fuse:rely on fuse_perm for exec when no mode bits set
diff mbox series

Message ID 1585733475-5222-1-git-send-email-chakragithub@gmail.com
State New
Headers show
Series
  • fuse:rely on fuse_perm for exec when no mode bits set
Related show

Commit Message

Chakra Divi April 1, 2020, 9:31 a.m. UTC
In current code, for exec we are checking mode bits
for x bit set even though the fuse_perm_getattr returns
success. Changes in this patch avoids mode bit explicit
check, leaves the exec checking to fuse file system
in uspace.

Signed-off-by: Chakra Divi <chakragithub@gmail.com>
---
 fs/fuse/dir.c | 5 -----
 1 file changed, 5 deletions(-)

Comments

Miklos Szeredi April 20, 2020, 11:25 a.m. UTC | #1
On Wed, Apr 1, 2020 at 11:31 AM Chakra Divi <chakragithub@gmail.com> wrote:
>
> In current code, for exec we are checking mode bits
> for x bit set even though the fuse_perm_getattr returns
> success. Changes in this patch avoids mode bit explicit
> check, leaves the exec checking to fuse file system
> in uspace.

Why is this needed?

Thanks,
Miklos
Chakra Divi April 21, 2020, 10:51 a.m. UTC | #2
On Mon, Apr 20, 2020 at 4:55 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
>
> On Wed, Apr 1, 2020 at 11:31 AM Chakra Divi <chakragithub@gmail.com> wrote:
> >
> > In current code, for exec we are checking mode bits
> > for x bit set even though the fuse_perm_getattr returns
> > success. Changes in this patch avoids mode bit explicit
> > check, leaves the exec checking to fuse file system
> > in uspace.
>
> Why is this needed?

Thanks for responding Miklos. We have an use case with our remote file
system mounted on fuse , where permissions checks will happen remotely
without the need of mode bits. In case of read, write it worked
without issues. But for executable files, we found that fuse kernel is
explicitly checking 'x' mode bit set on the file. We want this
checking also to be pushed to remote instead of kernel doing it - so
modified the kernel code to send getattr op to usespace in exec case
too.

> Thanks,
> Miklos
Chakra Divi April 27, 2020, 1:46 p.m. UTC | #3
On Tue, Apr 21, 2020 at 4:21 PM Chakra Divi <chakragithub@gmail.com> wrote:
>
> On Mon, Apr 20, 2020 at 4:55 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
> >
> > On Wed, Apr 1, 2020 at 11:31 AM Chakra Divi <chakragithub@gmail.com> wrote:
> > >
> > > In current code, for exec we are checking mode bits
> > > for x bit set even though the fuse_perm_getattr returns
> > > success. Changes in this patch avoids mode bit explicit
> > > check, leaves the exec checking to fuse file system
> > > in uspace.
> >
> > Why is this needed?
>
> Thanks for responding Miklos. We have an use case with our remote file
> system mounted on fuse , where permissions checks will happen remotely
> without the need of mode bits. In case of read, write it worked
> without issues. But for executable files, we found that fuse kernel is
> explicitly checking 'x' mode bit set on the file. We want this
> checking also to be pushed to remote instead of kernel doing it - so
> modified the kernel code to send getattr op to usespace in exec case
> too.

Any help on this Miklos....

Thanks,
Chakra
> > Thanks,
> > Miklos
Miklos Szeredi April 28, 2020, 8:21 a.m. UTC | #4
On Mon, Apr 27, 2020 at 3:46 PM Chakra Divi <chakragithub@gmail.com> wrote:
>
> On Tue, Apr 21, 2020 at 4:21 PM Chakra Divi <chakragithub@gmail.com> wrote:
> >
> > On Mon, Apr 20, 2020 at 4:55 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
> > >
> > > On Wed, Apr 1, 2020 at 11:31 AM Chakra Divi <chakragithub@gmail.com> wrote:
> > > >
> > > > In current code, for exec we are checking mode bits
> > > > for x bit set even though the fuse_perm_getattr returns
> > > > success. Changes in this patch avoids mode bit explicit
> > > > check, leaves the exec checking to fuse file system
> > > > in uspace.
> > >
> > > Why is this needed?
> >
> > Thanks for responding Miklos. We have an use case with our remote file
> > system mounted on fuse , where permissions checks will happen remotely
> > without the need of mode bits. In case of read, write it worked
> > without issues. But for executable files, we found that fuse kernel is
> > explicitly checking 'x' mode bit set on the file. We want this
> > checking also to be pushed to remote instead of kernel doing it - so
> > modified the kernel code to send getattr op to usespace in exec case
> > too.
>
> Any help on this Miklos....

I still don't understand what you are requesting.  What your patch
does is unconditionally allow execution, even without any 'x' bits in
the mode.  What does that achieve?

