From: Jann Horn <jann@thejh.net>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Al Viro <viro@zeniv.linux.org.uk>, Greg KH <greg@kroah.com>,
Jiri Slaby <jslaby@suse.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Aurelien Jarno <aurelien@aurel32.net>,
Florian Weimer <fw@deneb.enyo.de>,
Serge Hallyn <serge.hallyn@ubuntu.com>,
"security@kernel.org" <security@kernel.org>,
"security@ubuntu.com >> security" <security@ubuntu.com>,
security@debian.org, Willy Tarreau <w@1wt.eu>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] devpts: Sensible /dev/ptmx & force newinstance
Date: Fri, 11 Dec 2015 23:58:25 +0100 [thread overview]
Message-ID: <20151211225825.GA24676@pc.thejh.net> (raw)
In-Reply-To: <CALCETrX25-T-8fLLRsjrAEkfCJqFjvq3LRtySmo-c5yk4bm41g@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2429 bytes --]
On Fri, Dec 11, 2015 at 02:52:01PM -0800, Andy Lutomirski wrote:
> On Fri, Dec 11, 2015 at 2:35 PM, Eric W. Biederman
> <ebiederm@xmission.com> wrote:
> > Andy Lutomirski <luto@amacapital.net> writes:
> >
> >> On Fri, Dec 11, 2015 at 2:07 PM, H. Peter Anvin <hpa@zytor.com> wrote:
> >>> On 12/11/15 13:48, Andy Lutomirski wrote:
> >>>> On Fri, Dec 11, 2015 at 1:11 PM, Eric W. Biederman
> >>>> <ebiederm@xmission.com> wrote:
> >>>>> Al Viro <viro@ZenIV.linux.org.uk> writes:
> >>>>>
> >>>>>> On Fri, Dec 11, 2015 at 01:40:40PM -0600, Eric W. Biederman wrote:
> >>>>>>
> >>>>>>> + inode = path.dentry->d_inode;
> >>>>>>> + filp->f_path = path;
> >>>>>>> + filp->f_inode = inode;
> >>>>>>> + filp->f_mapping = inode->i_mapping;
> >>>>>>> + path_put(&old);
> >>>>>>
> >>>>>> Don't. You are creating a fairly subtle constraint on what the code in
> >>>>>> fs/open.c and fs/namei.c can do, for no good reason. You can bloody
> >>>>>> well maintain the information you need without that.
> >>>>>
> >>>>> There is a good reason. We can not write a race free version of ptsname
> >>>>> without it.
> >>>>
> >>>> As long as this is for new userspace code, would it make sense to just
> >>>> add a new ioctl to ask "does this ptmx fd match this /dev/pts fd?"
> >>>>
> >>>
> >>> For the newinstance case st_dev should match between the master and the
> >>> slave. Unfortunately this is not the case for a legacy ptmx, as a
> >>> stat() on the master descriptor still returns the st_dev, st_rdev, and
> >>> st_ino for the ptmx device node.
> >>
> >> Sure, but I'm not talking about stat. I'm saying that we could add a
> >> new ioctl that works on any ptmx fd (/dev/ptmx or /dev/pts/ptmx) that
> >> answers the question "does this ptmx logically belong to the given
> >> devpts filesystem".
> >>
> >> Since it's not stat, we can make it do whatever we want, including
> >> following a link to the devpts instance that isn't f_path or f_inode.
> >
> > The useful ioctl to add in my opinion would be one that actually opens
> > the slave, at which point ptsname could become ttyname, and that closes
> > races in grantpt.
>
> Unfortunately, ptsname is POSIX, so we can't get rid of it. It's a
> bad idea, but it's in the standard.
But then ptsname could become "open the slave, call ttyname() on it, close
the slave". Unless opening the slave would have side effects?
