From: Christian Brauner <brauner@kernel.org>
To: Johan Hovold <johan@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Anton Altaparmakov <anton@tuxera.com>,
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>,
Linux regressions mailing list <regressions@lists.linux.dev>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
Namjae Jeon <linkinjeon@kernel.org>,
"ntfs3@lists.linux.dev" <ntfs3@lists.linux.dev>,
Linux FS-devel Mailing List <linux-fsdevel@vger.kernel.org>,
"linux-ntfs-dev@lists.sourceforge.net"
<linux-ntfs-dev@lists.sourceforge.net>
Subject: Re: [PATCH 2/2] ntfs3: remove warning
Date: Tue, 16 Apr 2024 12:38:56 +0200 [thread overview]
Message-ID: <20240416-genutzt-bestleistung-f76707a9ddba@brauner> (raw)
In-Reply-To: <Zh1Qa2aB2Dg_-mW4@hovoldconsulting.com>
[-- Attachment #1: Type: text/plain, Size: 1710 bytes --]
On Mon, Apr 15, 2024 at 06:06:03PM +0200, Johan Hovold wrote:
> On Mon, Apr 15, 2024 at 08:51:13AM -0700, Linus Torvalds wrote:
> > On Mon, 15 Apr 2024 at 08:47, Johan Hovold <johan@kernel.org> wrote:
> > >
> > > I think the "ntfs" alias must always be mounted read-only because you
> > > can currently have an fstab entry which does not specify "ro" and this
> > > mount would suddenly become writeable when updating to 6.9 (possibly by
> > > a non-privileged user, etc).
> >
> > Well, it would be fairly easy to do particularly if we just do it for
> > the old legacy case.
> >
> > Of course, even the legacy case had that CONFIG_NTFS_RW option, so
> > people who depended on _that_ would want to be able to remount...
>
> Ah, right, I forgot about CONFIG_NTFS_RW as I've never enabled it.
>
> Judging from the now removed Kconfig entry perhaps not that many people
> did:
>
> The only supported operation is overwriting existing files,
> without changing the file length. No file or directory
> creation, deletion or renaming is possible.
>
> but I guess it still makes my argument above mostly moot.
>
> At least if we disable write support in ntfs3 by default for now...
I think we can disable write support in ntfs3 for now. I've picked up
the patch to make ntfs3 serve I sent some time ago that Johan tested
now.
The only thing left is to disable write support for ntfs3 as legacy ntfs
driver for now. I took a stab at this. The following two patches
I'm appending _should_ be enough iiuc. Johan, please take a look and
please test.
This is also available on:
https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git vfs.fixes
So feel free to pull from there and look there as well.
[-- Attachment #2: 0001-ntfs3-enforce-read-only-when-used-as-legacy-ntfs-dri.patch --]
[-- Type: text/x-diff, Size: 3637 bytes --]
From 1a2af5ca9b66bd3d4040f9987c78faff128e552f Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Tue, 16 Apr 2024 12:08:51 +0200
Subject: [PATCH 1/2] ntfs3: enforce read-only when used as legacy ntfs driver
Ensure that ntfs3 is mounted read-only when it is used to provide the
legacy ntfs driver.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/ntfs3/ntfs_fs.h | 2 ++
fs/ntfs3/super.c | 34 ++++++++++++++++++++++++++++++----
2 files changed, 32 insertions(+), 4 deletions(-)
diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h
index 79356fd29a14..184c8bc76b92 100644
--- a/fs/ntfs3/ntfs_fs.h
+++ b/fs/ntfs3/ntfs_fs.h
@@ -1154,4 +1154,6 @@ static inline void le64_sub_cpu(__le64 *var, u64 val)
*var = cpu_to_le64(le64_to_cpu(*var) - val);
}
+bool is_legacy_ntfs(struct super_block *sb);
+
#endif /* _LINUX_NTFS3_NTFS_FS_H */
diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c
index 8d2e51bae2cb..d7f3e03a4010 100644
--- a/fs/ntfs3/super.c
+++ b/fs/ntfs3/super.c
@@ -408,6 +408,12 @@ static int ntfs_fs_reconfigure(struct fs_context *fc)
struct ntfs_mount_options *new_opts = fc->fs_private;
int ro_rw;
+ /* If ntfs3 is used as legacy ntfs enforce read-only mode. */
+ if (is_legacy_ntfs(sb)) {
+ fc->sb_flags |= SB_RDONLY;
+ goto out;
+ }
+
ro_rw = sb_rdonly(sb) && !(fc->sb_flags & SB_RDONLY);
if (ro_rw && (sbi->flags & NTFS_FLAGS_NEED_REPLAY)) {
errorf(fc,
@@ -427,8 +433,6 @@ static int ntfs_fs_reconfigure(struct fs_context *fc)
fc,
"ntfs3: Cannot use different iocharset when remounting!");
- sync_filesystem(sb);
-
if (ro_rw && (sbi->volume.flags & VOLUME_FLAG_DIRTY) &&
!new_opts->force) {
errorf(fc,
@@ -436,6 +440,8 @@ static int ntfs_fs_reconfigure(struct fs_context *fc)
return -EINVAL;
}
+out:
+ sync_filesystem(sb);
swap(sbi->options, fc->fs_private);
return 0;
@@ -1730,7 +1736,7 @@ static const struct fs_context_operations ntfs_context_ops = {
* This will called when mount/remount. We will first initialize
* options so that if remount we can use just that.
*/
-static int ntfs_init_fs_context(struct fs_context *fc)
+static int __ntfs_init_fs_context(struct fs_context *fc)
{
struct ntfs_mount_options *opts;
struct ntfs_sb_info *sbi;
@@ -1778,6 +1784,11 @@ static int ntfs_init_fs_context(struct fs_context *fc)
return -ENOMEM;
}
+static int ntfs_init_fs_context(struct fs_context *fc)
+{
+ return __ntfs_init_fs_context(fc);
+}
+
static void ntfs3_kill_sb(struct super_block *sb)
{
struct ntfs_sb_info *sbi = sb->s_fs_info;
@@ -1800,10 +1811,20 @@ static struct file_system_type ntfs_fs_type = {
};
#if IS_ENABLED(CONFIG_NTFS_FS)
+static int ntfs_legacy_init_fs_context(struct fs_context *fc)
+{
+ int ret;
+
+ ret = __ntfs_init_fs_context(fc);
+ /* If ntfs3 is used as legacy ntfs enforce read-only mode. */
+ fc->sb_flags |= SB_RDONLY;
+ return ret;
+}
+
static struct file_system_type ntfs_legacy_fs_type = {
.owner = THIS_MODULE,
.name = "ntfs",
- .init_fs_context = ntfs_init_fs_context,
+ .init_fs_context = ntfs_legacy_init_fs_context,
.parameters = ntfs_fs_parameters,
.kill_sb = ntfs3_kill_sb,
.fs_flags = FS_REQUIRES_DEV | FS_ALLOW_IDMAP,
@@ -1821,9 +1842,14 @@ static inline void unregister_as_ntfs_legacy(void)
{
unregister_filesystem(&ntfs_legacy_fs_type);
}
+bool is_legacy_ntfs(struct super_block *sb)
+{
+ return sb->s_type == &ntfs_legacy_fs_type;
+}
#else
static inline void register_as_ntfs_legacy(void) {}
static inline void unregister_as_ntfs_legacy(void) {}
+bool is_legacy_ntfs(struct super_block *sb) { return false; }
#endif
--
2.43.0
[-- Attachment #3: 0002-ntfs3-add-legacy-ntfs-file-operations.patch --]
[-- Type: text/x-diff, Size: 4547 bytes --]
