From patchwork Mon Oct 3 12:21:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amir Goldstein X-Patchwork-Id: 12997533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2DCEC4332F for ; Mon, 3 Oct 2022 12:22:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229674AbiJCMWJ (ORCPT ); Mon, 3 Oct 2022 08:22:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35460 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229470AbiJCMWG (ORCPT ); Mon, 3 Oct 2022 08:22:06 -0400 Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0E31371BC; Mon, 3 Oct 2022 05:22:04 -0700 (PDT) Received: by mail-wr1-x430.google.com with SMTP id c11so16469906wrp.11; Mon, 03 Oct 2022 05:22:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date; bh=TIkUkS6ogLSq4cIP6DAYUvne3O+N/YCgY5mK3r4+77I=; b=iYmtUWF2PG4zvdl+97Rq1UOf31uOYluCWxFKdr79NdKrgSCzG7WTy6pEEu5PPJZMk0 YpQkjiWz9NPS+nZXSXnSOlx5UmfPQ5DdQpgAFr96qGQEMXGXrdCMgaR6iPAP9ACfCZ8k hR+ztQsNt2HUfSOnga3+QNYLakYpwZKeKlDYYJ0gvQ2+v1mekWfs1FWZYq1dIYFv95aE llCSOYc0GQt39xYau2BgePxoRoh7X1ngwemim0mgkbZqJdGQ2/3vTdrFzXxHKYwdieAN C0gY6tCdZCiWJAlXJBbDK2Sqj8U3Tur1Ru9hvFIHKyhy9XenxEpleyVtJvDHM1IwkqKh BQnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date; bh=TIkUkS6ogLSq4cIP6DAYUvne3O+N/YCgY5mK3r4+77I=; b=ClXk4wO2Y/9U4yMJisXFkAjzhwrRw7TGyAl36zDUDE7qNCXybq8AZyq2E6cdDjee9p M1bQyHGxep7LJUznM5j/++/dZI4xuO7B10dJWNCN1cfUnAIYh7F4Q/RkKm7WvTKv62a5 SO+aIlGeQQTm9WODpXI3/HjQ5/GnHYl80IQKqqzkQYHTwJvf2qhH76SbKSR1JsfE10Ef 3Pfs8DZDwV2Z5qq2MN2LNkK9BIKCoNTq7sY4VYLiy0xbUQSI8znChEMbfeCfCQXuKEq7 Xk5OM0oOpJKZIFLt3706IahVZXwb1NYlpVkgoaGjQTuvLGVXcKwJsoSkZg5dey7k/c3e RNIA== X-Gm-Message-State: ACrzQf1lCRwO6RcKZmxBUgQ62id7GbIUiWTg6mVYuUsDEB9wBepNBrCl d5xeUL+WLSCAFbVD2g0Udhs= X-Google-Smtp-Source: AMsMyM6EST0kfm7s7umrgBy5gHG82CwA6g61+pnT5guTMT5tnVCUSCSbEk3LE+T7J2BPk6Tm9/ySUg== X-Received: by 2002:a05:6000:1887:b0:22a:3c3d:75ea with SMTP id a7-20020a056000188700b0022a3c3d75eamr12173828wri.669.1664799723022; Mon, 03 Oct 2022 05:22:03 -0700 (PDT) Received: from localhost.localdomain ([5.29.8.191]) by smtp.gmail.com with ESMTPSA id v11-20020a05600c444b00b003a682354f63sm16983387wmn.11.2022.10.03.05.22.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Oct 2022 05:22:02 -0700 (PDT) From: Amir Goldstein To: Miklos Szeredi Cc: Christian Brauner , Yang Xu , "Darrick J . Wong" , Filipe Manana , linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH 1/2] ovl: remove privs in ovl_copyfile() Date: Mon, 3 Oct 2022 15:21:53 +0300 Message-Id: <20221003122154.900300-2-amir73il@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221003122154.900300-1-amir73il@gmail.com> References: <20221003122154.900300-1-amir73il@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Underlying fs doesn't remove privs because copy_range/remap_range are called with privileged mounter credentials. This fixes some failures in fstest generic/673. Fixes: 8ede205541ff ("ovl: add reflink/copyfile/dedup support") Signed-off-by: Amir Goldstein --- fs/overlayfs/file.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index d17faeb014e5..c8308da8909a 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -567,14 +567,23 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, const struct cred *old_cred; loff_t ret; + inode_lock(inode_out); + if (op != OVL_DEDUPE) { + /* Update mode */ + ovl_copyattr(inode_out); + ret = file_remove_privs(file_out); + if (ret) + goto out_unlock; + } + ret = ovl_real_fdget(file_out, &real_out); if (ret) - return ret; + goto out_unlock; ret = ovl_real_fdget(file_in, &real_in); if (ret) { fdput(real_out); - return ret; + goto out_unlock; } old_cred = ovl_override_creds(file_inode(file_out)->i_sb); @@ -603,6 +612,9 