Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

udev-node: use flock() for symlink stack directory #23043

Merged
merged 10 commits into from Sep 12, 2022
Merged

udev-node: use flock() for symlink stack directory #23043

merged 10 commits into from Sep 12, 2022

Conversation

yuwata
Copy link
Member

@yuwata yuwata commented Apr 11, 2022

No description provided.

@yuwata yuwata added the udev label Apr 11, 2022
@yuwata yuwata mentioned this pull request Apr 11, 2022
Closed
poettering
poettering reviewed Apr 11, 2022
View reviewed changes
src/udev/udev-node.c Outdated Show resolved Hide resolved
poettering
poettering reviewed Apr 11, 2022
View reviewed changes
src/udev/udev-node.c Outdated Show resolved Hide resolved
poettering
poettering reviewed Apr 11, 2022
View reviewed changes
src/udev/udev-node.c Outdated Show resolved Hide resolved
@poettering poettering added the reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks label Apr 11, 2022
@poettering poettering changed the title udev-node: use flock() udev-node: use flock() for symlink stack directory Apr 11, 2022
@yuwata yuwata added please-review and removed reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks labels Apr 11, 2022
@yuwata
Copy link
Member Author

yuwata commented Apr 11, 2022

@poettering Thank you for the review. Most of comments are addressed. PTAL.

poettering
poettering requested changes Apr 12, 2022
View reviewed changes
src/udev/udev-node.c Show resolved Hide resolved
src/udev/udev-node.c Outdated Show resolved Hide resolved
src/udev/udev-node.c Outdated Show resolved Hide resolved
src/udev/udev-node.c Outdated Show resolved Hide resolved
@poettering poettering added reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks and removed please-review labels Apr 12, 2022
@yuwata
Copy link
Member Author

yuwata commented Apr 12, 2022

@poettering Thank you for the review. The commit message and the comment in the code is updated. Also, the cleanup logic is updated. PTAL.

@yuwata yuwata added please-review and removed reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks labels Apr 12, 2022
poettering
poettering reviewed Apr 12, 2022
View reviewed changes
src/udev/udev-node.c Outdated Show resolved Hide resolved
keszybz
keszybz requested changes Apr 13, 2022
View reviewed changes
src/basic/path-util.c Show resolved Hide resolved
src/udev/udev-node.c Outdated Show resolved Hide resolved
src/udev/udev-node.c Outdated Show resolved Hide resolved
src/udev/udev-node.c Outdated Show resolved Hide resolved
src/udev/udev-node.c Outdated Show resolved Hide resolved
src/udev/udev-node.c Outdated Show resolved Hide resolved
@poettering
Copy link
Member

Hmm, shouldn't we just use a stack directory with a different name to avoid the locking issues.

I kinda like the idea, but how to handle upgrades then?

@poettering
Copy link
Member

I kinda like the idea, but how to handle upgrades then?

Maybe we should just tell people to retrigger everything on update. Which they really should do anyway. If so, then the old dir just doesn't matter (though we wouldn't clean it up either, but I'd be OK with that)

@poettering
Copy link
Member

think this should be handled in tempfn_xxxxxxx instead. If we assume tempfn_xxxxxxx can fail, we'll have to have the same fallback in every caller, or at least in those where the filename is controlled externally or unpredictable.
Let's make tempfn_xxxxxxx smarter: only use up to NAME_MAX - strlen(extra) - strlen(".#" "XXXXXX") of the original file name. This way the function can only fail on oom, and callers become simpler.

So I thought about this approach, and I think we should implement this, but this doesn't solve the problem fully, because if you want to create a temporary path for something that has NAME_MAX length already, and the last compononent (i.e. the filename) is just one character, then you cannot possibly stick six XXXXXX characters in there anymore. So while it pushes the problem out, it doesn't solve it...

@keszybz
Copy link
Member

keszybz commented Apr 13, 2022

Can you give an example? I don't understand the comment.

