From: Al Viro <viro@zeniv.linux.org.uk>
To: linux-fsdevel@vger.kernel.org
Cc: Christian Brauner <brauner@kernel.org>,
Christoph Hellwig <hch@lst.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Namjae Jeon <linkinjeon@kernel.org>,
David Sterba <dsterba@suse.com>,
David Howells <dhowells@redhat.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Amir Goldstein <amir73il@gmail.com>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Bob Peterson <rpeterso@redhat.com>,
Steve French <sfrench@samba.org>,
Luis Chamberlain <mcgrof@kernel.org>
Subject: [PATCH 01/15] rcu pathwalk: prevent bogus hard errors from may_lookup()
Date: Mon, 2 Oct 2023 03:29:29 +0100 [thread overview]
Message-ID: <20231002022929.GB3389589@ZenIV> (raw)
In-Reply-To: <20231002022846.GA3389589@ZenIV>
If lazy call of ->permission() returns a hard error, check that
try_to_unlazy() succeeds before returning it. That both makes
life easier for ->permission() instances and closes the race
in ENOTDIR handling - it is possible that positive d_can_lookup()
seen in link_path_walk() applies to the state *after* unlink() +
mkdir(), while nd->inode matches the state prior to that.
Normally seeing e.g. EACCES from permission check in rcu pathwalk
means that with some timings non-rcu pathwalk would've run into
the same; however, running into a non-executable regular file
in the middle of a pathname would not get to permission check -
it would fail with ENOTDIR instead.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/namei.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/namei.c b/fs/namei.c
index 567ee547492b..2494561a21fe 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1717,7 +1717,11 @@ static inline int may_lookup(struct mnt_idmap *idmap,
{
if (nd->flags & LOOKUP_RCU) {
int err = inode_permission(idmap, nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
- if (err != -ECHILD || !try_to_unlazy(nd))
+ if (!err) // success, keep going
+ return 0;
+ if (!try_to_unlazy(nd))
+ return -ECHILD; // redo it all non-lazy
+ if (err != -ECHILD) // hard error
return err;
}
return inode_permission(idmap, nd->inode, MAY_EXEC);
--
2.39.2
next prev parent reply other threads:[~2023-10-02 2:29 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-02 2:28 [RFC][PATCHES] fixes in methods exposed to rcu pathwalk Al Viro
2023-10-02 2:28 ` Al Viro
2023-10-02 2:29 ` Al Viro [this message]
2023-10-02 2:30 ` [PATCH 02/15] exfat: move freeing sbi, upcase table and dropping nls into rcu-delayed helper Al Viro
2023-10-02 16:10 ` Linus Torvalds
2023-10-02 18:04 ` Al Viro
2023-10-02 2:30 ` [PATCH 03/15] affs: free affs_sb_info with kfree_rcu() Al Viro
2023-10-02 2:31 ` [PATCH 04/15] hfsplus: switch to rcu-delayed unloading of nls and freeing ->s_fs_info Al Viro
2023-10-02 6:49 ` Christoph Hellwig
2023-10-02 7:14 ` Al Viro
2023-10-02 7:21 ` Al Viro
2023-10-02 18:09 ` Al Viro
2023-10-04 19:04 ` Linus Torvalds
2023-10-04 19:06 ` Linus Torvalds
2023-10-02 2:31 ` [PATCH 05/15] cifs_get_link(): bail out in unsafe case Al Viro
2023-10-02 2:32 ` [PATCH 06/15] procfs: move dropping pde and pid from ->evict_inode() to ->free_inode() Al Viro
2023-10-02 2:33 ` [PATCH 07/15] procfs: make freeing proc_fs_info rcu-delayed Al Viro
2023-10-02 2:33 ` [PATCH 08/15] gfs2: fix an oops in gfs2_permission() Al Viro
2023-10-02 11:46 ` Bob Peterson
2023-10-02 12:59 ` Al Viro
2023-10-02 14:16 ` Al Viro
2023-10-03 14:46 ` Andreas Grünbacher
2023-10-02 2:34 ` [PATCH 09/15] nfs: make nfs_set_verifier() safe for use in RCU pathwalk Al Viro
2023-10-02 2:34 ` [PATCH 10/15] nfs: fix UAF on pathwalk running into umount Al Viro
2023-10-02 2:35 ` [PATCH 11/15] fuse: fix UAF in rcu pathwalks Al Viro
2023-10-02 2:35 ` [PATCH 12/15] afs: fix __afs_break_callback() / afs_drop_open_mmap() race Al Viro
2023-10-02 2:36 ` [PATCH 13/15] overlayfs: move freeing ovl_entry past rcu delay Al Viro
2023-10-02 2:36 ` [PATCH 14/15] ovl_dentry_revalidate_common(): fetch inode once Al Viro
2023-10-02 2:37 ` [PATCH 15/15] overlayfs: make use of ->layers safe in rcu pathwalk Al Viro
2023-10-02 6:40 ` Amir Goldstein
2023-10-02 7:23 ` Al Viro
2023-10-02 8:53 ` Amir Goldstein
2023-10-03 20:47 ` Al Viro
2023-10-02 5:47 ` [PATCH 14/15] ovl_dentry_revalidate_common(): fetch inode once Amir Goldstein
2023-10-02 5:56 ` Amir Goldstein
2023-10-02 14:47 ` Amir Goldstein
2023-10-02 5:51 ` [PATCH 13/15] overlayfs: move freeing ovl_entry past rcu delay Amir Goldstein
2023-10-02 2:52 ` [RFC][PATCHES] fixes in methods exposed to rcu pathwalk Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231002022929.GB3389589@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=dsterba@suse.com \
--cc=hch@lst.de \
--cc=linkinjeon@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=miklos@szeredi.hu \
--cc=rpeterso@redhat.com \
--cc=sfrench@samba.org \
--cc=torvalds@linux-foundation.org \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).