On 2019-07-12, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > On Fri, Jul 12, 2019 at 01:55:52PM +0100, Al Viro wrote: > > On Fri, Jul 12, 2019 at 01:39:24PM +0100, Al Viro wrote: > > > On Fri, Jul 12, 2019 at 08:57:45PM +1000, Aleksa Sarai wrote: > > > > > > > > > @@ -2350,9 +2400,11 @@ static const char *path_init(struct nameidata *nd, unsigned flags) > > > > > > s = ERR_PTR(error); > > > > > > return s; > > > > > > } > > > > > > - error = dirfd_path_init(nd); > > > > > > - if (unlikely(error)) > > > > > > - return ERR_PTR(error); > > > > > > + if (likely(!nd->path.mnt)) { > > > > > > > > > > Is that a weird way of saying "if we hadn't already called dirfd_path_init()"? > > > > > > > > Yes. I did it to be more consistent with the other "have we got the > > > > root" checks elsewhere. Is there another way you'd prefer I do it? > > > > > > "Have we got the root" checks are inevitable evil; here you are making the > > > control flow in a single function hard to follow. > > > > > > I *think* what you are doing is > > > absolute pathname, no LOOKUP_BENEATH: > > > set_root > > > error = nd_jump_root(nd) > > > else > > > error = dirfd_path_init(nd) > > > return unlikely(error) ? ERR_PTR(error) : s; > > > which should be a lot easier to follow (not to mention shorter), but I might > > > be missing something in all of that. > > > > PS: if that's what's going on, I would be tempted to turn the entire > > path_init() part into this: > > if (flags & LOOKUP_BENEATH) > > while (*s == '/') > > s++; > > in the very beginning (plus the handling of nd_jump_root() prototype > > change, but that belongs with nd_jump_root() change itself, obviously). > > Again, I might be missing something here... > > Argh... I am, at that - you have setting path->root (and grabbing it) > in LOOKUP_BENEATH cases and you do it after dirfd_path_init(). So > how about > if (flags & LOOKUP_BENEATH) > while (*s == '/') > s++; I can do this for LOOKUP_IN_ROOT, but currently the semantics for LOOKUP_BENEATH is that absolute paths will return -EXDEV indiscriminately (nd_jump_root() errors out with LOOKUP_BENEATH). To be honest, the check could actually just be: if (flags & LOOKUP_BENEATH) if (*s == '/') return ERR_PTR(-EXDEV); (Though we'd still need -EXDEV in nd_jump_root() for obvious reasons.) The logic being that an absolute path means that the resolution starts out without being "beneath" the starting point -- thus violating the contract of LOOKUP_BENEATH. And since the "handle absolute paths like they're scoped to the root" is only implemented for LOOKUP_IN_ROOT, I'd think it's a bit odd to have LOOKUP_BENEATH do it too for absolute paths. I'll be honest, this patchset is more confusing to both of us because of LOOKUP_BENEATH -- I've only kept it since it was part of the original patchset (O_BENEATH). Personally I think more people will be far more interested in LOOKUP_IN_ROOT. Does anyone mind if I drop the LOOKUP_BENEATH parts of this series, and only keep LOOKUP_NO_* and LOOKUP_IN_ROOT? I make a change as you outlined for LOOKUP_IN_ROOT, though. -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature