From: Alexey Izbyshev <izbyshev@ispras.ru>
To: musl@lists.openwall.com
Subject: Re: [musl] realpath without procfs -- should be ready for inclusion
Date: Wed, 25 Nov 2020 08:40:02 +0300 [thread overview]
Message-ID: <ebd3d249937ca5b34ac8aac04eb4158c@ispras.ru> (raw)
In-Reply-To: <20201124203132.GE534@brightrain.aerifal.cx>
On 2020-11-24 23:31, Rich Felker wrote:
> On Mon, Nov 23, 2020 at 11:26:46PM -0500, Rich Felker wrote:
>> On Tue, Nov 24, 2020 at 06:39:59AM +0300, Alexey Izbyshev wrote:
>> > * ENOTDIR should be returned if the last component is not a
>> > directory and the path has one or more trailing slashes
>>
>> Yes, that's precisely what I've been working on the past couple hours.
>> I think you missed but .. will also erase a path component that's not
>> a dir (e.g. /dev/null/.. -> /dev) and these are both instances of a
>> common problem. I thought use of readlink covered all the ENOTDIR
>> cases but it doesn't when the next component isn't covered by readlink
>> or isn't present at all.
>>
>> It's trivial to fix with a check after each component but that doubles
>> the number of syscalls and mostly isn't necessary. I have a reworked
>> draft to fix the problem by advancing over /(/|./|.$)* rather than
>> just
>> /+ after each component, so that we can lookahead and do an extra
>> readlink in the cases that need it.
>
> While this worked, it ended up being the wrong thing to do, making two
> places where readlink is called, one of them with a dummy buffer. The
> right way to do it is rework the flow so that the existing readlink is
> "naturally" hit where needed. This amounts to:
>
> - Letting .. processing that cancels path components go through the
> same code path as new path components, rather than handling it
> early, and just skipping the actual readlink if we already know we
> have a dir.
>
> - Also treating a zero-length final component as something that goes
> through the readlink code path.
>
> There was a fair amount of reorganizing needed to make this work out,
> but the end result is clean and non-redundant and code size is almost
> the same as before with the missing-ENOTDIR bugs.
>
> Speaking of code size, on 32-bit archs the proposed explicit realpath
> is roughly the same size as stat+fstat+fstatat (a little over 1k on
> i386), which were needed to implement the old lazy realpath in terms
> of procfs. So for minimal static linking, resulting code size may be
> same or smaller. (Of course it's larger if stat is already linked for
> other reasons.)
>
> New draft attached. It's possible that there are regressions since I
> haven't put together an automated testset. I'm not sure if I'll try to
> merge it in this release cycle still or not; that probably depends on
> how easy or difficult automating these tests ends up being.
>
The new draft looks good to me. I've also done some basic manual testing
(not covering all proposed cases) and haven't found any issues.
I don't see why the size of stack has to be PATH_MAX+1 though. To
address the issue with symlink targets of PATH_MAX-1 length, it seems
sufficient to just do the following:
- ssize_t k = readlink(output, stack, p);
- if (k==p) goto toolong;
+ ssize_t k = readlink(output, stack, p+1);
+ if (k==p+1) goto toolong;
Since p is never past the end of the stack, there is no harm in allowing
k == p.
Alexey
next prev parent reply other threads:[~2020-11-25 5:40 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-22 22:56 Rich Felker
2020-11-23 2:03 ` Alexey Izbyshev
2020-11-23 3:17 ` Érico Nogueira
2020-11-23 3:34 ` Rich Felker
2020-11-23 3:19 ` Rich Felker
2020-11-23 18:56 ` Rich Felker
2020-11-23 20:53 ` Rich Felker
2020-11-24 3:39 ` Alexey Izbyshev
2020-11-24 4:26 ` Rich Felker
2020-11-24 5:13 ` Alexey Izbyshev
2020-11-24 6:30 ` Rich Felker
2020-11-24 9:21 ` Alexey Izbyshev
2020-11-24 14:35 ` Rich Felker
2020-11-24 20:17 ` Rich Felker
2020-11-25 15:02 ` Rich Felker
2020-11-25 19:40 ` Alexey Izbyshev
2020-11-24 20:31 ` Rich Felker
2020-11-25 5:40 ` Alexey Izbyshev [this message]
2020-11-25 15:03 ` Rich Felker
2020-11-24 3:41 ` Alexey Izbyshev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ebd3d249937ca5b34ac8aac04eb4158c@ispras.ru \
--to=izbyshev@ispras.ru \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).