* [PATCH v2 0/2] Allow skipping abort interface for virtiofs
@ 2022-06-15 5:57 Xie Yongji
2022-06-15 5:57 ` [PATCH v2 1/2] fuse: Remove unused "no_control" related code Xie Yongji
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: Xie Yongji @ 2022-06-15 5:57 UTC (permalink / raw)
To: miklos, vgoyal, stefanha
Cc: zhangjiachen.jaycee, linux-fsdevel, virtualization
The commit 15c8e72e88e0 ("fuse: allow skipping control
interface and forced unmount") tries to remove the control
interface for virtio-fs since it does not support aborting
requests which are being processed. But it doesn't work now.
This series fixes the bug, but only remove the abort interface
instead since other interfaces should be useful.
V1 to V2:
- Split the patch into two part [Vivek]
Xie Yongji (2):
fuse: Remove unused "no_control" related code
virtiofs: allow skipping abort interface
fs/fuse/control.c | 4 ++--
fs/fuse/fuse_i.h | 6 +++---
fs/fuse/inode.c | 2 +-
fs/fuse/virtio_fs.c | 2 +-
4 files changed, 7 insertions(+), 7 deletions(-)
--
2.20.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 1/2] fuse: Remove unused "no_control" related code
2022-06-15 5:57 [PATCH v2 0/2] Allow skipping abort interface for virtiofs Xie Yongji
@ 2022-06-15 5:57 ` Xie Yongji
2022-06-15 19:56 ` Vivek Goyal
2022-06-15 5:57 ` [PATCH v2 2/2] virtiofs: allow skipping abort interface Xie Yongji
2022-07-11 8:05 ` [PATCH v2 0/2] Allow skipping abort interface for virtiofs Miklos Szeredi
2 siblings, 1 reply; 11+ messages in thread
From: Xie Yongji @ 2022-06-15 5:57 UTC (permalink / raw)
To: miklos, vgoyal, stefanha
Cc: zhangjiachen.jaycee, linux-fsdevel, virtualization
This gets rid of "no_control" related code since
nobody uses it.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
---
fs/fuse/fuse_i.h | 4 ----
fs/fuse/inode.c | 1 -
fs/fuse/virtio_fs.c | 1 -
3 files changed, 6 deletions(-)
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 488b460e046f..a47f14d0ee3f 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -507,7 +507,6 @@ struct fuse_fs_context {
bool default_permissions:1;
bool allow_other:1;
bool destroy:1;
- bool no_control:1;
bool no_force_umount:1;
bool legacy_opts_show:1;
enum fuse_dax_mode dax_mode;
@@ -766,9 +765,6 @@ struct fuse_conn {
/* Delete dentries that have gone stale */
unsigned int delete_stale:1;
- /** Do not create entry in fusectl fs */
- unsigned int no_control:1;
-
/** Do not allow MNT_FORCE umount */
unsigned int no_force_umount:1;
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 8c0665c5dff8..4059c6898e08 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1564,7 +1564,6 @@ int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx)
fc->legacy_opts_show = ctx->legacy_opts_show;
fc->max_read = max_t(unsigned int, 4096, ctx->max_read);
fc->destroy = ctx->destroy;
- fc->no_control = ctx->no_control;
fc->no_force_umount = ctx->no_force_umount;
err = -ENOMEM;
diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
index 8db53fa67359..24bcf4dbca2a 100644
--- a/fs/fuse/virtio_fs.c
+++ b/fs/fuse/virtio_fs.c
@@ -1287,7 +1287,6 @@ static inline void virtio_fs_ctx_set_defaults(struct fuse_fs_context *ctx)
ctx->max_read = UINT_MAX;
ctx->blksize = 512;
ctx->destroy = true;
- ctx->no_control = true;
ctx->no_force_umount = true;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v2 2/2] virtiofs: allow skipping abort interface
2022-06-15 5:57 [PATCH v2 0/2] Allow skipping abort interface for virtiofs Xie Yongji
2022-06-15 5:57 ` [PATCH v2 1/2] fuse: Remove unused "no_control" related code Xie Yongji
@ 2022-06-15 5:57 ` Xie Yongji
2022-06-15 19:14 ` Vivek Goyal
2022-06-15 19:57 ` Vivek Goyal
2022-07-11 8:05 ` [PATCH v2 0/2] Allow skipping abort interface for virtiofs Miklos Szeredi
2 siblings, 2 replies; 11+ messages in thread
From: Xie Yongji @ 2022-06-15 5:57 UTC (permalink / raw)
To: miklos, vgoyal, stefanha
Cc: zhangjiachen.jaycee, linux-fsdevel, virtualization
Virtio-fs does not support aborting requests which are being
processed. Otherwise, it might trigger UAF since
virtio_fs_request_complete() doesn't know the requests are
aborted. So let's remove the abort interface.
Fixes: 15c8e72e88e0 ("fuse: allow skipping control interface and forced unmount")
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
---
fs/fuse/control.c | 4 ++--
fs/fuse/fuse_i.h | 4 ++++
fs/fuse/inode.c | 1 +
fs/fuse/virtio_fs.c | 1 +
4 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/fuse/control.c b/fs/fuse/control.c
index 7cede9a3bc96..d93d8ea3a090 100644
--- a/fs/fuse/control.c
+++ b/fs/fuse/control.c
@@ -272,8 +272,8 @@ int fuse_ctl_add_conn(struct fuse_conn *fc)
if (!fuse_ctl_add_dentry(parent, fc, "waiting", S_IFREG | 0400, 1,
NULL, &fuse_ctl_waiting_ops) ||
- !fuse_ctl_add_dentry(parent, fc, "abort", S_IFREG | 0200, 1,
- NULL, &fuse_ctl_abort_ops) ||
+ (!fc->no_abort_control && !fuse_ctl_add_dentry(parent, fc, "abort",
+ S_IFREG | 0200, 1, NULL, &fuse_ctl_abort_ops)) ||
!fuse_ctl_add_dentry(parent, fc, "max_background", S_IFREG | 0600,
1, NULL, &fuse_conn_max_background_ops) ||
!fuse_ctl_add_dentry(parent, fc, "congestion_threshold",
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index a47f14d0ee3f..e29a4e2f2b35 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -507,6 +507,7 @@ struct fuse_fs_context {
bool default_permissions:1;
bool allow_other:1;
bool destroy:1;
+ bool no_abort_control:1;
bool no_force_umount:1;
bool legacy_opts_show:1;
enum fuse_dax_mode dax_mode;
@@ -765,6 +766,9 @@ struct fuse_conn {
/* Delete dentries that have gone stale */
unsigned int delete_stale:1;
+ /** Do not create abort entry in fusectl fs */
+ unsigned int no_abort_control:1;
+
/** Do not allow MNT_FORCE umount */
unsigned int no_force_umount:1;
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 4059c6898e08..02a16cd35f42 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1564,6 +1564,7 @@ int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx)
fc->legacy_opts_show = ctx->legacy_opts_show;
fc->max_read = max_t(unsigned int, 4096, ctx->max_read);
fc->destroy = ctx->destroy;
+ fc->no_abort_control = ctx->no_abort_control;
fc->no_force_umount = ctx->no_force_umount;
err = -ENOMEM;
diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
index 24bcf4dbca2a..af369bea6dbb 100644
--- a/fs/fuse/virtio_fs.c
+++ b/fs/fuse/virtio_fs.c
@@ -1287,6 +1287,7 @@ static inline void virtio_fs_ctx_set_defaults(struct fuse_fs_context *ctx)
ctx->max_read = UINT_MAX;
ctx->blksize = 512;
ctx->destroy = true;
+ ctx->no_abort_control = true;
ctx->no_force_umount = true;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/2] virtiofs: allow skipping abort interface
2022-06-15 5:57 ` [PATCH v2 2/2] virtiofs: allow skipping abort interface Xie Yongji
@ 2022-06-15 19:14 ` Vivek Goyal
2022-06-15 19:57 ` Vivek Goyal
1 sibling, 0 replies; 11+ messages in thread
From: Vivek Goyal @ 2022-06-15 19:14 UTC (permalink / raw)
To: Xie Yongji
Cc: miklos, stefanha, zhangjiachen.jaycee, linux-fsdevel, virtualization
On Wed, Jun 15, 2022 at 01:57:55PM +0800, Xie Yongji wrote:
> Virtio-fs does not support aborting requests which are being
> processed. Otherwise, it might trigger UAF since
What is full form of UAF? Use after free?
