On 2019-11-13, Aleksa Sarai <cyphar@xxxxxxxxxx> wrote:
On 2019-11-13, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:Minor nit here - I'd split "move the conditional call of set_root() into nd_jump_root()" into a separate patch before that one. Makes for fewer distractions in this one. I'd probably fold "and be ready for errors other than -ECHILD" into the same preliminary patch.Will do.+ /* Not currently safe for scoped-lookups. */ + if (unlikely(nd->flags & LOOKUP_IS_SCOPED)) + return ERR_PTR(-EXDEV);Also a candidate for doing in nd_jump_link()...@@ -1373,8 +1403,11 @@ static int follow_dotdot_rcu(struct nameidata *nd) struct inode *inode = nd->inode; while (1) { - if (path_equal(&nd->path, &nd->root)) + if (path_equal(&nd->path, &nd->root)) { + if (unlikely(nd->flags & LOOKUP_BENEATH)) + return -EXDEV;Umm... Are you sure it's not -ECHILD?It wouldn't hurt to be -ECHILD -- though it's not clear to me how likely a success would be in REF-walk if the parent components didn't already trigger an unlazy_walk() in RCU-walk. I guess that also means LOOKUP_NO_XDEV should trigger -ECHILD in follow_dotdot_rcu()?
Scratch the last question -- AFAICS we don't need to do that for LOOKUP_NO_XDEV because we check against mount_lock so it's very unlikely that -ECHILD will have any benefit. -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature
