On 2019-07-12, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
On Fri, Jul 12, 2019 at 01:55:52PM +0100, Al Viro wrote:On Fri, Jul 12, 2019 at 01:39:24PM +0100, Al Viro wrote:On Fri, Jul 12, 2019 at 08:57:45PM +1000, Aleksa Sarai wrote:@@ -2350,9 +2400,11 @@ static const char *path_init(struct nameidata *nd, unsigned flags) s = ERR_PTR(error); return s; } - error = dirfd_path_init(nd); - if (unlikely(error)) - return ERR_PTR(error); + if (likely(!nd->path.mnt)) {Is that a weird way of saying "if we hadn't already called dirfd_path_init()"?Yes. I did it to be more consistent with the other "have we got the root" checks elsewhere. Is there another way you'd prefer I do it?"Have we got the root" checks are inevitable evil; here you are making the control flow in a single function hard to follow. I *think* what you are doing is absolute pathname, no LOOKUP_BENEATH: set_root error = nd_jump_root(nd) else error = dirfd_path_init(nd) return unlikely(error) ? ERR_PTR(error) : s; which should be a lot easier to follow (not to mention shorter), but I might be missing something in all of that.PS: if that's what's going on, I would be tempted to turn the entire path_init() part into this: if (flags & LOOKUP_BENEATH) while (*s == '/') s++; in the very beginning (plus the handling of nd_jump_root() prototype change, but that belongs with nd_jump_root() change itself, obviously). Again, I might be missing something here...Argh... I am, at that - you have setting path->root (and grabbing it) in LOOKUP_BENEATH cases and you do it after dirfd_path_init(). So how about if (flags & LOOKUP_BENEATH) while (*s == '/') s++;
I can do this for LOOKUP_IN_ROOT, but currently the semantics for
LOOKUP_BENEATH is that absolute paths will return -EXDEV
indiscriminately (nd_jump_root() errors out with LOOKUP_BENEATH). To be
honest, the check could actually just be:
if (flags & LOOKUP_BENEATH)
if (*s == '/')
return ERR_PTR(-EXDEV);
(Though we'd still need -EXDEV in nd_jump_root() for obvious reasons.)
The logic being that an absolute path means that the resolution starts
out without being "beneath" the starting point -- thus violating the
contract of LOOKUP_BENEATH. And since the "handle absolute paths like
they're scoped to the root" is only implemented for LOOKUP_IN_ROOT, I'd
think it's a bit odd to have LOOKUP_BENEATH do it too for absolute
paths.
I'll be honest, this patchset is more confusing to both of us because of
LOOKUP_BENEATH -- I've only kept it since it was part of the original
patchset (O_BENEATH). Personally I think more people will be far more
interested in LOOKUP_IN_ROOT. Does anyone mind if I drop the
LOOKUP_BENEATH parts of this series, and only keep LOOKUP_NO_* and
LOOKUP_IN_ROOT?
I make a change as you outlined for LOOKUP_IN_ROOT, though.
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature
