Page MenuHomeFreeBSD
Differential D32438

O_PATH: allow vfs_extattr syscalls
ClosedPublic
Actions

Authored by val_packett.cool on Oct 10 2021, 1:00 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Apr 21, 10:05 PM
Unknown Object (File)
Wed, Apr 17, 4:21 PM
Unknown Object (File)
Mar 9 2024, 8:50 PM
Unknown Object (File)
Mar 9 2024, 8:47 PM
Unknown Object (File)
Mar 9 2024, 8:47 PM
Unknown Object (File)
Mar 9 2024, 8:47 PM
Unknown Object (File)
Mar 9 2024, 8:33 PM
Unknown Object (File)
Feb 26 2024, 1:32 AM
View All 45 Files
Subscribers
imp
Contributor Reviews (src)

Details

Reviewers
kib
markj
wulf
Group Reviewers
Contributor Reviews (src)
manpages
Commits
rG98dae405de7f: O_PATH: allow vfs_extattr syscalls
Summary

These calls do operate on vnodes only, not file contents.
This is useful for e.g. the xdg-document-portal fuse filesystem.

This should be fine, right?

related: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198570#c3

Test Plan

I've only tested that a tiny program that does extattr_set_fd(open("yeet", O_PATH), EXTATTR_NAMESPACE_USER, "memes", "lol", sizeof("lol")); no longer fails and the result is applied (getextattr user memes yeet)

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 42047
Build 38935: arc lint + arc unit

Event Timeline

val_packett.cool created this revision.Oct 10 2021, 1:00 PM
Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptOct 10 2021, 1:00 PM
val_packett.cool requested review of this revision.Oct 10 2021, 1:00 PM
Harbormaster completed remote builds in B42047: Diff 96605.Oct 10 2021, 1:00 PM
val_packett.cool edited the summary of this revision. (Show Details)Oct 10 2021, 1:03 PM
val_packett.cool edited the test plan for this revision. (Show Details)
val_packett.cool added reviewers: Contributor Reviews (src), kib, markj, wulf.
kib accepted this revision.Oct 10 2021, 6:23 PM

I think this is fine, mostly because each extrattr_XXX_fd variant you change also has the extattr_XXX_file version which takes the path.

But extattr(2) man page should be updated noting the allowance of O_PATH file descriptors.

This revision is now accepted and ready to land.Oct 10 2021, 6:23 PM
val_packett.cool updated this revision to Diff 96657.Oct 11 2021, 10:07 AM

Add manpage change

This revision now requires review to proceed.Oct 11 2021, 10:07 AM
Herald added a reviewer: manpages. · View Herald TranscriptOct 11 2021, 10:07 AM
Harbormaster completed remote builds in B42066: Diff 96657.Oct 11 2021, 10:07 AM
kib accepted this revision.Oct 11 2021, 12:05 PM
This revision is now accepted and ready to land.Oct 11 2021, 12:05 PM
kib added a comment.Oct 11 2021, 12:12 PM

Please provide the full 'Author:' line for the commit. Or better, mail me the git-format-patch for the change.

markj added a comment.Oct 11 2021, 1:47 PM

What does O_PATH help with here? I'm having trouble understanding from the linked PR. extattr operations have to pass the extattr_check_cred() test, and if a caller passes that test then why would it have bothered using O_PATH in the first place?

These calls do operate on vnodes only, not file contents.

So does fchmod(2).

kib added a comment.Oct 11 2021, 2:14 PM
In D32438#731928, @markj wrote:

What does O_PATH help with here? I'm having trouble understanding from the linked PR. extattr operations have to pass the extattr_check_cred() test, and if a caller passes that test then why would it have bothered using O_PATH in the first place?

First, look at it from the different angle. Why disable operation that does not have undesired effects?

Second, using O_PATH fd instead of normal fd does provide a delicate change of semantic. For instance, if you want take a bookmark for a file, for which you want to add or remove some extended attribute later, opening it for write now would prevent its execution. Opening it with O_PATH, and you can both execute and modify attributes, without loosing the file to a race with parallel rename or even ABA kind of substitution.

These calls do operate on vnodes only, not file contents.

So does fchmod(2).

val_packett.cool added a comment.Oct 11 2021, 4:25 PM
In D32438#731895, @kib wrote:

Please provide the full 'Author:' line for the commit. Or better, mail me the git-format-patch for the change.

hm, I thought phab can handle this, at least sometimes I've managed to get the Author line with arc patch

Anyway, https://dl.unrelenting.technology/0001-O_PATH-allow-vfs_extattr-syscalls.patch

In D32438#731940, @kib wrote:

Second, using O_PATH fd instead of normal fd does provide a delicate change of semantic. For instance, if you want take a bookmark for a file, for which you want to add or remove some extended attribute later, opening it for write now would prevent its execution. Opening it with O_PATH, and you can both execute and modify attributes, without loosing the file to a race with parallel rename or even ABA kind of substitution.

Yeah, the race condition stuff is why xdg-document-portal only holds O_PATH fds.

On Linux it does most operations with these fds by using the /proc/self/fd/$NUMBER path, which sort of sometimes works with our fdescfs's -o linrdlnk but seems dodgy. But since we have AT_EMPTY_PATH in lots more places, nearly everything can be done with the fds directly without going through any /dev/fd type paths. This extattr thing is one more place :)

markj accepted this revision.Oct 11 2021, 4:44 PM
Closed by commit rG98dae405de7f: O_PATH: allow vfs_extattr syscalls (authored by val_packett.cool, committed by kib). · Explain WhyOct 11 2021, 5:10 PM
This revision was automatically updated to reflect the committed changes.
kib added a commit: rG98dae405de7f: O_PATH: allow vfs_extattr syscalls.

Revision Contents
Changeset List

PathSize
sys/
kern/
8 lines

Diff 96605

View Options

sys/kern/vfs_extattr.c

Loading...