From: ebiederm@xmission.com (Eric W. Biederman)
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Masami Ichikawa <masami256@gmail.com>,
containers@lists.linux-foundation.org, lkp@01.org,
xiaolong.ye@intel.com, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v4] Introduce v3 namespaced file capabilities
Date: Tue, 09 May 2017 17:27:03 -0500 [thread overview]
Message-ID: <87mvalu0nc.fsf@xmission.com> (raw)
In-Reply-To: <20170509203736.GB14900@mail.hallyn.com> (Serge E. Hallyn's message of "Tue, 9 May 2017 15:37:36 -0500")
"Serge E. Hallyn" <serge@hallyn.com> writes:
> Quoting Eric W. Biederman (ebiederm@xmission.com):
>> "Serge E. Hallyn" <serge@hallyn.com> writes:
>> > Changelog:
>> [snip]
>> > May 8, 2017:
>> > . fix leaking dentry refcount in cap_inode_getsecurity
>> >
>> [snip]
>> > +/*
>> > + * getsecurity: We are called for security.* before any attempt to read the
>> > + * xattr from the inode itself.
>> > + *
>> > + * This gives us a chance to read the on-disk value and convert it. If we
>> > + * return -EOPNOTSUPP, then vfs_getxattr() will call the i_op handler.
>> > + *
>> > + * Note we are not called by vfs_getxattr_alloc(), but that is only called
>> > + * by the integrity subsystem, which really wants the unconverted values -
>> > + * so that's good.
>> > + */
>> > +int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
>> > + bool alloc)
>> > +{
>> > + int size, ret;
>> > + kuid_t kroot;
>> > + uid_t root, mappedroot;
>> > + char *tmpbuf = NULL;
>> > + struct vfs_cap_data *cap;
>> > + struct vfs_ns_cap_data *nscap;
>> > + struct dentry *dentry;
>> > + struct user_namespace *fs_ns;
>> > +
>> > + if (strcmp(name, "capability") != 0)
>> > + return -EOPNOTSUPP;
>> > +
>> > + dentry = d_find_alias(inode);
>> > + if (!dentry)
>> > + return -EINVAL;
>> > +
>> > + size = sizeof(struct vfs_ns_cap_data);
>> > + ret = (int) vfs_getxattr_alloc(dentry, XATTR_NAME_CAPS,
>> > + &tmpbuf, size, GFP_NOFS);
>> > + dput(dentry);
>>
>> This looks like a good fix but ouch! That interface is wrong.
>>
>> The dentry is needed because vfs_getxattr_alloc does:
>> error = handler->get(handler, dentry, inode, name, NULL, 0);
>>
>> Which is has no business taking a dentry as xattrs are inode concepts.
>>
>> I have no issue with your patch but it looks like that handler issue
>> is going to need to be fixed with xattrs.
>
> True, it's a bit clunky.
>
> Any reason not to just have the current vfs_getxattr_alloc() become a
> lightweight wrapper calling inode_getxattr_alloc(dentry->d_inode)?
My deep issue is that handler is functions like posix_acl_xattr_get.
And all of those functions that vfs_getxattr_alloc calls should not
take a dentry.
So I feel like I have just spotted the tip of an iceberg that needs
sorting out.
Eric
next prev parent reply other threads:[~2017-05-09 22:33 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-07 9:21 64fa03de33: BUG:Dentry_still_in_use kernel test robot
2017-05-08 4:44 ` Serge E. Hallyn
2017-05-08 11:47 ` Masami Ichikawa
2017-05-08 15:49 ` Serge E. Hallyn
2017-05-08 18:11 ` [PATCH v4] Introduce v3 namespaced file capabilities Serge E. Hallyn
2017-05-09 16:55 ` Eric W. Biederman
2017-05-09 20:37 ` Serge E. Hallyn
2017-05-09 22:27 ` Eric W. Biederman [this message]
2017-06-13 15:47 ` Stefan Berger
2017-06-13 17:14 ` Tycho Andersen
2017-06-13 17:42 ` Stefan Berger
2017-06-13 20:51 ` Tycho Andersen
2017-06-13 17:45 ` James Bottomley
2017-06-13 20:46 ` Tycho Andersen
2017-06-13 20:49 ` Stefan Berger
2017-06-13 20:53 ` Tycho Andersen
2017-06-13 20:58 ` Stefan Berger
2017-06-13 20:59 ` Mimi Zohar
2017-06-13 21:09 ` Tycho Andersen
2017-06-13 17:18 ` Serge E. Hallyn
2017-06-13 18:12 ` Stefan Berger
2017-06-13 23:55 ` Serge E. Hallyn
2017-06-14 12:27 ` Stefan Berger
2017-06-15 3:05 ` Serge E. Hallyn
2017-06-16 9:02 ` Christian Brauner
2017-06-16 22:24 ` Stefan Berger
2017-06-17 20:56 ` Stefan Berger
2017-06-18 22:14 ` Serge E. Hallyn
2017-06-19 1:13 ` Stefan Berger
2017-06-19 13:05 ` Stefan Berger
2017-06-20 6:23 ` Serge E. Hallyn
2017-06-19 21:34 ` Eric W. Biederman
2017-06-20 5:42 ` Amir Goldstein
2017-06-20 12:19 ` Stefan Berger
2017-06-20 17:33 ` Stefan Berger
2017-06-20 19:56 ` Amir Goldstein
2017-06-20 19:57 ` Vivek Goyal
2017-06-13 23:42 ` Serge E. Hallyn
2017-06-13 23:50 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mvalu0nc.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=containers@lists.linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@01.org \
--cc=masami256@gmail.com \
--cc=serge@hallyn.com \
--cc=xiaolong.ye@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox