[v3,07/13] xfs: use file_modified() helper

Message ID	20190529174318.22424-8-amir73il@gmail.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <linux-xfs-owner@kernel.org> From: Amir Goldstein <amir73il@gmail.com> To: "Darrick J . Wong" <darrick.wong@oracle.com> Cc: Dave Chinner <david@fromorbit.com>, Christoph Hellwig <hch@lst.de>, linux-xfs@vger.kernel.org, Olga Kornievskaia <olga.kornievskaia@gmail.com>, Luis Henriques <lhenriques@suse.com>, Al Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org, ceph-devel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org Subject: [PATCH v3 07/13] xfs: use file_modified() helper Date: Wed, 29 May 2019 20:43:11 +0300 Message-Id: <20190529174318.22424-8-amir73il@gmail.com> In-Reply-To: <20190529174318.22424-1-amir73il@gmail.com> References: <20190529174318.22424-1-amir73il@gmail.com> Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk
Series	Fixes for major copy_file_range() issues \| expand [v3,00/13] Fixes for major copy_file_range() issues [v3,01/13] vfs: introduce generic_copy_file_range() [v3,02/13] vfs: no fallback for ->copy_file_range [v3,03/13] vfs: introduce generic_file_rw_checks() [v3,04/13] vfs: remove redundant checks from generic_remap_checks() [v3,05/13] vfs: add missing checks to copy_file_range [v3,06/13] vfs: introduce file_modified() helper [v3,07/13] xfs: use file_modified() helper [v3,08/13] vfs: copy_file_range needs to strip setuid bits and update timestamps [v3,09/13] ceph: copy_file_range needs to strip setuid bits and update timestamps [v3,10/13] cifs: copy_file_range needs to strip setuid bits and update timestamps [v3,11/13] fuse: copy_file_range needs to strip setuid bits and update timestamps [v3,12/13] nfs: copy_file_range needs to strip setuid bits and update timestamps [v3,13/13] vfs: allow copy_file_range to copy across devices [v3,14/13] man-pages: copy_file_range updates

Message ID

20190529174318.22424-8-amir73il@gmail.com (mailing list archive)

State

Superseded

Headers

From: Amir Goldstein <amir73il@gmail.com>
To: "Darrick J . Wong" <darrick.wong@oracle.com>
Cc: Dave Chinner <david@fromorbit.com>, Christoph Hellwig <hch@lst.de>,
        linux-xfs@vger.kernel.org,
        Olga Kornievskaia <olga.kornievskaia@gmail.com>,
        Luis Henriques <lhenriques@suse.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org,
        ceph-devel@vger.kernel.org, linux-nfs@vger.kernel.org,
        linux-cifs@vger.kernel.org
Subject: [PATCH v3 07/13] xfs: use file_modified() helper
Date: Wed, 29 May 2019 20:43:11 +0300
Message-Id: <20190529174318.22424-8-amir73il@gmail.com>
In-Reply-To: <20190529174318.22424-1-amir73il@gmail.com>
References: <20190529174318.22424-1-amir73il@gmail.com>
Sender: linux-xfs-owner@vger.kernel.org
Precedence: bulk

Series

Fixes for major copy_file_range() issues | expand

Commit Message

Amir Goldstein May 29, 2019, 5:43 p.m. UTC

Note that by using the helper, the order of calling file_remove_privs()
after file_update_mtime() in xfs_file_aio_write_checks() has changed.

Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
 fs/xfs/xfs_file.c | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

Comments

Darrick J. Wong May 29, 2019, 6:31 p.m. UTC | #1

On Wed, May 29, 2019 at 08:43:11PM +0300, Amir Goldstein wrote:
> Note that by using the helper, the order of calling file_remove_privs()
> after file_update_mtime() in xfs_file_aio_write_checks() has changed.
> 
> Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> ---
>  fs/xfs/xfs_file.c | 15 +--------------
>  1 file changed, 1 insertion(+), 14 deletions(-)
> 
> diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
> index 76748255f843..916a35cae5e9 100644
> --- a/fs/xfs/xfs_file.c
> +++ b/fs/xfs/xfs_file.c
> @@ -367,20 +367,7 @@ xfs_file_aio_write_checks(
>  	 * lock above.  Eventually we should look into a way to avoid
>  	 * the pointless lock roundtrip.
>  	 */
> -	if (likely(!(file->f_mode & FMODE_NOCMTIME))) {

...especially since here we think NOCMTIME is likely /not/ to be set.

> -		error = file_update_time(file);
> -		if (error)
> -			return error;
> -	}
> -
> -	/*
> -	 * If we're writing the file then make sure to clear the setuid and
> -	 * setgid bits if the process is not being run by root.  This keeps
> -	 * people from modifying setuid and setgid binaries.
> -	 */
> -	if (!IS_NOSEC(inode))
> -		return file_remove_privs(file);

Hm, file_modified doesn't have the !IS_NOSEC check guarding
file_remove_privs, are you sure it's ok to remove the suid bits
unconditionally?  Even if SB_NOSEC (and therefore S_NOSEC) are set?

