Re: [PATCH v16 06/12] namei: LOOKUP_NO_XDEV: block mountpoint crossing

[PATCH v16 00/12] open: introduce openat2(2) syscall · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 01/12] nsfs: clean-up ns_get_path() signature to return int · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 02/12] namei: allow nd_jump_link() to produce errors · Aleksa Sarai <hidden> · 2019-11-16
Re: [PATCH v16 02/12] namei: allow nd_jump_link() to produce errors · Al Viro <viro@zeniv.linux.org.uk> · 2019-11-16
Re: [PATCH v16 02/12] namei: allow nd_jump_link() to produce errors · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 03/12] namei: allow set_root() to produce errors · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 04/12] namei: LOOKUP_NO_SYMLINKS: block symlink resolution · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 05/12] namei: LOOKUP_NO_MAGICLINKS: block magic-link resolution · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 06/12] namei: LOOKUP_NO_XDEV: block mountpoint crossing · Aleksa Sarai <hidden> · 2019-11-16
Re: [PATCH v16 06/12] namei: LOOKUP_NO_XDEV: block mountpoint crossing · Al Viro <viro@zeniv.linux.org.uk> · 2019-11-16
Re: [PATCH v16 06/12] namei: LOOKUP_NO_XDEV: block mountpoint crossing · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 07/12] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 08/12] namei: LOOKUP_IN_ROOT: chroot-like scoped resolution · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 09/12] namei: LOOKUP_{IN_ROOT,BENEATH}: permit limited ".." resolution · Aleksa Sarai <hidden> · 2019-11-16
Re: [PATCH v16 09/12] namei: LOOKUP_{IN_ROOT,BENEATH}: permit limited ".." resolution · Al Viro <viro@zeniv.linux.org.uk> · 2019-11-16
Re: [PATCH v16 09/12] namei: LOOKUP_{IN_ROOT,BENEATH}: permit limited ".." resolution · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 10/12] open: introduce openat2(2) syscall · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 11/12] selftests: add openat2(2) selftests · Aleksa Sarai <hidden> · 2019-11-16
[PATCH v16 12/12] Documentation: path-lookup: include new LOOKUP flags · Aleksa Sarai <hidden> · 2019-11-16

From: Aleksa Sarai <hidden>
Date: 2019-11-16 17:45:01
Also in: linux-alpha, linux-api, linux-arch

On 2019-11-16, Al Viro [off-list ref] wrote:

On Sat, Nov 16, 2019 at 11:27:56AM +1100, Aleksa Sarai wrote:

quoted

@@ -1383,6 +1398,8 @@ static int follow_dotdot_rcu(struct nameidata *nd)
 				return -ECHILD;
 			if (&mparent->mnt == nd->path.mnt)
 				break;
+			if (unlikely(nd->flags & LOOKUP_NO_XDEV))
+				return -EXDEV;
 			/* we know that mountpoint was pinned */
 			nd->path.dentry = mountpoint;
 			nd->path.mnt = &mparent->mnt;
@@ -1397,6 +1414,8 @@ static int follow_dotdot_rcu(struct nameidata *nd)
 			return -ECHILD;
 		if (!mounted)
 			break;
+		if (unlikely(nd->flags & LOOKUP_NO_XDEV))
+			return -EXDEV;
 		nd->path.mnt = &mounted->mnt;
 		nd->path.dentry = mounted->mnt.mnt_root;
 		inode = nd->path.dentry->d_inode;

I really don't think we should return hard errors from that function.
Let the caller redo it in refwalk mode.

I suspected as much, though my reason for not changing it was that the
mount_lock check should ensure that the cached status of whether ".." is
a mountpoint crossing is correct. But I guess this is more about being
safe than sorry, rather than an actual bug?

It's not the fast path, especially for this kind of errors.  Matter of
fact, I'm not sure about -ENOENT returned in another failure case
there - it's probably OK, but again, -ECHILD would be just as good.

I can switch the -ENOENT too if you like.

-- 
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

Attachments

signature.asc [application/pgp-signature] 228 bytes

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help