From patchwork Sun May 13 19:48:29 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Al Viro <viro@ZenIV.linux.org.uk>
X-Patchwork-Id: 10396391
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	6961B602B1 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sun, 13 May 2018 19:48:39 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4BDF6289FD
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sun, 13 May 2018 19:48:39 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 3E2AE28A3F; Sun, 13 May 2018 19:48:39 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B1AB1289FD
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sun, 13 May 2018 19:48:38 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751482AbeEMTsc (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Sun, 13 May 2018 15:48:32 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:39250 "EHLO
	ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751295AbeEMTsc (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Sun, 13 May 2018 15:48:32 -0400
Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat
	Linux)) id 1fHwyr-0005MQ-JX; Sun, 13 May 2018 19:48:29 +0000
Date: Sun, 13 May 2018 20:48:29 +0100
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-fsdevel <linux-fsdevel@vger.kernel.org>, NeilBrown <neilb@suse.com>
Subject: Re: [RFC][PATCH] fix breakage caused by d_find_alias() semantics
	change
Message-ID: <20180513194829.GT30522@ZenIV.linux.org.uk>
References: <20180513155158.GL30522@ZenIV.linux.org.uk>
	<CA+55aFxwaTbqxbmLk3WNthtqC4wg+Nn3=jqLYY-_r=rYTZ_R8g@mail.gmail.com>
	<20180513185646.GS30522@ZenIV.linux.org.uk>
	<CA+55aFxLmYnZpkN-Frj3pw6ydGpoBwgEme_fnX0Pj3oTBuTLrA@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: 
 <CA+55aFxLmYnZpkN-Frj3pw6ydGpoBwgEme_fnX0Pj3oTBuTLrA@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

On Sun, May 13, 2018 at 11:59:58AM -0700, Linus Torvalds wrote:
> On Sun, May 13, 2018 at 11:56 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
> 
> > The whole reason why that thing is getting a dentry is that some
> filesystems
> > really want a *connected* dentry for getxattr.  Sure, saner ones will be
> > happy with disconnected dentry, but...
> 
> Can we just add a big comment to that effect?
> 
> Because I don't mind the complexity, but I do mind having code that _looks_
> complex with no reason, where the natural reaction is "why is it bothering
> being complex, when it could just do X".

Point taken.  How about the following variant?

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4cafe6a19167..398d165f884e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1568,8 +1568,15 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 			/* Called from d_instantiate or d_splice_alias. */
 			dentry = dget(opt_dentry);
 		} else {
-			/* Called from selinux_complete_init, try to find a dentry. */
+			/*
+			 * Called from selinux_complete_init, try to find a dentry.
+			 * Some filesystems really want a connected one, so try
+			 * that first.  We could split SECURITY_FS_USE_XATTR in
+			 * two, depending upon that...
+			 */
 			dentry = d_find_alias(inode);
+			if (!dentry)
+				dentry = d_find_any_alias(inode);
 		}
 		if (!dentry) {
 			/*
@@ -1674,14 +1681,19 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 		if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
 			/* We must have a dentry to determine the label on
 			 * procfs inodes */
-			if (opt_dentry)
+			if (opt_dentry) {
 				/* Called from d_instantiate or
 				 * d_splice_alias. */
 				dentry = dget(opt_dentry);
-			else
+			} else {
 				/* Called from selinux_complete_init, try to
-				 * find a dentry. */
+				 * find a dentry.  Some filesystems really want
+				 * a connected one, so try that first.
+				 */
 				dentry = d_find_alias(inode);
+				if (!dentry)
+					dentry = d_find_any_alias(inode);
+			}
 			/*
 			 * This can be hit on boot when a file is accessed
 			 * before the policy is loaded.  When we load policy we