 [PATCHSET RFC v2 00/10] add support for name_to, open_by_handle_at() to io_uring Thomas Bertschinger
2025-09-10 21:49 ` [PATCH 01/10] fhandle: create helper for name_to_handle_at(2) Thomas Bertschinger
2025-09-11 12:06   ` Amir Goldstein
2025-09-10 21:49 ` [PATCH 02/10] io_uring: add support for IORING_OP_NAME_TO_HANDLE_AT Thomas Bertschinger
2025-09-10 21:49 ` [PATCH 03/10] fhandle: helper for allocating, reading struct file_handle Thomas Bertschinger
2025-09-11 12:15   ` Amir Goldstein
2025-09-11 15:31     ` Thomas Bertschinger [this message]
2025-09-11 15:54       ` Amir Goldstein
2025-09-10 21:49 ` [PATCH 04/10] fhandle: create do_filp_path_open() helper Thomas Bertschinger
2025-09-11  0:53   ` Al Viro
2025-09-11 12:21     ` Amir Goldstein
2025-09-10 21:49 ` [PATCH 05/10] fhandle: make do_filp_path_open() take struct open_flags Thomas Bertschinger
2025-09-10 21:49 ` [PATCH 06/10] exportfs: allow VFS flags in struct file_handle Thomas Bertschinger
2025-09-11 12:24   ` Amir Goldstein
2025-09-10 21:49 ` [PATCH 07/10] exportfs: new FILEID_CACHED flag for non-blocking fh lookup Thomas Bertschinger
2025-09-11 12:31   ` Amir Goldstein
2025-09-10 21:49 ` [PATCH 08/10] io_uring: add __io_open_prep() helper Thomas Bertschinger
2025-09-10 21:49 ` [PATCH 09/10] io_uring: add support for IORING_OP_OPEN_BY_HANDLE_AT Thomas Bertschinger
2025-09-10 21:49 ` [PATCH 10/10] xfs: add support for non-blocking fh_to_dentry() Thomas Bertschinger
2025-09-11 12:29   ` Christoph Hellwig
2025-09-11 12:39     ` Amir Goldstein
2025-09-11 15:15       ` Thomas Bertschinger
2025-09-11 15:16         ` Amir Goldstein
2025-09-11 12:38   ` Amir Goldstein
  -- strict thread matches above, loose matches on Subject: below --
2025-09-11 20:49 [PATCH 07/10] exportfs: new FILEID_CACHED flag for non-blocking fh lookup kernel test robot
2025-09-12  8:21 ` Dan Carpenter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DCQ2V7HPAAPL.1OIBUT89HV16S@gmail.com \
    --to=tahbertschinger@gmail.com \
    --cc=amir73il@gmail.com \
    --cc=axboe@kernel.dk \
    --cc=brauner@kernel.org \
    --cc=io-uring@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.