From 5e646f22f0e9d5268d902dfd33a39154c0b5f578 Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Tue, 16 Apr 2024 12:20:50 +0200
Subject: [PATCH 2/2] ntfs3: add legacy ntfs file operations
To ensure that ioctl()s can't be used to circumvent write restrictions.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/ntfs3/dir.c | 7 +++++++
fs/ntfs3/file.c | 8 ++++++++
fs/ntfs3/inode.c | 20 ++++++++++++++++----
fs/ntfs3/ntfs_fs.h | 2 ++
4 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/fs/ntfs3/dir.c b/fs/ntfs3/dir.c
index 5cf3d9decf64..263635199b60 100644
--- a/fs/ntfs3/dir.c
+++ b/fs/ntfs3/dir.c
@@ -616,4 +616,11 @@ const struct file_operations ntfs_dir_operations = {
.compat_ioctl = ntfs_compat_ioctl,
#endif
};
+
+const struct file_operations ntfs_legacy_dir_operations = {
+ .llseek = generic_file_llseek,
+ .read = generic_read_dir,
+ .iterate_shared = ntfs_readdir,
+ .open = ntfs_file_open,
+};
// clang-format on
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 5418662c80d8..b73969e05052 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -1236,4 +1236,12 @@ const struct file_operations ntfs_file_operations = {
.fallocate = ntfs_fallocate,
.release = ntfs_file_release,
};
+
+const struct file_operations ntfs_legacy_file_operations = {
+ .llseek = generic_file_llseek,
+ .read_iter = ntfs_file_read_iter,
+ .splice_read = ntfs_file_splice_read,
+ .open = ntfs_file_open,
+ .release = ntfs_file_release,
+};
// clang-format on
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
index eb7a8c9fba01..d273eda1cf45 100644
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -440,7 +440,10 @@ static struct inode *ntfs_read_mft(struct inode *inode,
* Usually a hard links to directories are disabled.
*/
inode->i_op = &ntfs_dir_inode_operations;
- inode->i_fop = &ntfs_dir_operations;
+ if (is_legacy_ntfs(inode->i_sb))
+ inode->i_fop = &ntfs_legacy_dir_operations;
+ else
+ inode->i_fop = &ntfs_dir_operations;
ni->i_valid = 0;
} else if (S_ISLNK(mode)) {
ni->std_fa &= ~FILE_ATTRIBUTE_DIRECTORY;
@@ -450,7 +453,10 @@ static struct inode *ntfs_read_mft(struct inode *inode,
} else if (S_ISREG(mode)) {
ni->std_fa &= ~FILE_ATTRIBUTE_DIRECTORY;
inode->i_op = &ntfs_file_inode_operations;
- inode->i_fop = &ntfs_file_operations;
+ if (is_legacy_ntfs(inode->i_sb))
+ inode->i_fop = &ntfs_legacy_file_operations;
+ else
+ inode->i_fop = &ntfs_file_operations;
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
if (ino != MFT_REC_MFT)
@@ -1614,7 +1620,10 @@ struct inode *ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
if (S_ISDIR(mode)) {
inode->i_op = &ntfs_dir_inode_operations;
- inode->i_fop = &ntfs_dir_operations;
+ if (is_legacy_ntfs(inode->i_sb))
+ inode->i_fop = &ntfs_legacy_dir_operations;
+ else
+ inode->i_fop = &ntfs_dir_operations;
} else if (S_ISLNK(mode)) {
inode->i_op = &ntfs_link_inode_operations;
inode->i_fop = NULL;
@@ -1623,7 +1632,10 @@ struct inode *ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
inode_nohighmem(inode);
} else if (S_ISREG(mode)) {
inode->i_op = &ntfs_file_inode_operations;
- inode->i_fop = &ntfs_file_operations;
+ if (is_legacy_ntfs(inode->i_sb))