Thanks
Vivek
> virtio_fs_request_complete() doesn't know the requests are
> aborted. So let's remove the abort interface.
>
> Fixes: 15c8e72e88e0 ("fuse: allow skipping control interface and forced unmount")
> Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
> ---
> fs/fuse/control.c | 4 ++--
> fs/fuse/fuse_i.h | 4 ++++
> fs/fuse/inode.c | 1 +
> fs/fuse/virtio_fs.c | 1 +
> 4 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/fs/fuse/control.c b/fs/fuse/control.c
> index 7cede9a3bc96..d93d8ea3a090 100644
> --- a/fs/fuse/control.c
> +++ b/fs/fuse/control.c
> @@ -272,8 +272,8 @@ int fuse_ctl_add_conn(struct fuse_conn *fc)
>
> if (!fuse_ctl_add_dentry(parent, fc, "waiting", S_IFREG | 0400, 1,
> NULL, &fuse_ctl_waiting_ops) ||
> - !fuse_ctl_add_dentry(parent, fc, "abort", S_IFREG | 0200, 1,
> - NULL, &fuse_ctl_abort_ops) ||
> + (!fc->no_abort_control && !fuse_ctl_add_dentry(parent, fc, "abort",
> + S_IFREG | 0200, 1, NULL, &fuse_ctl_abort_ops)) ||
> !fuse_ctl_add_dentry(parent, fc, "max_background", S_IFREG | 0600,
> 1, NULL, &fuse_conn_max_background_ops) ||
> !fuse_ctl_add_dentry(parent, fc, "congestion_threshold",
> diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
> index a47f14d0ee3f..e29a4e2f2b35 100644
> --- a/fs/fuse/fuse_i.h
> +++ b/fs/fuse/fuse_i.h
> @@ -507,6 +507,7 @@ struct fuse_fs_context {
> bool default_permissions:1;
> bool allow_other:1;
> bool destroy:1;
> + bool no_abort_control:1;
> bool no_force_umount:1;
> bool legacy_opts_show:1;
> enum fuse_dax_mode dax_mode;
> @@ -765,6 +766,9 @@ struct fuse_conn {
> /* Delete dentries that have gone stale */
> unsigned int delete_stale:1;
>
> + /** Do not create abort entry in fusectl fs */
> + unsigned int no_abort_control:1;
> +
> /** Do not allow MNT_FORCE umount */
> unsigned int no_force_umount:1;
>
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 4059c6898e08..02a16cd35f42 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -1564,6 +1564,7 @@ int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx)
> fc->legacy_opts_show = ctx->legacy_opts_show;
> fc->max_read = max_t(unsigned int, 4096, ctx->max_read);
> fc->destroy = ctx->destroy;
> + fc->no_abort_control = ctx->no_abort_control;
> fc->no_force_umount = ctx->no_force_umount;
>
> err = -ENOMEM;
> diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
> index 24bcf4dbca2a..af369bea6dbb 100644
> --- a/fs/fuse/virtio_fs.c
> +++ b/fs/fuse/virtio_fs.c
> @@ -1287,6 +1287,7 @@ static inline void virtio_fs_ctx_set_defaults(struct fuse_fs_context *ctx)
> ctx->max_read = UINT_MAX;
> ctx->blksize = 512;
> ctx->destroy = true;
> + ctx->no_abort_control = true;
> ctx->no_force_umount = true;
> }
>
> --
> 2.20.1
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/2] virtiofs: allow skipping abort interface
@ 2022-06-15 19:14 ` Vivek Goyal
0 siblings, 0 replies; 11+ messages in thread
From: Vivek Goyal @ 2022-06-15 19:14 UTC (permalink / raw)
To: Xie Yongji
Cc: linux-fsdevel, zhangjiachen.jaycee, virtualization, stefanha, miklos
On Wed, Jun 15, 2022 at 01:57:55PM +0800, Xie Yongji wrote:
> Virtio-fs does not support aborting requests which are being
> processed. Otherwise, it might trigger UAF since
What is full form of UAF? Use after free?
