From: "Darrick J. Wong" <darrick.wong@oracle.com> To: david@fromorbit.com, darrick.wong@oracle.com Cc: sandeen@redhat.com, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, Dave Chinner <dchinner@redhat.com>, linux-fsdevel@vger.kernel.org, ocfs2-devel@oss.oracle.com Subject: [PATCH 04/25] xfs: update ctime and remove suid before cloning files Date: Tue, 09 Oct 2018 17:11:06 -0700 [thread overview] Message-ID: <153913026644.32295.612141018276176517.stgit@magnolia> (raw) In-Reply-To: <153913023835.32295.13962696655740190941.stgit@magnolia> From: Darrick J. Wong <darrick.wong@oracle.com> Before cloning into a file, update the ctime and remove sensitive attributes like suid, just like we'd do for a regular file write. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> --- fs/xfs/xfs_reflink.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c index cbb359e68a72..d4feaeba8542 100644 --- a/fs/xfs/xfs_reflink.c +++ b/fs/xfs/xfs_reflink.c @@ -1264,6 +1264,7 @@ xfs_reflink_zero_posteof( * Prepare two files for range cloning. Upon a successful return both inodes * will have the iolock and mmaplock held, the page cache of the out file * will be truncated, and any leases on the out file will have been broken. + * This function borrows heavily from xfs_file_aio_write_checks. * Returns negative for error, 0 for nothing to do, and 1 for success. */ STATIC int @@ -1328,6 +1329,30 @@ xfs_reflink_remap_prep( /* Zap any page cache for the destination file's range. */ truncate_inode_pages_range(&inode_out->i_data, pos_out, PAGE_ALIGN(pos_out + *len) - 1); + + /* If we're altering the file contents... */ + if (!is_dedupe) { + /* + * ...update the timestamps (which will grab the ilock again + * from xfs_fs_dirty_inode, so we have to call it before we + * take the ilock). + */ + if (!(file_out->f_mode & FMODE_NOCMTIME)) { + ret = file_update_time(file_out); + if (ret) + goto out_unlock; + } + + /* + * ...clear the security bits if the process is not being run + * by root. This keeps people from modifying setuid and setgid + * binaries. + */ + ret = file_remove_privs(file_out); + if (ret) + goto out_unlock; + } + return 1; out_unlock: xfs_reflink_remap_unlock(file_in, file_out);
WARNING: multiple messages have this Message-ID (diff)
From: Darrick J. Wong <darrick.wong@oracle.com> To: david@fromorbit.com, darrick.wong@oracle.com Cc: sandeen@redhat.com, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, Dave Chinner <dchinner@redhat.com>, linux-fsdevel@vger.kernel.org, ocfs2-devel@oss.oracle.com Subject: [Ocfs2-devel] [PATCH 04/25] xfs: update ctime and remove suid before cloning files Date: Tue, 09 Oct 2018 17:11:06 -0700 [thread overview] Message-ID: <153913026644.32295.612141018276176517.stgit@magnolia> (raw) In-Reply-To: <153913023835.32295.13962696655740190941.stgit@magnolia> From: Darrick J. Wong <darrick.wong@oracle.com> Before cloning into a file, update the ctime and remove sensitive attributes like suid, just like we'd do for a regular file write. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> --- fs/xfs/xfs_reflink.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c index cbb359e68a72..d4feaeba8542 100644 --- a/fs/xfs/xfs_reflink.c +++ b/fs/xfs/xfs_reflink.c @@ -1264,6 +1264,7 @@ xfs_reflink_zero_posteof( * Prepare two files for range cloning. Upon a successful return both inodes * will have the iolock and mmaplock held, the page cache of the out file * will be truncated, and any leases on the out file will have been broken. + * This function borrows heavily from xfs_file_aio_write_checks. * Returns negative for error, 0 for nothing to do, and 1 for success. */ STATIC int @@ -1328,6 +1329,30 @@ xfs_reflink_remap_prep( /* Zap any page cache for the destination file's range. */ truncate_inode_pages_range(&inode_out->i_data, pos_out, PAGE_ALIGN(pos_out + *len) - 1); + + /* If we're altering the file contents... */ + if (!is_dedupe) { + /* + * ...update the timestamps (which will grab the ilock again + * from xfs_fs_dirty_inode, so we have to call it before we + * take the ilock). + */ + if (!(file_out->f_mode & FMODE_NOCMTIME)) { + ret = file_update_time(file_out); + if (ret) + goto out_unlock; + } + + /* + * ...clear the security bits if the process is not being run + * by root. This keeps people from modifying setuid and setgid + * binaries. + */ + ret = file_remove_privs(file_out); + if (ret) + goto out_unlock; + } + return 1; out_unlock: xfs_reflink_remap_unlock(file_in, file_out);
next prev parent reply other threads:[~2018-10-10 0:11 UTC|newest] Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-10-10 0:10 [PATCH v2 00/25] fs: fixes for serious clone/dedupe problems Darrick J. Wong 2018-10-10 0:10 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:10 ` [PATCH 01/25] xfs: add a per-xfs trace_printk macro Darrick J. Wong 2018-10-10 0:10 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:36 ` Dave Chinner 2018-10-10 0:36 ` [Ocfs2-devel] " Dave Chinner 2018-10-10 15:00 ` [PATCH v2 " Darrick J. Wong 2018-10-10 15:00 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:10 ` [PATCH 02/25] xfs: refactor clonerange preparation into a separate helper Darrick J. Wong 2018-10-10 0:10 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:10 ` [PATCH 03/25] xfs: zero posteof blocks when