From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx2.suse.de ([195.135.220.15]:52292 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751533AbeEMWCm (ORCPT ); Sun, 13 May 2018 18:02:42 -0400 From: NeilBrown To: Al Viro , Linus Torvalds Date: Mon, 14 May 2018 08:02:32 +1000 Cc: linux-fsdevel Subject: Re: [RFC][PATCH] fix breakage caused by d_find_alias() semantics change In-Reply-To: <20180513194829.GT30522@ZenIV.linux.org.uk> References: <20180513155158.GL30522@ZenIV.linux.org.uk> <20180513185646.GS30522@ZenIV.linux.org.uk> <20180513194829.GT30522@ZenIV.linux.org.uk> Message-ID: <87h8nb8b9j.fsf@notabene.neil.brown.name> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Sender: linux-fsdevel-owner@vger.kernel.org List-ID: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, May 13 2018, Al Viro wrote: > On Sun, May 13, 2018 at 11:59:58AM -0700, Linus Torvalds wrote: >> On Sun, May 13, 2018 at 11:56 AM Al Viro wrote: >>=20 >> > The whole reason why that thing is getting a dentry is that some >> filesystems >> > really want a *connected* dentry for getxattr. Sure, saner ones will = be >> > happy with disconnected dentry, but... >>=20 >> Can we just add a big comment to that effect? >>=20 >> Because I don't mind the complexity, but I do mind having code that _loo= ks_ >> complex with no reason, where the natural reaction is "why is it botheri= ng >> being complex, when it could just do X". > > Point taken. How about the following variant? > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 4cafe6a19167..398d165f884e 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -1568,8 +1568,15 @@ static int inode_doinit_with_dentry(struct inode *= inode, struct dentry *opt_dent > /* Called from d_instantiate or d_splice_alias. */ > dentry =3D dget(opt_dentry); > } else { > - /* Called from selinux_complete_init, try to find a dentry. */ > + /* > + * Called from selinux_complete_init, try to find a dentry. > + * Some filesystems really want a connected one, so try > + * that first. We could split SECURITY_FS_USE_XATTR in > + * two, depending upon that... > + */ Could you say *which* file systems? That would make it easier to understand the bigger picture. thanks, NeilBrown > dentry =3D d_find_alias(inode); > + if (!dentry) > + dentry =3D d_find_any_alias(inode); > } > if (!dentry) { > /* > @@ -1674,14 +1681,19 @@ static int inode_doinit_with_dentry(struct inode = *inode, struct dentry *opt_dent > if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) { > /* We must have a dentry to determine the label on > * procfs inodes */ > - if (opt_dentry) > + if (opt_dentry) { > /* Called from d_instantiate or > * d_splice_alias. */ > dentry =3D dget(opt_dentry); > - else > + } else { > /* Called from selinux_complete_init, try to > - * find a dentry. */ > + * find a dentry. Some filesystems really want > + * a connected one, so try that first. > + */ > dentry =3D d_find_alias(inode); > + if (!dentry) > + dentry =3D d_find_any_alias(inode); > + } > /* > * This can be hit on boot when a file is accessed > * before the policy is loaded. When we load policy we --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEG8Yp69OQ2HB7X0l6Oeye3VZigbkFAlr4tfgACgkQOeye3VZi gbmyBhAAjOJvVjATp5ZtXPsQL/sNLAhjP2neJlh1UfyIgSGuOw8HcU45fFauKa52 ko0lBGfZXAqqIS77QCRakIEtitffFJn0OJLkmWlsciQb7c3zphSFN97lOGyX1H3j 8r6GP22pRqPaugO3D4uGHELcyKXyfQtgxXvtSHAQmn7yXIf+0hO6Y7Aj8shPlZvh cQP0RrW3WwI1alfDoim5UqzItKNCWq/PEX146DVFLorfULhZOo8TjntP+bQuHoyn 3SKMGmq70K6qF4RETP3PRberZFQkSo0khowWnaMHdOARMLAXQuNpXuk3GQD+D3c+ eAxmtsk1zmcy04Yf8sU50MWWfMaVl7pgshTacEnLdMpun+rOArIaHr601qc++3c2 rSZH3o/de8OE5cK44eaRcc+Q3MuX5Sol82+yXr++63tZwG1AaUF+Rmk1Zkh3gj4p D8SG6uW2j1fj4pmaS50AAmPTO3BzWOpuz7JqA6Buf6QYNR8tu5QLbVt+UonazbNL lN5PrhZabiD2XvuTImix/T+i8av0EEvSSHcNmb7kHEFV9i0VbMAGqnJKrbAzMoSy Vz4cLYEg5jZHxEd9aIh0YPrR9ueV2Ct0PwzzOFobxG0xDu/HJYQzDkp2Eclfg31D gv+zRDAN5j4GWkVobD8hIqbae5hRiNSYHDbapPXmog7px+3Rx/o= =FaIj -----END PGP SIGNATURE----- --=-=-=--