On 2023-07-26, Alexey Gladkov <leg...@kernel.org> wrote: > On Wed, Jul 26, 2023 at 02:36:25AM +1000, Aleksa Sarai wrote: > > On 2023-07-11, Alexey Gladkov <leg...@kernel.org> wrote: > > > On the userspace side fchmodat(3) is implemented as a wrapper > > > function which implements the POSIX-specified interface. This > > > interface differs from the underlying kernel system call, which does not > > > have a flags argument. Most implementations require procfs [1][2]. > > > > > > There doesn't appear to be a good userspace workaround for this issue > > > but the implementation in the kernel is pretty straight-forward. > > > > > > The new fchmodat2() syscall allows to pass the AT_SYMLINK_NOFOLLOW flag, > > > unlike existing fchmodat. > > > > > > [1] > > > https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/fchmodat.c;h=17eca54051ee28ba1ec3f9aed170a62630959143;hb=a492b1e5ef7ab50c6fdd4e4e9879ea5569ab0a6c#l35 > > > [2] > > > https://git.musl-libc.org/cgit/musl/tree/src/stat/fchmodat.c?id=718f363bc2067b6487900eddc9180c84e7739f80#n28 > > > > > > Co-developed-by: Palmer Dabbelt <pal...@sifive.com> > > > Signed-off-by: Palmer Dabbelt <pal...@sifive.com> > > > Signed-off-by: Alexey Gladkov <leg...@kernel.org> > > > Acked-by: Arnd Bergmann <a...@arndb.de> > > > --- > > > fs/open.c | 18 ++++++++++++++---- > > > include/linux/syscalls.h | 2 ++ > > > 2 files changed, 16 insertions(+), 4 deletions(-) > > > > > > diff --git a/fs/open.c b/fs/open.c > > > index 0c55c8e7f837..39a7939f0d00 100644 > > > --- a/fs/open.c > > > +++ b/fs/open.c > > > @@ -671,11 +671,11 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, > > > mode) > > > return err; > > > } > > > > > > -static int do_fchmodat(int dfd, const char __user *filename, umode_t > > > mode) > > > +static int do_fchmodat(int dfd, const char __user *filename, umode_t > > > mode, int lookup_flags) > > > > I think it'd be much neater to do the conversion of AT_ flags here and > > pass 0 as a flags argument for all of the wrappers (this is how most of > > the other xyz(), fxyz(), fxyzat() syscall wrappers are done IIRC). > > I just addressed the Al Viro's suggestion. > > https://lore.kernel.org/lkml/20190717014802.gs17...@zeniv.linux.org.uk/
I think Al misspoke, because he also said "pass it 0 as an extra
argument", but you actually have to pass LOOKUP_FOLLOW from the
wrappers. If you look at how faccessat2 and faccessat are implemented,
it follows the behaviour I described.
> > > {
> > > struct path path;
> > > int error;
> > > - unsigned int lookup_flags = LOOKUP_FOLLOW;
> > > +
> > > retry:
> > > error = user_path_at(dfd, filename, lookup_flags, &path);
> > > if (!error) {
> > > @@ -689,15 +689,25 @@ static int do_fchmodat(int dfd, const char __user
> > > *filename, umode_t mode)
> > > return error;
> > > }
> > >
> > > +SYSCALL_DEFINE4(fchmodat2, int, dfd, const char __user *, filename,
> > > + umode_t, mode, int, flags)
> > > +{
> > > + if (unlikely(flags & ~AT_SYMLINK_NOFOLLOW))
> > > + return -EINVAL;
> >
> > We almost certainly want to support AT_EMPTY_PATH at the same time.
> > Otherwise userspace will still need to go through /proc when trying to
> > chmod a file handle they have.
>
> I'm not sure I understand. Can you explain what you mean?
You should add support for AT_EMPTY_PATH (LOOKUP_EMPTY) as well as
AT_SYMLINK_NOFOLLOW. It would only require something like:
unsigned int lookup_flags = LOOKUP_FOLLOW;
if (flags & ~(AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW))
return -EINVAL;
if (flags & AT_EMPTY_PATH)
lookup_flags |= LOOKUP_EMPTY;
if (flags & AT_SYMLINK_NOFOLLOW)
lookup_flags &= ~LOOKUP_FOLLOW;
/* ... */
This would be effectively equivalent to fchmod(fd, mode). (I was wrong
when I said this wasn't already possible -- I forgot about fchmod(2).)
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
signature.asc
Description: PGP signature