Thanks
Vivek
> virtio_fs_request_complete() doesn't know the requests are
> aborted. So let's remove the abort interface.
>
> Fixes: 15c8e72e88e0 ("fuse: allow skipping control interface and forced unmount")
> Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
> ---
> fs/fuse/control.c | 4 ++--
> fs/fuse/fuse_i.h | 4 ++++
> fs/fuse/inode.c | 1 +
> fs/fuse/virtio_fs.c | 1 +
> 4 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/fs/fuse/control.c b/fs/fuse/control.c
> index 7cede9a3bc96..d93d8ea3a090 100644
> --- a/fs/fuse/control.c
> +++ b/fs/fuse/control.c
> @@ -272,8 +272,8 @@ int fuse_ctl_add_conn(struct fuse_conn *fc)
>
> if (!fuse_ctl_add_dentry(parent, fc, "waiting", S_IFREG | 0400, 1,
> NULL, &fuse_ctl_waiting_ops) ||
> - !fuse_ctl_add_dentry(parent, fc, "abort", S_IFREG | 0200, 1,
> - NULL, &fuse_ctl_abort_ops) ||
> + (!fc->no_abort_control && !fuse_ctl_add_dentry(parent, fc, "abort",
> + S_IFREG | 0200, 1, NULL, &fuse_ctl_abort_ops)) ||
> !fuse_ctl_add_dentry(parent, fc, "max_background", S_IFREG | 0600,
> 1, NULL, &fuse_conn_max_background_ops) ||
> !fuse_ctl_add_dentry(parent, fc, "congestion_threshold",
> diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
> index a47f14d0ee3f..e29a4e2f2b35 100644
> --- a/fs/fuse/fuse_i.h
> +++ b/fs/fuse/fuse_i.h
> @@ -507,6 +507,7 @@ struct fuse_fs_context {
> bool default_permissions:1;
> bool allow_other:1;
> bool destroy:1;
> + bool no_abort_control:1;
> bool no_force_umount:1;
> bool legacy_opts_show:1;
> enum fuse_dax_mode dax_mode;
> @@ -765,6 +766,9 @@ struct fuse_conn {
> /* Delete dentries that have gone stale */
> unsigned int delete_stale:1;
>
> + /** Do not create abort entry in fusectl fs */
> + unsigned int no_abort_control:1;
> +
> /** Do not allow MNT_FORCE umount */
> unsigned int no_force_umount:1;
>
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 4059c6898e08..02a16cd35f42 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -1564,6 +1564,7 @@ int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx)
> fc->legacy_opts_show = ctx->legacy_opts_show;
> fc->max_read = max_t(unsigned int, 4096, ctx->max_read);
> fc->destroy = ctx->destroy;
> + fc->no_abort_control = ctx->no_abort_control;
> fc->no_force_umount = ctx->no_force_umount;
>
> err = -ENOMEM;
> diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
> index 24bcf4dbca2a..af369bea6dbb 100644
> --- a/fs/fuse/virtio_fs.c
> +++ b/fs/fuse/virtio_fs.c
> @@ -1287,6 +1287,7 @@ static inline void virtio_fs_ctx_set_defaults(struct fuse_fs_context *ctx)
> ctx->max_read = UINT_MAX;
> ctx->blksize = 512;
> ctx->destroy = true;
> + ctx->no_abort_control = true;
> ctx->no_force_umount = true;
> }
>
> --
> 2.20.1
>
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 1/2] fuse: Remove unused "no_control" related code
2022-06-15 5:57 ` [PATCH v2 1/2] fuse: Remove unused "no_control" related code Xie Yongji
@ 2022-06-15 19:56 ` Vivek Goyal
0 siblings, 0 replies; 11+ messages in thread
From: Vivek Goyal @ 2022-06-15 19:56 UTC (permalink / raw)
To: Xie Yongji
Cc: miklos, stefanha, zhangjiachen.jaycee, linux-fsdevel, virtualization
On Wed, Jun 15, 2022 at 01:57:54PM +0800, Xie Yongji wrote:
> This gets rid of "no_control" related code since
> nobody uses it.
>
> Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Good to get rid of this knob. Nobody is using it.
