From: Miklos Szeredi <mszeredi@redhat.com>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org, Avi Kivity <avi@scylladb.com>,
Giuseppe Scrivano <gscrivan@redhat.com>,
stable@vger.kernel.org
Subject: [PATCH 01/12] aio: fix async fsync creds
Date: Thu, 28 Nov 2019 16:59:29 +0100 [thread overview]
Message-ID: <20191128155940.17530-2-mszeredi@redhat.com> (raw)
In-Reply-To: <20191128155940.17530-1-mszeredi@redhat.com>
Avi Kivity reports that on fuse filesystems running in a user namespace
asyncronous fsync fails with EOVERFLOW.
The reason is that f_ops->fsync() is called with the creds of the kthread
performing aio work instead of the creds of the process originally
submitting IOCB_CMD_FSYNC.
Fuse sends the creds of the caller in the request header and it needs to
translate the uid and gid into the server's user namespace. Since the
kthread is running in init_user_ns, the translation will fail and the
operation returns an error.
It can be argued that fsync doesn't actually need any creds, but just
zeroing out those fields in the header (as with requests that currently
don't take creds) is a backward compatibility risk.
Instead of working around this issue in fuse, solve the core of the problem
by calling the filesystem with the proper creds.
Reported-by: Avi Kivity <avi@scylladb.com>
Tested-by: Giuseppe Scrivano <gscrivan@redhat.com>
Fixes: c9582eb0ff7d ("fuse: Fail all requests with invalid uids or gids")
Cc: stable@vger.kernel.org # 4.18+
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
---
fs/aio.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/aio.c b/fs/aio.c
index 0d9a559d488c..37828773e2fe 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -176,6 +176,7 @@ struct fsync_iocb {
struct file *file;
struct work_struct work;
bool datasync;
+ struct cred *creds;
};
struct poll_iocb {
@@ -1589,8 +1590,11 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb,
static void aio_fsync_work(struct work_struct *work)
{
struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work);
+ const struct cred *old_cred = override_creds(iocb->fsync.creds);
iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync);
+ revert_creds(old_cred);
+ put_cred(iocb->fsync.creds);
iocb_put(iocb);
}
@@ -1604,6 +1608,10 @@ static int aio_fsync(struct fsync_iocb *req, const struct iocb *iocb,
if (unlikely(!req->file->f_op->fsync))
return -EINVAL;
+ req->creds = prepare_creds();
+ if (!req->creds)
+ return -ENOMEM;
+
req->datasync = datasync;
INIT_WORK(&req->work, aio_fsync_work);
schedule_work(&req->work);
--
2.21.0
next prev parent reply other threads:[~2019-11-28 15:59 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-28 15:59 [PATCH 00/12] various vfs patches Miklos Szeredi
2019-11-28 15:59 ` Miklos Szeredi [this message]
2019-12-13 9:32 ` [PATCH 01/12] aio: fix async fsync creds Miklos Szeredi
2020-05-04 8:05 ` Avi Kivity
2019-11-28 15:59 ` [PATCH 02/12] fs_parse: fix fs_param_v_optional handling Miklos Szeredi
2019-11-29 11:31 ` Andrew Price
2019-11-29 14:43 ` Miklos Szeredi
2019-11-29 15:56 ` Andrew Price
2019-12-16 23:28 ` Al Viro
2019-12-17 1:18 ` Al Viro
2019-12-17 3:27 ` Al Viro
2019-11-28 15:59 ` [PATCH 03/12] vfs: verify param type in vfs_parse_sb_flag() Miklos Szeredi
2019-11-28 15:59 ` [PATCH 04/12] uapi: deprecate STATX_ALL Miklos Szeredi
2019-11-28 15:59 ` [PATCH 05/12] statx: don't clear STATX_ATIME on SB_RDONLY Miklos Szeredi
2019-11-28 15:59 ` [PATCH 06/12] utimensat: AT_EMPTY_PATH support Miklos Szeredi
2019-11-28 15:59 ` [PATCH 07/12] f*xattr: allow O_PATH descriptors Miklos Szeredi
2019-11-28 15:59 ` [PATCH 08/12] vfs: allow unprivileged whiteout creation Miklos Szeredi
2019-12-17 3:51 ` Al Viro
2019-12-17 4:22 ` Miklos Szeredi
2019-11-28 15:59 ` [PATCH 09/12] fs_parser: "string" with missing value is a "flag" Miklos Szeredi
2019-12-17 17:32 ` Al Viro
2019-12-17 18:31 ` Al Viro
2019-11-28 15:59 ` [PATCH 10/12] vfs: don't parse forbidden flags Miklos Szeredi
2019-11-28 15:59 ` [PATCH 11/12] vfs: don't parse "posixacl" option Miklos Szeredi
2019-12-17 3:42 ` Al Viro
2019-12-17 4:18 ` Miklos Szeredi
2019-12-17 4:28 ` Al Viro
2019-11-28 15:59 ` [PATCH 12/12] vfs: don't parse "silent" option Miklos Szeredi
2019-12-17 3:37 ` Al Viro
2019-12-17 4:12 ` Miklos Szeredi
2019-12-17 4:16 ` Miklos Szeredi
2019-12-17 4:19 ` Al Viro
2019-12-17 4:23 ` Miklos Szeredi
2019-12-17 4:28 ` Miklos Szeredi
2019-12-17 4:17 ` Al Viro
2019-12-13 9:33 ` [PATCH 00/12] various vfs patches Miklos Szeredi
2019-12-16 23:13 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191128155940.17530-2-mszeredi@redhat.com \
--to=mszeredi@redhat.com \
--cc=avi@scylladb.com \
--cc=gscrivan@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).