@yuwata
udev: move udev_node_escape_path()
b916827 
No functionality is changed.
@yuwata
udev: split link_update() and introduce stack_directory_get_name()
7e7c36f 
No functionality is changed.
@yuwata
udev: do not remove stack directory even if it is empty
a28d67a 
Then, we can always assume the directory exists, and the code become
slightly simpler.

Note, unused directories are removed by the main udevd process in a
later commit.
@yuwata
path-util: introduce path_make_relative_parent()
d4f60bd
@yuwata
udev: use readlinkat_malloc()
faadf97 
And try to read it only when the file is symlink.
@yuwata
udev: rename link_find_prioritized() and variables
6b01e29 
Also shorten code a bit.

Just for consistency with other part and readability of the code.
@yuwata
udev: use path_make_relative_parent()
d6595c5
@yuwata
udev: make node_symlink() accept NULL devname
541a463
@yuwata
udev: use flock() when updating device node symlinks
57a2729 
By locking the stack directory, we can safely determine the device node
with the highest priority for a symlink. So, the multiple try-and-wait
loops can be dropped, and the code becomes quite simple.
@yuwata
udev: cleanup stack directory /run/udev/links when all workers exited
1055172 
By the previous commit, the stack directories are not removed even if
it is empty. To reduce the inode usage of /run, let's cleanup the
directories.
@yuwata
Copy link
Member Author

yuwata commented Sep 2, 2022

@poettering Thank you for the review. All comments are addressed. PTAL.

@fbuihuu Sorry for late response again.

If the lock file is readable by an unprivileged user, then the user can lock the file, and udev workers are blocked to access the dir. If the directory is not workd-accessible, then there should be no problem.

Again the lock file is created with permissions 600, hence let me ask again how an unprivileged process could open the lock file.

Hm, yeah, the file is created with 0600. There is no problem.

If the lock file is removed by a worker on unlock, then another worker needs to recreate it before lock the file. Hence, simple open() + flock() does not work...

make_lock_file_for() seems to be prepared to handle this case, no ?

Not sure, maybe. If so, we can rewrite with it. But let's do that later.

@yuwata yuwata added please-review and removed reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks needs-reporter-feedback ❓ There's an unanswered question, the reporter needs to answer labels Sep 2, 2022
@yuwata yuwata mentioned this pull request Sep 2, 2022
Merged
@poettering poettering added good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed and removed please-review labels Sep 9, 2022
@yuwata yuwata merged commit 75a5a14 into systemd:main Sep 12, 2022
@yuwata yuwata deleted the udev-node-use-flock branch September 12, 2022 14:40
yuwata added a commit to yuwata/systemd that referenced this pull request Sep 12, 2022
@yuwata
udev-node: use symlink_atomic_full_label() to create devlink
7f8034c 
If the filename of a device symlink is too long, then the temporary
filename may become invalid, and we fail to create symlink.

The function `tempfn_random()` used in symlink_atomic_full() generates
a safe temporary filename.

Note that, thanks to the PR systemd#23043, now only one worker can handle
the same symlink simultaneously. Hence, the device ID based temporary
filename is not necessary.
yuwata added a commit to yuwata/systemd that referenced this pull request Sep 12, 2022
@yuwata
udev-node: use symlink_atomic_full_label() to create devlink
0bc58d8 
If the filename of a device symlink is too long, then the temporary
filename may become invalid, and we fail to create symlink.

The function `tempfn_random()` used in symlink_atomic_full() generates
a safe temporary filename.

Note that, thanks to the PR systemd#23043, now only one worker can handle
the same symlink simultaneously. Hence, the device ID based temporary
filename is not necessary.
yuwata added a commit to yuwata/systemd that referenced this pull request Sep 12, 2022
@yuwata
udev-node: use symlink_atomic_full_label() to create devlink
a31bda8 
If the filename of a device symlink is too long, then the temporary
filename may become invalid, and we fail to create symlink.

The function `tempfn_random()` used in symlink_atomic_full() generates
a safe temporary filename.