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Vivek
> ---
> fs/fuse/fuse_i.h | 4 ----
> fs/fuse/inode.c | 1 -
> fs/fuse/virtio_fs.c | 1 -
> 3 files changed, 6 deletions(-)
>
> diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
> index 488b460e046f..a47f14d0ee3f 100644
> --- a/fs/fuse/fuse_i.h
> +++ b/fs/fuse/fuse_i.h
> @@ -507,7 +507,6 @@ struct fuse_fs_context {
> bool default_permissions:1;
> bool allow_other:1;
> bool destroy:1;
> - bool no_control:1;
> bool no_force_umount:1;
> bool legacy_opts_show:1;
> enum fuse_dax_mode dax_mode;
> @@ -766,9 +765,6 @@ struct fuse_conn {
> /* Delete dentries that have gone stale */
> unsigned int delete_stale:1;
>
> - /** Do not create entry in fusectl fs */
> - unsigned int no_control:1;
> -
> /** Do not allow MNT_FORCE umount */
> unsigned int no_force_umount:1;
>
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 8c0665c5dff8..4059c6898e08 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -1564,7 +1564,6 @@ int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx)
> fc->legacy_opts_show = ctx->legacy_opts_show;
> fc->max_read = max_t(unsigned int, 4096, ctx->max_read);
> fc->destroy = ctx->destroy;
> - fc->no_control = ctx->no_control;
> fc->no_force_umount = ctx->no_force_umount;
>
> err = -ENOMEM;
> diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
> index 8db53fa67359..24bcf4dbca2a 100644
> --- a/fs/fuse/virtio_fs.c
> +++ b/fs/fuse/virtio_fs.c
> @@ -1287,7 +1287,6 @@ static inline void virtio_fs_ctx_set_defaults(struct fuse_fs_context *ctx)
> ctx->max_read = UINT_MAX;
> ctx->blksize = 512;
> ctx->destroy = true;
> - ctx->no_control = true;
> ctx->no_force_umount = true;
> }
>
> --
> 2.20.1
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 1/2] fuse: Remove unused "no_control" related code
@ 2022-06-15 19:56 ` Vivek Goyal
0 siblings, 0 replies; 11+ messages in thread
From: Vivek Goyal @ 2022-06-15 19:56 UTC (permalink / raw)
To: Xie Yongji
Cc: linux-fsdevel, zhangjiachen.jaycee, virtualization, stefanha, miklos
On Wed, Jun 15, 2022 at 01:57:54PM +0800, Xie Yongji wrote:
> This gets rid of "no_control" related code since
> nobody uses it.
>
> Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Good to get rid of this knob. Nobody is using it.
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Vivek
> ---
> fs/fuse/fuse_i.h | 4 ----
> fs/fuse/inode.c | 1 -
> fs/fuse/virtio_fs.c | 1 -
> 3 files changed, 6 deletions(-)
>
> diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
> index 488b460e046f..a47f14d0ee3f 100644
> --- a/fs/fuse/fuse_i.h
> +++ b/fs/fuse/fuse_i.h
> @@ -507,7 +507,6 @@ struct fuse_fs_context {
> bool default_permissions:1;
> bool allow_other:1;
> bool destroy:1;
> - bool no_control:1;
> bool no_force_umount:1;
> bool legacy_opts_show:1;
> enum fuse_dax_mode dax_mode;
> @@ -766,9 +765,6 @@ struct fuse_conn {
> /* Delete dentries that have gone stale */
> unsigned int delete_stale:1;
>
> - /** Do not create entry in fusectl fs */
> - unsigned int no_control:1;
> -
> /** Do not allow MNT_FORCE umount */
> unsigned int no_force_umount:1;
>
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 8c0665c5dff8..4059c6898e08 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -1564,7 +1564,6 @@ int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx)
> fc->legacy_opts_show = ctx->legacy_opts_show;
> fc->max_read = max_t(unsigned int, 4096, ctx->max_read);
> fc->destroy = ctx->destroy;
> - fc->no_control = ctx->no_control;
> fc->no_force_umount = ctx->no_force_umount;