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, fdput(real_in); fdput(real_out); +out_unlock: + inode_unlock(inode_out); + return ret; } From patchwork Mon Oct 3 12:21:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amir Goldstein X-Patchwork-Id: 12997534 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2217EC433FE for ; Mon, 3 Oct 2022 12:22:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229675AbiJCMWM (ORCPT ); Mon, 3 Oct 2022 08:22:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229470AbiJCMWK (ORCPT ); Mon, 3 Oct 2022 08:22:10 -0400 Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B6CC36425; Mon, 3 Oct 2022 05:22:07 -0700 (PDT) Received: by mail-wm1-x32d.google.com with SMTP id u16-20020a05600c211000b003b5152ebf09so8927755wml.5; Mon, 03 Oct 2022 05:22:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date; bh=95pD3kUkfrwjBpMlRxRAZrJWP3np9vHScnVl0JeavSM=; b=S3RK1UemlCpEx4SIplIBEBJlSsndlMDsbhd2iGpWkBXvyrXmadBAVhyAae6yBChNA/ oq7UvkbG83O7OpAMQQK2ei5oGEqGo2qpfCfcIG9lARQSric1W7kjA7oETsuftyKHQrHH fS8Nc+NncxcYdMSaRL2a6MJv4bxWoxf9aXc/lnQRk54agX6ZANVBrVjQG66bK3p+mzfS 8C8pRk91HUhr+2T1W4TWqHJrdyyQcXDHEgCOSX02rOvlFZqf3F058W2g2aLmznnJwMW9 IotzP9CJV6EPzHVTOjTfGFLd+1ProcPedCVAJUK/4TIZzhrWpnNKuTrxLgHWeLE1+GV1 IC0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date; bh=95pD3kUkfrwjBpMlRxRAZrJWP3np9vHScnVl0JeavSM=; b=Wh8bNBtNLeyWbXJjrNmKenmwkSNg+DELG8AILqMQqc1vmKEg0QN+oGm2W7S9YpZoF4 NF+MToYFNkQvIFPZqi/ZGEECduK1BRbaVI57RjnJhJm/WQm++U+BCCGgbgs9MviuXCTd XN3TIWhWE3tA+7pc+aj+/HLXwCVfKyABJ/8Rri0IRgUi8kN+Pwt5FB6LalfTEwUL89wi bXo3egfjD1DtlgmaQ7SqsxnTfYAI+97eStQUcqLSKpE8glPojmjbcz0CqfgCX6rR7Rjm tYJ8qIxyO5hkmvjAtxcCdV4hgAVqTGnJo0mnGNsNVd6+wY2uaQvTP/XeapU8rXTfXg2a VJ9Q== X-Gm-Message-State: ACrzQf39eqAoeILK6PhimtrPR7P+Y0L2SqBiqchsyEcyZskR0lCrBeMK t8fsIGZnFD/xUMmkVqWc8vY= X-Google-Smtp-Source: AMsMyM7vKDdXNNDwxHCMD72gLcXSRsgldGkiDgvAlvIjBuHWs0zas//hsV+lEr2BvO97/0ydtAcqJQ== X-Received: by 2002:a05:600c:214e:b0:3b4:709b:b0d with SMTP id v14-20020a05600c214e00b003b4709b0b0dmr6969596wml.4.1664799725601; Mon, 03 Oct 2022 05:22:05 -0700 (PDT) Received: from localhost.localdomain ([5.29.8.191]) by smtp.gmail.com with ESMTPSA id v11-20020a05600c444b00b003a682354f63sm16983387wmn.11.2022.10.03.05.22.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Oct 2022 05:22:04 -0700 (PDT) From: Amir Goldstein To: Miklos Szeredi Cc: Christian Brauner , Yang Xu , "Darrick J . Wong" , Filipe Manana , linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH 2/2] ovl: remove privs in ovl_fallocate() Date: Mon, 3 Oct 2022 15:21:54 +0300 Message-Id: <20221003122154.900300-3-amir73il@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221003122154.900300-1-amir73il@gmail.com> References: <20221003122154.900300-1-amir73il@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Underlying fs doesn't remove privs because fallocate is called with privileged mounter credentials. This fixes some failure in fstests generic/683..687. Fixes: aab8848cee5e ("ovl: add ovl_fallocate()") Signed-off-by: Amir Goldstein --- fs/overlayfs/file.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index c8308da8909a..e90ac5376456 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -517,9 +517,16 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len const struct cred *old_cred; int ret; + inode_lock(inode); + /* Update mode */ + ovl_copyattr(inode); + ret = file_remove_privs(file); + if (ret) + goto out_unlock; + ret = ovl_real_fdget(file, &real); if (ret) - return ret; + goto out_unlock; old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = vfs_fallocate(real.file, mode, offset, len); @@ -530,6 +537,9 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len fdput(real); +out_unlock: + inode_unlock(inode); + return ret; }