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-12-11 22:57 UTC|newest]
Thread overview: 154+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <43AD2BA7-B594-4299-95F3-D86FD38AF21B@zytor.com>
[not found] ` <87egexpf4o.fsf@x220.int.ebiederm.org>
[not found] ` <CA+55aFw9Bg+Zh_T4zP487n3ieaxoMHgZ_nNJVdpSR4kQK9gQ9w@mail.gmail.com>
[not found] ` <1CB621EF-1647-463B-A144-D611DB150E15@zytor.com>
[not found] ` <20151208223135.GA8352@kroah.com>
[not found] ` <87oae0h2bo.fsf@x220.int.ebiederm.org>
[not found] ` <56677DE3.5040705@zytor.com>
[not found] ` <20151209012311.GA11794@kroah.com>
[not found] ` <84B136DF-55E4-476A-9CB2-062B15677EE5@zytor.com>
[not found] ` <20151209013859.GA12442@kroah.com>
[not found] ` <20151209083225.GA30452@1wt.eu>
2015-12-11 19:40 ` [PATCH] devpts: Sensible /dev/ptmx & force newinstance Eric W. Biederman
2015-12-11 20:50 ` Linus Torvalds
2015-12-11 21:03 ` Eric W. Biederman
2015-12-11 21:04 ` Al Viro
2015-12-11 21:11 ` Eric W. Biederman
2015-12-11 21:48 ` Andy Lutomirski
2015-12-11 22:07 ` H. Peter Anvin
2015-12-11 22:12 ` Andy Lutomirski
2015-12-11 22:18 ` H. Peter Anvin
2015-12-11 22:24 ` Andy Lutomirski
2015-12-11 22:29 ` H. Peter Anvin
2015-12-11 22:35 ` Eric W. Biederman
2015-12-11 22:52 ` Andy Lutomirski
2015-12-11 22:58 ` Jann Horn [this message]
2015-12-11 23:00 ` Andy Lutomirski
2015-12-11 23:07 ` H. Peter Anvin
2015-12-11 23:16 ` Andy Lutomirski
2015-12-11 23:30 ` H. Peter Anvin
2015-12-11 22:57 ` H. Peter Anvin
2015-12-14 19:47 ` Peter Hurley
2015-12-14 19:55 ` H. Peter Anvin
2015-12-19 21:13 ` Eric W. Biederman
2015-12-20 4:11 ` Eric W. Biederman
2015-12-20 4:35 ` H. Peter Anvin
2015-12-20 9:42 ` Eric W. Biederman
2015-12-21 22:03 ` Eric W. Biederman
2015-12-21 22:23 ` Linus Torvalds
2016-04-05 0:03 ` [PATCH 00/13] devpts: New instances for every mount Eric W. Biederman
2016-04-05 1:29 ` [PATCH 01/13] devpts: Teach /dev/ptmx to find the associated devpts via path lookup Eric W. Biederman
2016-04-05 1:29 ` [PATCH 02/13] devpts: More obvious check for the system devpts in pty allocation Eric W. Biederman
2016-04-05 1:29 ` [PATCH 03/13] devpts: Cleanup newinstance parsing Eric W. Biederman
2016-04-05 1:29 ` [PATCH 04/13] devpts: Stop rolling devpts_remount by hand in devpts_mount Eric W. Biederman
2016-04-05 1:29 ` [PATCH 05/13] devpts: Fail early (if appropriate) on overmount Eric W. Biederman
2016-04-05 1:29 ` [PATCH 06/13] devpts: Use the same default mode for both /dev/ptmx and dev/pts/ptmx Eric W. Biederman
2016-04-05 1:29 ` [PATCH 07/13] devpts: Move parse_mount_options into fill_super Eric W. Biederman
2016-04-05 1:29 ` [PATCH 08/13] devpts: Make devpts_kill_sb safe if fsi is NULL Eric W. Biederman
2016-04-05 1:29 ` [PATCH 09/13] devpts: Move the creation of /dev/pts/ptmx into fill_super Eric W. Biederman
2016-04-05 1:29 ` [PATCH 10/13] devpts: Simplify devpts_mount by using mount_nodev Eric W. Biederman
2016-04-05 1:29 ` [PATCH 11/13] vfs: Implement mount_super_once Eric W. Biederman
2016-04-05 1:29 ` [PATCH 12/13] devpts: Always return a distinct instance when mounting Eric W. Biederman