Thanks,
Miklos
Chakra Divi May 8, 2020, 10:13 a.m. UTC | #5
On Tue, Apr 28, 2020 at 1:51 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
>
> On Mon, Apr 27, 2020 at 3:46 PM Chakra Divi <chakragithub@gmail.com> wrote:
> >
> > On Tue, Apr 21, 2020 at 4:21 PM Chakra Divi <chakragithub@gmail.com> wrote:
> > >
> > > On Mon, Apr 20, 2020 at 4:55 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
> > > >
> > > > On Wed, Apr 1, 2020 at 11:31 AM Chakra Divi <chakragithub@gmail.com> wrote:
> > > > >
> > > > > In current code, for exec we are checking mode bits
> > > > > for x bit set even though the fuse_perm_getattr returns
> > > > > success. Changes in this patch avoids mode bit explicit
> > > > > check, leaves the exec checking to fuse file system
> > > > > in uspace.
> > > >
> > > > Why is this needed?
> > >
> > > Thanks for responding Miklos. We have an use case with our remote file
> > > system mounted on fuse , where permissions checks will happen remotely
> > > without the need of mode bits. In case of read, write it worked
> > > without issues. But for executable files, we found that fuse kernel is
> > > explicitly checking 'x' mode bit set on the file. We want this
> > > checking also to be pushed to remote instead of kernel doing it - so
> > > modified the kernel code to send getattr op to usespace in exec case
> > > too.
> >
> > Any help on this Miklos....
>
> I still don't understand what you are requesting.  What your patch
> does is unconditionally allow execution, even without any 'x' bits in
> the mode.  What does that achieve?

Thanks for the help Miklos. We have a network based filesystem that
supports acls.
As our filesystem give granular access, we wipe out the mode bits and
completely rely on ACLs.

Fuse works well for all other ops (with default_permissions disabled )
 as all the checks are done at the filesystems.
But only executables have problems because fuse kernel rejects the
execution by doing access checks on mode bit.
To push this check to filesystem, in the above patch - i'm relying on
return value from fuse_perm_getattr() ignoring the mode bits.

When the fuse module is asked to rely on filesystem for access checks,
why do we need this explicit check for executables?
I found out that it is the same issue with nfs too. Is there a reason
for it ? Should we not push this check to filesystem ?

Thanks,
Chakra
>
> Thanks,
> Miklos
Miklos Szeredi May 11, 2020, 12:25 p.m. UTC | #6
On Fri, May 8, 2020 at 12:14 PM Chakra Divi <chakragithub@gmail.com> wrote:
>
> On Tue, Apr 28, 2020 at 1:51 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
> >
> > On Mon, Apr 27, 2020 at 3:46 PM Chakra Divi <chakragithub@gmail.com> wrote:
> > >
> > > On Tue, Apr 21, 2020 at 4:21 PM Chakra Divi <chakragithub@gmail.com> wrote:
> > > >
> > > > On Mon, Apr 20, 2020 at 4:55 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
> > > > >
> > > > > On Wed, Apr 1, 2020 at 11:31 AM Chakra Divi <chakragithub@gmail.com> wrote:
> > > > > >
> > > > > > In current code, for exec we are checking mode bits
> > > > > > for x bit set even though the fuse_perm_getattr returns
> > > > > > success. Changes in this patch avoids mode bit explicit
> > > > > > check, leaves the exec checking to fuse file system
> > > > > > in uspace.
> > > > >
> > > > > Why is this needed?
> > > >
> > > > Thanks for responding Miklos. We have an use case with our remote file
> > > > system mounted on fuse , where permissions checks will happen remotely
> > > > without the need of mode bits. In case of read, write it worked
> > > > without issues. But for executable files, we found that fuse kernel is
> > > > explicitly checking 'x' mode bit set on the file. We want this
> > > > checking also to be pushed to remote instead of kernel doing it - so
> > > > modified the kernel code to send getattr op to usespace in exec case
> > > > too.
> > >
> > > Any help on this Miklos....
> >
> > I still don't understand what you are requesting.  What your patch
> > does is unconditionally allow execution, even without any 'x' bits in
> > the mode.  What does that achieve?
>
> Thanks for the help Miklos. We have a network based filesystem that
> supports acls.
> As our filesystem give granular access, we wipe out the mode bits and
> completely rely on ACLs.

Are you using POSIX ACLs?   Why can't you translate the ACL's back
into mode bits (that's what all filesystems do)?

>
> Fuse works well for all other ops (with default_permissions disabled )
>  as all the checks are done at the filesystems.
> But only executables have problems because fuse kernel rejects the
> execution by doing access checks on mode bit.
> To push this check to filesystem, in the above patch - i'm relying on
> return value from fuse_perm_getattr() ignoring the mode bits.
>
> When the fuse module is asked to rely on filesystem for access checks,
> why do we need this explicit check for executables?

Because there's no other check.  Have you noticed that with your patch
*all* files become executable?  I guess that's not what you wanted...

Thanks,
Miklos

Patch
diff mbox series

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index de1e2fde..7b44c4e 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1196,12 +1196,7 @@  static int fuse_permission(struct inode *inode, int mask)
 		err = fuse_access(inode, mask);
 	} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
 		if (!(inode->i_mode & S_IXUGO)) {
-			if (refreshed)
-				return -EACCES;
-
 			err = fuse_perm_getattr(inode, mask);
-			if (!err && !(inode->i_mode & S_IXUGO))
-				return -EACCES;
 		}
 	}
 	return err;