From: Al Viro <viro@ZenIV.linux.org.uk>
To: Boqun Feng <boqun.feng@gmail.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
Paul Moore <pmoore@redhat.com>
Subject: Re: [PATCH v2] vfs: avoid recopying file names in getname_flags
Date: Sun, 12 Apr 2015 02:13:18 +0100 [thread overview]
Message-ID: <20150412011318.GL889@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20150411235655.GK889@ZenIV.linux.org.uk>
On Sun, Apr 12, 2015 at 12:56:55AM +0100, Al Viro wrote:
> What for? It's not as if userland memory had been communicated with by
> IP over carrier pigeons, after all, and the cost of 4Kb worth of
> (essentially) memcpy() is going to be
> a) incurred in extremely rare case
> and
> b) be dwarfed by the work we need to _do_ with what we'd copied.
> After all, that pathname is going to be parsed and traversed - all 4Kb
> worth of it.
>
> So what's the point?
BTW, looking at the __getname() callers... Lustre one sure as hell looks
bogus:
char *tmp = __getname();
if (!tmp)
return ERR_PTR(-ENOMEM);
len = strncpy_from_user(tmp, filename, PATH_MAX);
if (len == 0)
ret = -ENOENT;
else if (len > PATH_MAX)
ret = -ENAMETOOLONG;
if (ret) {
__putname(tmp);
tmp = ERR_PTR(ret);
}
return tmp;
Note that
* strncpy_from_user(p, u, n) can return a negative (-EFAULT)
* strncpy_from_user(p, u, n) cannot return a positive greater than
n. In case of missing NUL among the n bytes starting at u (and no faults
accessing those) we get exactly n bytes copied and n returned. In case
when NUL is there, we copy everything up to and including that NUL and
return number of non-NUL bytes copied.
IOW, these failure cases had never been tested. Name being too long ends up
with non-NUL-terminated array of characters returned, and the very first
caller of ll_getname() feeds it to strlen(). Fault ends up with uninitialized
array...
AFAICS, the damn thing should just use getname() and quit reinventing the
wheel, badly.
As for your question in another thread - AFAICS, it's impossible with the
current code, but not too robust. Fortunately, it's trivial to make
independent on allocator details - all it takes is
result = kzalloc(offsetof(struct filename, iname[1]), GFP_KERNEL);
and we are done - result->iname+1 will be within the allocated object,
no matter what.
next prev parent reply other threads:[~2015-04-12 1:13 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-25 18:45 [PATCH v2] vfs: avoid recopying file names in getname_flags Boqun Feng
2015-03-29 4:27 ` Boqun Feng
2015-03-29 10:14 ` Richard Weinberger
2015-03-29 15:23 ` Boqun Feng
2015-04-07 8:38 ` Boqun Feng
2015-04-11 23:56 ` Al Viro
2015-04-12 1:13 ` Al Viro [this message]
2015-04-13 7:34 ` Boqun Feng
2015-04-17 12:35 ` Is it OK to export symbols 'getname' and 'putname'? Boqun Feng
2015-04-18 0:20 ` Boqun Feng
2015-04-20 15:55 ` Jan Kara
2015-04-22 2:38 ` Boqun Feng
2015-04-22 5:50 ` Christoph Hellwig
2015-04-23 5:32 ` Boqun Feng
2015-04-13 6:33 ` [PATCH v2] vfs: avoid recopying file names in getname_flags Boqun Feng
2015-03-29 10:13 ` Richard Weinberger
2015-03-29 15:10 ` Boqun Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150412011318.GL889@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=boqun.feng@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pmoore@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).