+ inode->i_fop = &ntfs_legacy_file_operations;
+ else
+ inode->i_fop = &ntfs_file_operations;
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
init_rwsem(&ni->file.run_lock);
diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h
index 184c8bc76b92..5f4d288c6adf 100644
--- a/fs/ntfs3/ntfs_fs.h
+++ b/fs/ntfs3/ntfs_fs.h
@@ -493,6 +493,7 @@ struct inode *dir_search_u(struct inode *dir, const struct cpu_str *uni,
struct ntfs_fnd *fnd);
bool dir_is_empty(struct inode *dir);
extern const struct file_operations ntfs_dir_operations;
+extern const struct file_operations ntfs_legacy_dir_operations;
/* Globals from file.c */
int ntfs_getattr(struct mnt_idmap *idmap, const struct path *path,
@@ -507,6 +508,7 @@ long ntfs_compat_ioctl(struct file *filp, u32 cmd, unsigned long arg);
extern const struct inode_operations ntfs_special_inode_operations;
extern const struct inode_operations ntfs_file_inode_operations;
extern const struct file_operations ntfs_file_operations;
+extern const struct file_operations ntfs_legacy_file_operations;
/* Globals from frecord.c */
void ni_remove_mi(struct ntfs_inode *ni, struct mft_inode *mi);
--
2.43.0
next prev parent reply other threads:[~2024-04-16 10:39 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-15 7:20 [PATCH] fs: Remove NTFS classic Matthew Wilcox (Oracle)
2024-01-15 11:00 ` Anton Altaparmakov
2024-01-15 11:08 ` Enrico Mioso
2024-01-15 11:41 ` Namjae Jeon
2024-01-15 14:49 ` Matthew Wilcox
2024-01-16 9:52 ` [PATCH] " Anton Altaparmakov
2024-01-15 22:20 ` [PATCH] fs: " Dave Chinner
2024-01-16 9:33 ` Christian Brauner
2024-01-16 9:51 ` [PATCH] " Anton Altaparmakov
2024-01-16 11:06 ` Christian Brauner
2024-01-16 11:32 ` Anton Altaparmakov
2024-03-22 16:35 ` [PATCH] fs: " Johan Hovold
2024-03-25 8:28 ` Christian Brauner
2024-03-25 8:34 ` [PATCH 1/2] ntfs3: serve as alias for the legacy ntfs driver Christian Brauner
2024-03-25 10:09 ` Johan Hovold
2024-03-25 12:01 ` Christian Brauner
2024-03-25 8:34 ` [PATCH 2/2] ntfs3: remove warning Christian Brauner
2024-03-25 10:12 ` Johan Hovold
2024-03-25 12:05 ` Christian Brauner
2024-04-04 8:06 ` Linux regression tracking (Thorsten Leemhuis)
2024-04-11 11:03 ` Konstantin Komarov
2024-04-15 9:54 ` Johan Hovold
2024-04-15 10:20 ` Johan Hovold
2024-04-15 11:32 ` Anton Altaparmakov
2024-04-15 11:42 ` Johan Hovold
2024-04-15 14:15 ` Christian Brauner
2024-04-15 15:23 ` Linus Torvalds
2024-04-15 15:27 ` Matthew Wilcox
2024-04-15 15:47 ` Johan Hovold
2024-04-15 15:51 ` Linus Torvalds
2024-04-15 16:06 ` Johan Hovold
2024-04-16 10:38 ` Christian Brauner [this message]
2024-04-16 12:55 ` Johan Hovold
2024-04-17 16:07 ` Konstantin Komarov
2024-04-18 6:36 ` Johan Hovold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240416-genutzt-bestleistung-f76707a9ddba@brauner \
--to=brauner@kernel.org \
--cc=almaz.alexandrovich@paragon-software.com \
--cc=anton@tuxera.com \
--cc=johan@kernel.org \
--cc=linkinjeon@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-ntfs-dev@lists.sourceforge.net \
--cc=ntfs3@lists.linux.dev \
--cc=regressions@lists.linux.dev \
--cc=torvalds@linux-foundation.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.