Note that, thanks to the PR systemd#23043, now only one worker can handle
the same symlink simultaneously. Hence, the device ID based temporary
filename is not necessary.
yuwata added a commit to yuwata/systemd that referenced this pull request Sep 13, 2022
@yuwata
udev-node: use symlink_atomic_full_label() to create devlink
a52e6c4 
If the filename of a device symlink is too long, then the temporary
filename may become invalid, and we fail to create symlink.

The function `tempfn_random()` used in symlink_atomic_full() generates
a safe temporary filename.

Note that, thanks to the PR systemd#23043, now only one worker can handle
the same symlink simultaneously. Hence, the device ID based temporary
filename is not necessary.
yuwata added a commit to yuwata/systemd that referenced this pull request Sep 14, 2022
@yuwata
udev-node: use symlink_atomic_full_label() to create devlink
cc254b3 
If the filename of a device symlink is too long, then the temporary
filename may become invalid, and we fail to create symlink.

The function `tempfn_random()` used in symlink_atomic_full() generates
a safe temporary filename.

Note that, thanks to the PR systemd#23043, now only one worker can handle
the same symlink simultaneously. Hence, the device ID based temporary
filename is not necessary.
yuwata added a commit to yuwata/systemd that referenced this pull request Sep 16, 2022
@yuwata
udev-node: use symlink_atomic_full_label() to create devlink
19a7a35 
If the filename of a device symlink is too long, then the temporary
filename may become invalid, and we fail to create symlink.

The function `tempfn_random()` used in symlink_atomic_full() generates
a safe temporary filename.

Note that, thanks to the PR systemd#23043, now only one worker can handle
the same symlink simultaneously. Hence, the device ID based temporary
filename is not necessary.
yuwata added a commit to yuwata/systemd that referenced this pull request Sep 16, 2022
@yuwata
udev-node: use symlink_atomic_full_label() to create devlink
9a900d4 
If the filename of a device symlink is too long, then the temporary
filename may become invalid, and we fail to create symlink.

The function `tempfn_random()` used in symlink_atomic_full() generates
a safe temporary filename.

Note that, thanks to the PR systemd#23043, now only one worker can handle
the same symlink simultaneously. Hence, the device ID based temporary
filename is not necessary.
yuwata added a commit to yuwata/systemd that referenced this pull request Sep 18, 2022
@yuwata
udev-node: use symlink_atomic_full_label() to create devlink
c00479d 
If the filename of a device symlink is too long, then the temporary
filename may become invalid, and we fail to create symlink.

The function `tempfn_random()` used in symlink_atomic_full() generates
a safe temporary filename.

Note that, thanks to the PR systemd#23043, now only one worker can handle
the same symlink simultaneously. Hence, the device ID based temporary
filename is not necessary.
yuwata added a commit to yuwata/systemd that referenced this pull request Sep 18, 2022
@yuwata
udev-node: use symlink_atomic_full_label() to create devlink
6d42138 
If the filename of a device symlink is too long, then the temporary
filename may become invalid, and we fail to create symlink.

The function `tempfn_random()` used in symlink_atomic_full() generates
a safe temporary filename.

Note that, thanks to the PR systemd#23043, now only one worker can handle
the same symlink simultaneously. Hence, the device ID based temporary
filename is not necessary.
yuwata added a commit to yuwata/systemd that referenced this pull request Sep 18, 2022
@yuwata
udev-node: use symlink_atomic_full_label() to create devlink
87d4783 
If the filename of a device symlink is too long, then the temporary
filename may become invalid, and we fail to create symlink.

The function `tempfn_random()` used in symlink_atomic_full() generates
a safe temporary filename.

Note that, thanks to the PR systemd#23043, now only one worker can handle
the same symlink simultaneously. Hence, the device ID based temporary
filename is not necessary.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fbuihuu fbuihuu fbuihuu left review comments

@msekletar msekletar msekletar left review comments

@poettering poettering poettering requested changes

@keszybz keszybz keszybz requested changes

Assignees
No one assigned
Labels
good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed udev
Milestone
v252
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@yuwata @poettering @keszybz @fbuihuu @msekletar