* [vfs PATCH 0/2] Fix gfs2 setattr bug
@ 2021-07-28 12:47 Bob Peterson
2021-07-28 12:47 ` [vfs PATCH 1/2] fs: Move notify_change permission checks into may_setattr Bob Peterson
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Bob Peterson @ 2021-07-28 12:47 UTC (permalink / raw)
To: viro; +Cc: linux-fsdevel
Hi Al,
Here is a set of two patches from Andreas Gruenbacher to fix a problem
that causes xfstests generic/079 to fail on gfs2. The first patch moves a
chunk of code from notify_change to its own function, may_setattr, so gfs2
can use it. The second patch makes gfs2 use it.
Bob Peterson
Andreas Gruenbacher (2):
fs: Move notify_change permission checks into may_setattr
gfs2: Switch to may_setattr in gfs2_setattr
fs/attr.c | 50 ++++++++++++++++++++++++++++------------------
fs/gfs2/inode.c | 4 ++--
include/linux/fs.h | 2 ++
3 files changed, 35 insertions(+), 21 deletions(-)
--
2.31.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [vfs PATCH 1/2] fs: Move notify_change permission checks into may_setattr
2021-07-28 12:47 [vfs PATCH 0/2] Fix gfs2 setattr bug Bob Peterson
@ 2021-07-28 12:47 ` Bob Peterson
2021-07-28 12:47 ` [vfs PATCH 2/2] gfs2: Switch to may_setattr in gfs2_setattr Bob Peterson
2021-07-28 13:14 ` [vfs PATCH 0/2] Fix gfs2 setattr bug Christian Brauner
2 siblings, 0 replies; 4+ messages in thread
From: Bob Peterson @ 2021-07-28 12:47 UTC (permalink / raw)
To: viro; +Cc: linux-fsdevel
From: Andreas Gruenbacher <agruenba@redhat.com>
Move the permission checks in notify_change into a separate function to
make them available to filesystems.
When notify_change is called, the vfs performs those checks before
calling into iop->setattr. However, a filesystem like gfs2 can only
lock and revalidate the inode inside ->setattr, and it must then repeat
those checks to err on the safe side.
It would be nice to get rid of the double checking, but moving the
permission check into iop->setattr altogether isn't really an option.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
---
fs/attr.c | 50 ++++++++++++++++++++++++++++------------------
include/linux/fs.h | 2 ++
2 files changed, 33 insertions(+), 19 deletions(-)
diff --git a/fs/attr.c b/fs/attr.c
index 87ef39db1c34..473d21b3a86d 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -249,6 +249,34 @@ void setattr_copy(struct user_namespace *mnt_userns, struct inode *inode,
}
EXPORT_SYMBOL(setattr_copy);
+int may_setattr(struct user_namespace *mnt_userns, struct inode *inode,
+ unsigned int ia_valid)
+{
+ int error;
+
+ if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) {
+ if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
+ return -EPERM;
+ }
+
+ /*
+ * If utimes(2) and friends are called with times == NULL (or both
+ * times are UTIME_NOW), then we need to check for write permission
+ */
+ if (ia_valid & ATTR_TOUCH) {
+ if (IS_IMMUTABLE(inode))
+ return -EPERM;
+
+ if (!inode_owner_or_capable(mnt_userns, inode)) {
+ error = inode_permission(mnt_userns, inode, MAY_WRITE);
+ if (error)
+ return error;
+ }
+ }
+ return 0;
+}
+EXPORT_SYMBOL(may_setattr);
+
/**
* notify_change - modify attributes of a filesytem object
* @mnt_userns: user namespace of the mount the inode was found from
@@ -290,25 +318,9 @@ int notify_change(struct user_namespace *mnt_userns, struct dentry *dentry,
WARN_ON_ONCE(!inode_is_locked(inode));
- if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) {
- if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
- return -EPERM;
- }
-
- /*
- * If utimes(2) and friends are called with times == NULL (or both
- * times are UTIME_NOW), then we need to check for write permission