2016-04-05 1:29 ` [PATCH 13/13] devpts: Kill the DEVPTS_MULTIPLE_INSTANCE config option Eric W. Biederman
2016-04-05 2:54 ` [PATCH 01/13] devpts: Teach /dev/ptmx to find the associated devpts via path lookup Al Viro
2016-04-05 3:03 ` Al Viro
2016-04-08 18:54 ` Eric W. Biederman
2016-04-07 16:06 ` Linus Torvalds
2016-04-08 18:51 ` Eric W. Biederman
2016-04-08 19:05 ` Linus Torvalds
2016-04-08 20:05 ` Eric W. Biederman
2016-04-08 20:43 ` Andy Lutomirski
2016-04-08 21:29 ` Eric W. Biederman
2016-04-08 21:54 ` Linus Torvalds
2016-04-08 23:03 ` Eric W. Biederman
2016-04-08 21:56 ` Andy Lutomirski
2016-04-09 13:09 ` One Thousand Gnomes
2016-04-09 14:10 ` H. Peter Anvin
2016-04-09 14:45 ` Eric W. Biederman
2016-04-09 22:37 ` H. Peter Anvin
2016-04-10 0:01 ` Linus Torvalds
2016-04-10 0:06 ` H. Peter Anvin
2016-04-10 0:16 ` Linus Torvalds
2016-04-10 0:44 ` Andy Lutomirski
[not found] ` <CA+55aFzs00iDkYhvFCq=AZMVcNL0+oZT4SeimTeVurJq=5ZS3A@mail.gmail.com>
2016-04-11 14:48 ` H. Peter Anvin
2016-04-12 1:31 ` Al Viro
2016-04-11 20:12 ` Andy Lutomirski
2016-04-11 20:10 ` Eric W. Biederman
2016-04-11 20:16 ` H. Peter Anvin
2016-04-11 23:37 ` Eric W. Biederman
2016-04-12 0:01 ` Linus Torvalds
2016-04-12 0:10 ` Eric W. Biederman
2016-04-12 1:06 ` H. Peter Anvin
2016-04-12 1:18 ` Linus Torvalds
2016-04-12 1:23 ` Eric W. Biederman
2016-04-12 1:47 ` Al Viro
2016-04-12 1:34 ` Al Viro
2016-04-12 2:16 ` Eric W. Biederman
2016-04-12 17:44 ` Andy Lutomirski
2016-04-12 18:12 ` Linus Torvalds
2016-04-12 19:07 ` H. Peter Anvin
2016-04-15 15:34 ` [PATCH 01/16] devpts: Attempting to get it right Eric W. Biederman
2016-04-15 15:35 ` [PATCH 01/16] devpts: Use the same default mode for both /dev/ptmx and dev/pts/ptmx Eric W. Biederman
2016-04-15 15:35 ` [PATCH 02/16] devpts: Set the proper fops for /dev/pts/ptmx Eric W. Biederman
2016-04-15 15:35 ` [PATCH 03/16] vfs: Implement vfs_loopback_mount Eric W. Biederman
2016-04-15 15:35 ` [PATCH 04/16] devpts: Teach /dev/ptmx to automount the appropriate devpts via path lookup Eric W. Biederman
2016-04-15 22:03 ` Jann Horn
2016-04-19 18:46 ` Eric W. Biederman
2016-04-15 15:35 ` [PATCH 05/16] vfs: Allow unlink, and rename on expirable file mounts Eric W. Biederman
2016-04-15 15:35 ` [PATCH 06/16] devpts: More obvious check for the system devpts in pty allocation Eric W. Biederman
2016-04-15 15:35 ` [PATCH 07/16] devpts: Cleanup newinstance parsing Eric W. Biederman
2016-04-15 15:35 ` [PATCH 08/16] devpts: Stop rolling devpts_remount by hand in devpts_mount Eric W. Biederman
2016-04-15 15:35 ` [PATCH 09/16] devpts: Fail early (if appropriate) on overmount Eric W. Biederman
2016-04-15 15:35 ` [PATCH 10/16] devpts: Move parse_mount_options into fill_super Eric W. Biederman
2016-04-15 15:35 ` [PATCH 11/16] devpts: Make devpts_kill_sb safe if fsi is NULL Eric W. Biederman
2016-04-15 15:35 ` [PATCH 12/16] devpts: Move the creation of /dev/pts/ptmx into fill_super Eric W. Biederman
2016-04-15 15:35 ` [PATCH 13/16] devpts: Simplify devpts_mount by using mount_nodev Eric W. Biederman
2016-04-15 15:35 ` [PATCH 14/16] vfs: Implement mount_super_once Eric W. Biederman
