On 15.09.2019 20:03, Christos Zoulas wrote:
> I think it is quite reliable because all the file descriptors would be recently
> opened and therefore be in the cache. One would need to DoS the cache
> cause eviction. If that turns out to be false, we can make the namecache
> reliable, or withdraw it.
As discussed with Mateusz Guzik offlist, the dentry approach looks
reliable and as a way to go.
It changes fd -> vnode -> inode to fd -> dentry -> vnode.
We could switch from catching program name on exec to proper pathname
resolution with KERN_PROC_PATHNAME.
Certain programs require always correct path to be resolved from
hardlinks, not the last one from the cache. This used to affect LLVM.
There is also a hole in the current namecache implementation as it
misses entry for newly created files (as informed by Mateusz). Example:
#include <sys/types.h>
#include <err.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
int
main(void)
{
char buf[1024];
int fd;
fd = open("/tmp/test", O_RDWR|O_CREAT|O_EXCL,0600);
if (fd == -1)
err(1, "open");
if (fcntl(fd, F_GETPATH, buf) < 0)
err(1, "fcntl");
printf("[%s]\n", buf);
}
For the time being, the current code is still an improvement over the
past state.
Attachment:
signature.asc
Description: OpenPGP digital signature