>
> err = -ENOMEM;
> diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
> index 8db53fa67359..24bcf4dbca2a 100644
> --- a/fs/fuse/virtio_fs.c
> +++ b/fs/fuse/virtio_fs.c
> @@ -1287,7 +1287,6 @@ static inline void virtio_fs_ctx_set_defaults(struct fuse_fs_context *ctx)
> ctx->max_read = UINT_MAX;
> ctx->blksize = 512;
> ctx->destroy = true;
> - ctx->no_control = true;
> ctx->no_force_umount = true;
> }
>
> --
> 2.20.1
>
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/2] virtiofs: allow skipping abort interface
2022-06-15 5:57 ` [PATCH v2 2/2] virtiofs: allow skipping abort interface Xie Yongji
@ 2022-06-15 19:57 ` Vivek Goyal
2022-06-15 19:57 ` Vivek Goyal
1 sibling, 0 replies; 11+ messages in thread
From: Vivek Goyal @ 2022-06-15 19:57 UTC (permalink / raw)
To: Xie Yongji
Cc: linux-fsdevel, zhangjiachen.jaycee, virtualization, stefanha, miklos
On Wed, Jun 15, 2022 at 01:57:55PM +0800, Xie Yongji wrote:
> Virtio-fs does not support aborting requests which are being
> processed. Otherwise, it might trigger UAF since
> virtio_fs_request_complete() doesn't know the requests are
> aborted. So let's remove the abort interface.
>
> Fixes: 15c8e72e88e0 ("fuse: allow skipping control interface and forced unmount")
> Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Just removing "abort" knob and retaining rest of the knobs feels little
odd but I guess I can live with that. I compiled and tested that abort
knob is gone indeed and pjdfstests still pass. So..
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Thanks
Vivek
> ---
> fs/fuse/control.c | 4 ++--
> fs/fuse/fuse_i.h | 4 ++++
> fs/fuse/inode.c | 1 +
> fs/fuse/virtio_fs.c | 1 +
> 4 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/fs/fuse/control.c b/fs/fuse/control.c
> index 7cede9a3bc96..d93d8ea3a090 100644
> --- a/fs/fuse/control.c
> +++ b/fs/fuse/control.c
> @@ -272,8 +272,8 @@ int fuse_ctl_add_conn(struct fuse_conn *fc)
>
> if (!fuse_ctl_add_dentry(parent, fc, "waiting", S_IFREG | 0400, 1,
> NULL, &fuse_ctl_waiting_ops) ||
> - !fuse_ctl_add_dentry(parent, fc, "abort", S_IFREG | 0200, 1,
> - NULL, &fuse_ctl_abort_ops) ||
> + (!fc->no_abort_control && !fuse_ctl_add_dentry(parent, fc, "abort",
> + S_IFREG | 0200, 1, NULL, &fuse_ctl_abort_ops)) ||
> !fuse_ctl_add_dentry(parent, fc, "max_background", S_IFREG | 0600,
> 1, NULL, &fuse_conn_max_background_ops) ||
> !fuse_ctl_add_dentry(parent, fc, "congestion_threshold",
> diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
> index a47f14d0ee3f..e29a4e2f2b35 100644
> --- a/fs/fuse/fuse_i.h
> +++ b/fs/fuse/fuse_i.h
> @@ -507,6 +507,7 @@ struct fuse_fs_context {
> bool default_permissions:1;
> bool allow_other:1;
> bool destroy:1;
> + bool no_abort_control:1;
> bool no_force_umount:1;
> bool legacy_opts_show:1;
> enum fuse_dax_mode dax_mode;
> @@ -765,6 +766,9 @@ struct fuse_conn {
> /* Delete dentries that have gone stale */
> unsigned int delete_stale:1;
>
> + /** Do not create abort entry in fusectl fs */
> + unsigned int no_abort_control:1;
> +
> /** Do not allow MNT_FORCE umount */
> unsigned int no_force_umount:1;
>
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 4059c6898e08..02a16cd35f42 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -1564,6 +1564,7 @@ int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx)
> fc->legacy_opts_show = ctx->legacy_opts_show;
> fc->max_read = max_t(unsigned int, 4096, ctx->max_read);
> fc->destroy = ctx->destroy;
> + fc->no_abort_control = ctx->no_abort_control;