2016-04-15 23:02 ` Linus Torvalds
2016-04-19 18:22 ` Eric W. Biederman
2016-04-19 18:47 ` H. Peter Anvin
2016-04-19 19:03 ` Eric W. Biederman
2016-04-19 19:25 ` H. Peter Anvin
2016-04-19 19:26 ` H. Peter Anvin
2016-04-20 3:27 ` Eric W. Biederman
2016-04-20 11:50 ` Austin S. Hemmelgarn
2016-04-20 16:12 ` H. Peter Anvin
2016-04-19 18:55 ` H. Peter Anvin
2016-04-19 23:29 ` Linus Torvalds
2016-04-20 1:24 ` Linus Torvalds
2016-04-20 1:37 ` H. Peter Anvin
2016-04-15 15:35 ` [PATCH 15/16] devpts: Always return a distinct instance when mounting Eric W. Biederman
2016-04-15 15:35 ` [PATCH 16/16] devpts: Kill the DEVPTS_MULTIPLE_INSTANCE config option Eric W. Biederman
2016-04-15 16:49 ` [PATCH 01/16] devpts: Attempting to get it right Andy Lutomirski
2016-04-15 20:43 ` Eric W. Biederman
2016-04-15 21:29 ` H. Peter Anvin
2016-04-19 19:00 ` Eric W. Biederman
2016-04-16 18:31 ` Linus Torvalds
2016-04-19 18:44 ` Does anyone care about a race free ptsname? Eric W. Biederman
2016-04-19 19:16 ` H. Peter Anvin
2016-04-19 20:32 ` Eric W. Biederman
2016-04-19 20:55 ` H. Peter Anvin
2016-04-19 20:42 ` Serge E. Hallyn
2016-04-19 23:23 ` Linus Torvalds
2016-04-19 23:39 ` H. Peter Anvin
2016-04-20 0:18 ` Linus Torvalds
2016-04-20 1:48 ` Serge E. Hallyn
2016-04-19 22:06 ` [PATCH 01/16] devpts: Attempting to get it right Eric W. Biederman
2016-04-19 23:35 ` Linus Torvalds
2016-04-20 0:24 ` Peter Hurley
2016-04-20 0:49 ` Peter Hurley
2016-04-20 3:04 ` [PATCH] devpts: Make each mount of devpts an independent filesystem Eric W. Biederman
2016-04-20 3:25 ` Al Viro
2016-04-20 3:43 ` Eric W. Biederman
2016-04-20 4:11 ` Al Viro
2016-04-20 4:21 ` Eric W. Biederman
2016-04-20 4:36 ` Konstantin Khlebnikov
2016-04-20 4:49 ` Linus Torvalds
2016-04-20 14:55 ` Eric W. Biederman
2016-04-20 15:34 ` Konstantin Khlebnikov
2016-04-20 15:50 ` Eric W. Biederman
2016-04-20 17:00 ` [PATCH v2] " Eric W. Biederman
[not found] ` <874mabt3df.fsf_-_@x220.int.ebiederm.org>
2016-05-06 19:04 ` [PATCH 1/1] " Eric W. Biederman
2016-05-06 19:35 ` [PATCH 0/1] devpts: Removing the need for pt_chown Greg KH
2016-05-06 19:45 ` Peter Hurley
2016-05-06 19:54 ` Greg KH
2016-06-02 15:29 ` [PATCH tty-next] devpts: Make each mount of devpts an independent filesystem Eric W. Biederman
2016-06-02 18:57 ` Linus Torvalds
2016-06-02 20:22 ` Eric W. Biederman
2016-06-02 20:36 ` H. Peter Anvin
2016-06-02 21:23 ` Eric W. Biederman
2016-06-02 21:44 ` Linus Torvalds
2016-04-11 23:49 ` [PATCH 01/13] devpts: Teach /dev/ptmx to find the associated devpts via path lookup Eric W. Biederman
2016-04-12 0:08 ` Linus Torvalds
2016-04-12 0:22 ` Eric W. Biederman
2016-04-12 0:50 ` Linus Torvalds
2016-04-11 20:05 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151211225825.GA24676@pc.thejh.net \
--to=jann@thejh.net \
--cc=aurelien@aurel32.net \
--cc=ebiederm@xmission.com \
--cc=fw@deneb.enyo.de \
--cc=greg@kroah.com \
--cc=hpa@zytor.com \
--cc=jslaby@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=security@debian.org \
--cc=security@kernel.org \
--cc=security@ubuntu.com \
--cc=serge.hallyn@ubuntu.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).