--D

> -	return 0;
> +	return file_modified(file);
>  }
>  
>  static int
> -- 
> 2.17.1
>

Amir Goldstein May 29, 2019, 7:10 p.m. UTC | #2

On Wed, May 29, 2019 at 9:31 PM Darrick J. Wong <darrick.wong@oracle.com> wrote:
>
> On Wed, May 29, 2019 at 08:43:11PM +0300, Amir Goldstein wrote:
> > Note that by using the helper, the order of calling file_remove_privs()
> > after file_update_mtime() in xfs_file_aio_write_checks() has changed.
> >
> > Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> > ---
> >  fs/xfs/xfs_file.c | 15 +--------------
> >  1 file changed, 1 insertion(+), 14 deletions(-)
> >
> > diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
> > index 76748255f843..916a35cae5e9 100644
> > --- a/fs/xfs/xfs_file.c
> > +++ b/fs/xfs/xfs_file.c
> > @@ -367,20 +367,7 @@ xfs_file_aio_write_checks(
> >        * lock above.  Eventually we should look into a way to avoid
> >        * the pointless lock roundtrip.
> >        */
> > -     if (likely(!(file->f_mode & FMODE_NOCMTIME))) {
>
> ...especially since here we think NOCMTIME is likely /not/ to be set.
>
> > -             error = file_update_time(file);
> > -             if (error)
> > -                     return error;
> > -     }
> > -
> > -     /*
> > -      * If we're writing the file then make sure to clear the setuid and
> > -      * setgid bits if the process is not being run by root.  This keeps
> > -      * people from modifying setuid and setgid binaries.
> > -      */
> > -     if (!IS_NOSEC(inode))
> > -             return file_remove_privs(file);
>
> Hm, file_modified doesn't have the !IS_NOSEC check guarding
> file_remove_privs, are you sure it's ok to remove the suid bits
> unconditionally?  Even if SB_NOSEC (and therefore S_NOSEC) are set?
>

file_remove_privs() has its own IS_NOSEC() check.

Thanks,
Amir.

Darrick J. Wong May 29, 2019, 7:13 p.m. UTC | #3

On Wed, May 29, 2019 at 10:10:37PM +0300, Amir Goldstein wrote:
> On Wed, May 29, 2019 at 9:31 PM Darrick J. Wong <darrick.wong@oracle.com> wrote:
> >
> > On Wed, May 29, 2019 at 08:43:11PM +0300, Amir Goldstein wrote:
> > > Note that by using the helper, the order of calling file_remove_privs()
> > > after file_update_mtime() in xfs_file_aio_write_checks() has changed.
> > >
> > > Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> > > ---
> > >  fs/xfs/xfs_file.c | 15 +--------------
> > >  1 file changed, 1 insertion(+), 14 deletions(-)
> > >
> > > diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
> > > index 76748255f843..916a35cae5e9 100644
> > > --- a/fs/xfs/xfs_file.c
> > > +++ b/fs/xfs/xfs_file.c
> > > @@ -367,20 +367,7 @@ xfs_file_aio_write_checks(
> > >        * lock above.  Eventually we should look into a way to avoid
> > >        * the pointless lock roundtrip.
> > >        */
> > > -     if (likely(!(file->f_mode & FMODE_NOCMTIME))) {
> >
> > ...especially since here we think NOCMTIME is likely /not/ to be set.
> >
> > > -             error = file_update_time(file);
> > > -             if (error)
> > > -                     return error;
> > > -     }
> > > -
> > > -     /*
> > > -      * If we're writing the file then make sure to clear the setuid and
> > > -      * setgid bits if the process is not being run by root.  This keeps
> > > -      * people from modifying setuid and setgid binaries.
> > > -      */
> > > -     if (!IS_NOSEC(inode))
> > > -             return file_remove_privs(file);
> >
> > Hm, file_modified doesn't have the !IS_NOSEC check guarding
> > file_remove_privs, are you sure it's ok to remove the suid bits
> > unconditionally?  Even if SB_NOSEC (and therefore S_NOSEC) are set?
> >
> 
> file_remove_privs() has its own IS_NOSEC() check.

Ah, ok,
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>

--D

> Thanks,
> Amir.

diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
index 76748255f843..916a35cae5e9 100644
--- a/fs/xfs/xfs_file.c
+++ b/fs/xfs/xfs_file.c
@@ -367,20 +367,7 @@  xfs_file_aio_write_checks(
 	 * lock above.  Eventually we should look into a way to avoid
 	 * the pointless lock roundtrip.
 	 */
-	if (likely(!(file->f_mode & FMODE_NOCMTIME))) {
-		error = file_update_time(file);
-		if (error)
-			return error;
-	}
-
-	/*
-	 * If we're writing the file then make sure to clear the setuid and
-	 * setgid bits if the process is not being run by root.  This keeps
-	 * people from modifying setuid and setgid binaries.
-	 */
-	if (!IS_NOSEC(inode))
-		return file_remove_privs(file);
-	return 0;
+	return file_modified(file);
 }
 
 static int

[v3,07/13] xfs: use file_modified() helper

Commit Message

Comments

Patch