cloning above eof Darrick J. Wong 2018-10-10 0:10 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:11 ` Darrick J. Wong [this message] 2018-10-10 0:11 ` [Ocfs2-devel] [PATCH 04/25] xfs: update ctime and remove suid before cloning files Darrick J. Wong 2018-10-10 0:11 ` [PATCH 05/25] vfs: check file ranges " Darrick J. Wong 2018-10-10 0:11 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 23:06 ` Dave Chinner 2018-10-10 23:06 ` [Ocfs2-devel] " Dave Chinner 2018-10-10 23:13 ` Darrick J. Wong 2018-10-10 23:13 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:11 ` [PATCH 06/25] vfs: strengthen checking of file range inputs to generic_remap_checks Darrick J. Wong 2018-10-10 0:11 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 5:23 ` Amir Goldstein 2018-10-10 17:01 ` Darrick J. Wong 2018-10-10 17:01 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 17:26 ` Amir Goldstein 2018-10-10 0:11 ` [PATCH 07/25] vfs: skip zero-length dedupe requests Darrick J. Wong 2018-10-10 0:11 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:11 ` [PATCH 08/25] vfs: combine the clone and dedupe into a single remap_file_range Darrick J. Wong 2018-10-10 0:11 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 5:54 ` Amir Goldstein 2018-10-10 15:13 ` Darrick J. Wong 2018-10-10 15:13 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 15:23 ` Amir Goldstein 2018-10-10 0:11 ` [PATCH 09/25] vfs: rename vfs_clone_file_prep to be more descriptive Darrick J. Wong 2018-10-10 0:11 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:11 ` [PATCH 10/25] vfs: rename clone_verify_area to remap_verify_area Darrick J. Wong 2018-10-10 0:11 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:13 ` [PATCH 11/25] vfs: create generic_remap_file_range_touch to update inode metadata Darrick J. Wong 2018-10-10 0:13 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:13 ` [PATCH 12/25] vfs: pass remap flags to generic_remap_file_range_prep Darrick J. Wong 2018-10-10 0:13 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:13 ` [PATCH 13/25] vfs: pass remap flags to generic_remap_checks Darrick J. Wong 2018-10-10 0:13 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:13 ` [PATCH 14/25] vfs: make remap_file_range functions take and return bytes completed Darrick J. Wong 2018-10-10 0:13 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 6:47 ` Amir Goldstein 2018-10-10 15:50 ` Darrick J. Wong 2018-10-10 15:50 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 18:28 ` Amir Goldstein 2018-10-10 18:32 ` Darrick J. Wong 2018-10-10 18:32 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:13 ` [PATCH 15/25] vfs: plumb RFR_* remap flags through the vfs clone functions Darrick J. Wong 2018-10-10 0:13 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 6:22 ` Amir Goldstein 2018-10-10 6:39 ` Amir Goldstein 2018-10-10 0:13 ` [PATCH 16/25] vfs: plumb RFR_* remap flags through the vfs dedupe functions Darrick J. Wong 2018-10-10 0:13 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:13 ` [PATCH 17/25] vfs: make remapping to source file eof more explicit Darrick J. Wong 2018-10-10 0:13 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 12:29 ` Amir Goldstein 2018-10-10 16:29 ` Darrick J. Wong 2018-10-10 16:29 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 17:31 ` Amir Goldstein 2018-10-10 0:14 ` [PATCH 18/25] vfs: enable remap callers that can handle short operations Darrick J. Wong 2018-10-10 0:14 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:14 ` [PATCH 19/25] vfs: hide file range comparison function Darrick J. Wong 2018-10-10 0:14 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:14 ` [PATCH 20/25] vfs: implement opportunistic short dedupe Darrick J. Wong 2018-10-10 0:14 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:14 ` [PATCH 21/25] ocfs2: truncate page cache for clone destination file before remapping Darrick J. Wong 2018-10-10 0:14 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:14 ` [PATCH 22/25] ocfs2: fix pagecache truncation prior to reflink Darrick J. Wong 2018-10-10 0:14 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:14 ` [PATCH 23/25] ocfs2: support partial clone range and dedupe range Darrick J. Wong 2018-10-10 0:14 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:14 ` [PATCH 24/25] xfs: fix pagecache truncation prior to reflink Darrick J. Wong 2018-10-10 0:14 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 0:14 ` [PATCH 25/25] xfs: support returning partial reflink results Darrick J. Wong 2018-10-10 0:14 ` [Ocfs2-devel] " Darrick J. Wong 2018-10-10 1:02 ` [PATCH v2 00/25] fs: fixes for serious clone/dedupe problems Dave Chinner 2018-10-10 1:02 ` [Ocfs2-devel] " Dave Chinner 2018-10-10 1:06 ` Darrick J. Wong 2018-10-10 1:06 ` [Ocfs2-devel] " Darrick J. Wong
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=153913026644.32295.612141018276176517.stgit@magnolia \ --to=darrick.wong@oracle.com \ --cc=david@fromorbit.com \ --cc=dchinner@redhat.com \ --cc=linux-btrfs@vger.kernel.org \ --cc=linux-cifs@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linux-nfs@vger.kernel.org \ --cc=linux-unionfs@vger.kernel.org \ --cc=linux-xfs@vger.kernel.org \ --cc=ocfs2-devel@oss.oracle.com \ --cc=sandeen@redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.