- */
- if (ia_valid & ATTR_TOUCH) {
- if (IS_IMMUTABLE(inode))
- return -EPERM;
-
- if (!inode_owner_or_capable(mnt_userns, inode)) {
- error = inode_permission(mnt_userns, inode, MAY_WRITE);
- if (error)
- return error;
- }
- }
+ error = may_setattr(mnt_userns, inode, ia_valid);
+ if (error)
+ return error;
if ((ia_valid & ATTR_MODE)) {
umode_t amode = attr->ia_mode;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 640574294216..50192964bf6b 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -3469,6 +3469,8 @@ extern int buffer_migrate_page_norefs(struct address_space *,
#define buffer_migrate_page_norefs NULL
#endif
+int may_setattr(struct user_namespace *mnt_userns, struct inode *inode,
+ unsigned int ia_valid);
int setattr_prepare(struct user_namespace *, struct dentry *, struct iattr *);
extern int inode_newsize_ok(const struct inode *, loff_t offset);
void setattr_copy(struct user_namespace *, struct inode *inode,
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [vfs PATCH 2/2] gfs2: Switch to may_setattr in gfs2_setattr
2021-07-28 12:47 [vfs PATCH 0/2] Fix gfs2 setattr bug Bob Peterson
2021-07-28 12:47 ` [vfs PATCH 1/2] fs: Move notify_change permission checks into may_setattr Bob Peterson
@ 2021-07-28 12:47 ` Bob Peterson
2021-07-28 13:14 ` [vfs PATCH 0/2] Fix gfs2 setattr bug Christian Brauner
2 siblings, 0 replies; 4+ messages in thread
From: Bob Peterson @ 2021-07-28 12:47 UTC (permalink / raw)
To: viro; +Cc: linux-fsdevel
From: Andreas Gruenbacher <agruenba@redhat.com>
The permission check in gfs2_setattr is an old and outdated version of
may_setattr(). Switch to the updated version.
Fixes fstest generic/079.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
---
fs/gfs2/inode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
index 6e15434b23ac..3130f85d2b3f 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
@@ -1985,8 +1985,8 @@ static int gfs2_setattr(struct user_namespace *mnt_userns,
if (error)
goto out;
- error = -EPERM;
- if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
+ error = may_setattr(&init_user_ns, inode, attr->ia_valid);
+ if (error)
goto error;
error = setattr_prepare(&init_user_ns, dentry, attr);
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [vfs PATCH 0/2] Fix gfs2 setattr bug
2021-07-28 12:47 [vfs PATCH 0/2] Fix gfs2 setattr bug Bob Peterson
2021-07-28 12:47 ` [vfs PATCH 1/2] fs: Move notify_change permission checks into may_setattr Bob Peterson
2021-07-28 12:47 ` [vfs PATCH 2/2] gfs2: Switch to may_setattr in gfs2_setattr Bob Peterson
@ 2021-07-28 13:14 ` Christian Brauner
2 siblings, 0 replies; 4+ messages in thread
From: Christian Brauner @ 2021-07-28 13:14 UTC (permalink / raw)
To: Bob Peterson; +Cc: viro, linux-fsdevel
On Wed, Jul 28, 2021 at 07:47:32AM -0500, Bob Peterson wrote:
> Hi Al,
>
> Here is a set of two patches from Andreas Gruenbacher to fix a problem
> that causes xfstests generic/079 to fail on gfs2. The first patch moves a
> chunk of code from notify_change to its own function, may_setattr, so gfs2
> can use it. The second patch makes gfs2 use it.
lgtm,
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-07-28 13:14 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-28 12:47 [vfs PATCH 0/2] Fix gfs2 setattr bug Bob Peterson
2021-07-28 12:47 ` [vfs PATCH 1/2] fs: Move notify_change permission checks into may_setattr Bob Peterson
2021-07-28 12:47 ` [vfs PATCH 2/2] gfs2: Switch to may_setattr in gfs2_setattr Bob Peterson
2021-07-28 13:14 ` [vfs PATCH 0/2] Fix gfs2 setattr bug Christian Brauner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.