> fc->no_force_umount = ctx->no_force_umount;
>
> err = -ENOMEM;
> diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
> index 24bcf4dbca2a..af369bea6dbb 100644
> --- a/fs/fuse/virtio_fs.c
> +++ b/fs/fuse/virtio_fs.c
> @@ -1287,6 +1287,7 @@ static inline void virtio_fs_ctx_set_defaults(struct fuse_fs_context *ctx)
> ctx->max_read = UINT_MAX;
> ctx->blksize = 512;
> ctx->destroy = true;
> + ctx->no_abort_control = true;
> ctx->no_force_umount = true;
> }
>
> --
> 2.20.1
>
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/2] virtiofs: allow skipping abort interface
@ 2022-06-15 19:57 ` Vivek Goyal
0 siblings, 0 replies; 11+ messages in thread
From: Vivek Goyal @ 2022-06-15 19:57 UTC (permalink / raw)
To: Xie Yongji
Cc: miklos, stefanha, zhangjiachen.jaycee, linux-fsdevel, virtualization
On Wed, Jun 15, 2022 at 01:57:55PM +0800, Xie Yongji wrote:
> Virtio-fs does not support aborting requests which are being
> processed. Otherwise, it might trigger UAF since
> virtio_fs_request_complete() doesn't know the requests are
> aborted. So let's remove the abort interface.
>
> Fixes: 15c8e72e88e0 ("fuse: allow skipping control interface and forced unmount")
> Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Just removing "abort" knob and retaining rest of the knobs feels little
odd but I guess I can live with that. I compiled and tested that abort
knob is gone indeed and pjdfstests still pass. So..
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Thanks
Vivek
> ---
> fs/fuse/control.c | 4 ++--
> fs/fuse/fuse_i.h | 4 ++++
> fs/fuse/inode.c | 1 +
> fs/fuse/virtio_fs.c | 1 +
> 4 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/fs/fuse/control.c b/fs/fuse/control.c
> index 7cede9a3bc96..d93d8ea3a090 100644
> --- a/fs/fuse/control.c
> +++ b/fs/fuse/control.c
> @@ -272,8 +272,8 @@ int fuse_ctl_add_conn(struct fuse_conn *fc)
>
> if (!fuse_ctl_add_dentry(parent, fc, "waiting", S_IFREG | 0400, 1,
> NULL, &fuse_ctl_waiting_ops) ||
> - !fuse_ctl_add_dentry(parent, fc, "abort", S_IFREG | 0200, 1,
> - NULL, &fuse_ctl_abort_ops) ||
> + (!fc->no_abort_control && !fuse_ctl_add_dentry(parent, fc, "abort",
> + S_IFREG | 0200, 1, NULL, &fuse_ctl_abort_ops)) ||
> !fuse_ctl_add_dentry(parent, fc, "max_background", S_IFREG | 0600,
> 1, NULL, &fuse_conn_max_background_ops) ||
> !fuse_ctl_add_dentry(parent, fc, "congestion_threshold",
> diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
> index a47f14d0ee3f..e29a4e2f2b35 100644
> --- a/fs/fuse/fuse_i.h
> +++ b/fs/fuse/fuse_i.h
> @@ -507,6 +507,7 @@ struct fuse_fs_context {
> bool default_permissions:1;
> bool allow_other:1;
> bool destroy:1;
> + bool no_abort_control:1;
> bool no_force_umount:1;
> bool legacy_opts_show:1;
> enum fuse_dax_mode dax_mode;
> @@ -765,6 +766,9 @@ struct fuse_conn {
> /* Delete dentries that have gone stale */
> unsigned int delete_stale:1;
>
> + /** Do not create abort entry in fusectl fs */
> + unsigned int no_abort_control:1;
> +
> /** Do not allow MNT_FORCE umount */
> unsigned int no_force_umount:1;
>
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 4059c6898e08..02a16cd35f42 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -1564,6 +1564,7 @@ int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx)
> fc->legacy_opts_show = ctx->legacy_opts_show;
> fc->max_read = max_t(unsigned int, 4096, ctx->max_read);
> fc->destroy = ctx->destroy;
> + fc->no_abort_control = ctx->no_abort_control;
> fc->no_force_umount = ctx->no_force_umount;
>
> err = -ENOMEM;
> diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
> index 24bcf4dbca2a..af369bea6dbb 100644
> --- a/fs/fuse/virtio_fs.c
> +++ b/fs/fuse/virtio_fs.c
> @@ -1287,6 +1287,7 @@ static inline void virtio_fs_ctx_set_defaults(struct fuse_fs_context *ctx)
> ctx->max_read = UINT_MAX;
> ctx->blksize = 512;
> ctx->destroy = true;
> + ctx->no_abort_control = true;
> ctx->no_force_umount = true;
> }
>
> --
> 2.20.1
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 0/2] Allow skipping abort interface for virtiofs
2022-06-15 5:57 [PATCH v2 0/2] Allow skipping abort interface for virtiofs Xie Yongji
2022-06-15 5:57 ` [PATCH v2 1/2] fuse: Remove unused "no_control" related code Xie Yongji
2022-06-15 5:57 ` [PATCH v2 2/2] virtiofs: allow skipping abort interface Xie Yongji
@ 2022-07-11 8:05 ` Miklos Szeredi
2022-07-11 10:26 ` Yongji Xie
2 siblings, 1 reply; 11+ messages in thread
From: Miklos Szeredi @ 2022-07-11 8:05 UTC (permalink / raw)
To: Xie Yongji
Cc: Vivek Goyal, Stefan Hajnoczi, 张佳辰,
linux-fsdevel, virtualization
On Wed, 15 Jun 2022 at 07:58, Xie Yongji <xieyongji@bytedance.com> wrote:
>
> The commit 15c8e72e88e0 ("fuse: allow skipping control
> interface and forced unmount") tries to remove the control
> interface for virtio-fs since it does not support aborting
> requests which are being processed. But it doesn't work now.
>
> This series fixes the bug, but only remove the abort interface
> instead since other interfaces should be useful.
I'd prefer properly wiring up the fc->no_control if there's no
concrete use case for the rest of knobs.
Thanks,
Miklos
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 0/2] Allow skipping abort interface for virtiofs
2022-07-11 8:05 ` [PATCH v2 0/2] Allow skipping abort interface for virtiofs Miklos Szeredi
@ 2022-07-11 10:26 ` Yongji Xie
0 siblings, 0 replies; 11+ messages in thread
From: Yongji Xie @ 2022-07-11 10:26 UTC (permalink / raw)
To: Miklos Szeredi
Cc: Vivek Goyal, Stefan Hajnoczi, 张佳辰,
linux-fsdevel, virtualization
On Mon, Jul 11, 2022 at 4:05 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
>
> On Wed, 15 Jun 2022 at 07:58, Xie Yongji <xieyongji@bytedance.com> wrote:
> >
> > The commit 15c8e72e88e0 ("fuse: allow skipping control
> > interface and forced unmount") tries to remove the control
> > interface for virtio-fs since it does not support aborting
> > requests which are being processed. But it doesn't work now.
> >
> > This series fixes the bug, but only remove the abort interface
> > instead since other interfaces should be useful.
>
> I'd prefer properly wiring up the fc->no_control if there's no
> concrete use case for the rest of knobs.
>
I'm not sure if there are any tools that depend on it. But I didn't
find one. So I can try to remove them if we want.
Thanks,
Yongji
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2022-07-11 11:13 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-15 5:57 [PATCH v2 0/2] Allow skipping abort interface for virtiofs Xie Yongji
2022-06-15 5:57 ` [PATCH v2 1/2] fuse: Remove unused "no_control" related code Xie Yongji
2022-06-15 19:56 ` Vivek Goyal
2022-06-15 19:56 ` Vivek Goyal
2022-06-15 5:57 ` [PATCH v2 2/2] virtiofs: allow skipping abort interface Xie Yongji
2022-06-15 19:14 ` Vivek Goyal
2022-06-15 19:14 ` Vivek Goyal
2022-06-15 19:57 ` Vivek Goyal
2022-06-15 19:57 ` Vivek Goyal
2022-07-11 8:05 ` [PATCH v2 0/2] Allow skipping abort interface for virtiofs Miklos Szeredi
2022-07-11 10:26 ` Yongji Xie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.