From: "J. Bruce Fields" <bfields@fieldses.org>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: "J. Bruce Fields" <bfields@redhat.com>,
Oleg Drokin <green@linuxhacker.ru>,
Jeff Layton <jlayton@poochiereds.net>,
linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/7] nfsd: remove redundant i_lookup check
Date: Sun, 24 Jul 2016 16:21:50 -0400 [thread overview]
Message-ID: <20160724202150.GA25100@fieldses.org> (raw)
In-Reply-To: <20160724142306.GO2356@ZenIV.linux.org.uk>
On Sun, Jul 24, 2016 at 03:23:07PM +0100, Al Viro wrote:
> On Sun, Jul 24, 2016 at 08:10:14AM -0400, J. Bruce Fields wrote:
> > On Sun, Jul 24, 2016 at 01:22:06AM +0100, Al Viro wrote:
> > > On Fri, Jul 22, 2016 at 01:48:52PM -0400, J. Bruce Fields wrote:
> > > > From: "J. Bruce Fields" <bfields@redhat.com>
> > > >
> > > > I'm not sure why this was added. It doesn't seem necessary, and no
> > > > other caller does this.
> > >
> > > lookup_one_len() will explode if you call it for non-directory (==
> > > !d_can_lookup(), i.e. something without ->lookup()). So unless the callers
> > > do guarantee that check being true, it *is* needed.
> >
> > Both callers call fh_verify(.,.,S_IFDIR,.), so at this point we know
> > that i_mode & S_IFMT == S_IFDIR. Is there some odd case where that's
> > insufficient? If so, I think there may be bugs elsewhere in nfsd. If
> > not, I'll add a note to the changelog.
>
> First of all, such objects do exist; they probably won't be encountered by
> nfsd and all instances I can think of are not writable, but...
>
> > Thanks for reminding me to check this, I hadn't thought of that as an
> > "is this a directory" check, it makes more sense now.
>
> I'd have turned that into d_can_lookup(fhp->fh_dentry), actually.
So would such a check mainly just protect developers from themselves if
they try to make a weird filesystems exportable?
If we need to catch this I'd rather do it in fh_verify, which would
cover some other operations, too. Maybe like the below. We could be
nicer and WARN()/error out instead of BUG. But it's unclear to me
whether this case is worth checking for at all.
--b.
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index 27250e279c37..372747a00214 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -59,14 +59,17 @@ static int nfsd_acceptable(void *expv, struct dentry *dentry)
* the write call).
*/
static inline __be32
-nfsd_mode_check(struct svc_rqst *rqstp, umode_t mode, umode_t requested)
+nfsd_mode_check(struct svc_rqst *rqstp, struct dentry *dentry,
+ umode_t requested)
{
- mode &= S_IFMT;
+ umode_t mode = d_inode(dentry)->i_mode & S_IFMT;
if (requested == 0) /* the caller doesn't care */
return nfs_ok;
- if (mode == requested)
+ if (mode == requested) {
+ BUG_ON(mode == S_IFDIR && !d_can_lookup(dentry));
return nfs_ok;
+ }
/*
* v4 has an error more specific than err_notdir which we should
* return in preference to err_notdir:
@@ -340,7 +343,7 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access)
if (error)
goto out;
- error = nfsd_mode_check(rqstp, d_inode(dentry)->i_mode, type);
+ error = nfsd_mode_check(rqstp, dentry, type);
if (error)
goto out;
next prev parent reply other threads:[~2016-07-24 20:21 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-08 1:47 [PATCH] nfsd: Make creates return EEXIST correctly instead of EPERM Oleg Drokin
2016-07-08 11:02 ` Jeff Layton
2016-07-08 15:14 ` Oleg Drokin
2016-07-08 15:53 ` Jeff Layton
2016-07-08 15:59 ` Oleg Drokin
2016-07-08 16:17 ` Jeff Layton
2016-07-08 16:28 ` Oleg Drokin
2016-07-09 2:52 ` Al Viro
2016-07-09 2:58 ` Oleg Drokin
2016-07-09 3:13 ` Al Viro
2016-07-08 16:04 ` J. Bruce Fields
2016-07-08 16:16 ` Oleg Drokin
2016-07-08 20:49 ` J. Bruce Fields
2016-07-08 21:47 ` Oleg Drokin
2016-07-09 3:10 ` Al Viro
2016-07-09 3:41 ` Oleg Drokin
2016-07-13 19:00 ` J. Bruce Fields
2016-07-08 20:54 ` J. Bruce Fields
2016-07-08 21:53 ` Oleg Drokin
2016-07-21 20:34 ` J. Bruce Fields
2016-07-21 20:37 ` Oleg Drokin
2016-07-22 1:57 ` J. Bruce Fields
2016-07-22 6:35 ` Oleg Drokin
2016-07-22 10:55 ` J. Bruce Fields
2016-07-22 15:13 ` Oleg Drokin
2016-07-22 17:48 ` J. Bruce Fields
2016-07-22 17:48 ` [PATCH 1/7] nfsd: Make creates return EEXIST instead of EACCES J. Bruce Fields
2016-07-22 17:48 ` [PATCH 2/7] nfsd: remove redundant zero-length check from create J. Bruce Fields
2016-07-22 17:48 ` [PATCH 3/7] nfsd: remove redundant i_lookup check J. Bruce Fields
2016-07-24 0:22 ` Al Viro
2016-07-24 12:10 ` J. Bruce Fields
2016-07-24 14:23 ` Al Viro
2016-07-24 20:21 ` J. Bruce Fields [this message]
2016-07-22 17:48 ` [PATCH 4/7] nfsd: reorganize nfsd_create J. Bruce Fields
2016-07-22 17:48 ` [PATCH 5/7] nfsd: remove unnecessary positive-dentry check J. Bruce Fields
2016-07-22 17:48 ` [PATCH 6/7] nfsd: clean up bad-type check in nfsd_create_locked J. Bruce Fields
2016-07-22 17:48 ` [PATCH 7/7] nfsd: drop unnecessary MAY_EXEC check from create J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160724202150.GA25100@fieldses.org \
--to=bfields@fieldses.org \
--cc=bfields@redhat.com \
--cc=green@linuxhacker.ru \
--cc=jlayton@poochiereds.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox