linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Miklos Szeredi <mszeredi@redhat.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Subject: [PATCH 01/12] vfs: allow unprivileged whiteout creation
Date: Tue,  5 May 2020 11:59:04 +0200	[thread overview]
Message-ID: <20200505095915.11275-2-mszeredi@redhat.com> (raw)
In-Reply-To: <20200505095915.11275-1-mszeredi@redhat.com>

Whiteouts, unlike real device node should not require privileges to create.

The general concern with device nodes is that opening them can have side
effects.  The kernel already avoids zero major (see
Documentation/admin-guide/devices.txt).  To be on the safe side the patch
explicitly forbids registering a char device with 0/0 number (see
cdev_add()).

This guarantees that a non-O_PATH open on a whiteout will fail with ENODEV;
i.e. it won't have any side effect.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
---
 fs/char_dev.c                 |  3 +++
 fs/namei.c                    | 17 ++++-------------
 include/linux/device_cgroup.h |  3 +++
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/fs/char_dev.c b/fs/char_dev.c
index c5e6eff5a381..ba0ded7842a7 100644
--- a/fs/char_dev.c
+++ b/fs/char_dev.c
@@ -483,6 +483,9 @@ int cdev_add(struct cdev *p, dev_t dev, unsigned count)
 	p->dev = dev;
 	p->count = count;
 
+	if (WARN_ON(dev == WHITEOUT_DEV))
+		return -EBUSY;
+
 	error = kobj_map(cdev_map, dev, count, NULL,
 			 exact_match, exact_lock, p);
 	if (error)
diff --git a/fs/namei.c b/fs/namei.c
index a320371899cf..b48dc2e03888 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3505,12 +3505,14 @@ EXPORT_SYMBOL(user_path_create);
 
 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
 {
+	bool is_whiteout = S_ISCHR(mode) && dev == WHITEOUT_DEV;
 	int error = may_create(dir, dentry);
 
 	if (error)
 		return error;
 
-	if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
+	if ((S_ISCHR(mode) || S_ISBLK(mode)) && !is_whiteout &&
+	    !capable(CAP_MKNOD))
 		return -EPERM;
 
 	if (!dir->i_op->mknod)
@@ -4345,9 +4347,6 @@ static int do_renameat2(int olddfd, const char __user *oldname, int newdfd,
 	    (flags & RENAME_EXCHANGE))
 		return -EINVAL;
 
-	if ((flags & RENAME_WHITEOUT) && !capable(CAP_MKNOD))
-		return -EPERM;
-
 	if (flags & RENAME_EXCHANGE)
 		target_flags = 0;
 
@@ -4485,15 +4484,7 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
 
 int vfs_whiteout(struct inode *dir, struct dentry *dentry)
 {
-	int error = may_create(dir, dentry);
-	if (error)
-		return error;
-
-	if (!dir->i_op->mknod)
-		return -EPERM;
-
-	return dir->i_op->mknod(dir, dentry,
-				S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
+	return vfs_mknod(dir, dentry, S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
 }
 EXPORT_SYMBOL(vfs_whiteout);
 
diff --git a/include/linux/device_cgroup.h b/include/linux/device_cgroup.h
index fa35b52e0002..57e63bd63370 100644
--- a/include/linux/device_cgroup.h
+++ b/include/linux/device_cgroup.h
@@ -51,6 +51,9 @@ static inline int devcgroup_inode_mknod(int mode, dev_t dev)
 	if (!S_ISBLK(mode) && !S_ISCHR(mode))
 		return 0;
 
+	if (S_ISCHR(mode) && dev == WHITEOUT_DEV)
+		return 0;
+
 	if (S_ISBLK(mode))
 		type = DEVCG_DEV_BLOCK;
 	else
-- 
2.21.1


  reply	other threads:[~2020-05-05  9:59 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-05  9:59 [PATCH 00/12] vfs patch queue Miklos Szeredi
2020-05-05  9:59 ` Miklos Szeredi [this message]
2020-05-13 19:12   ` [PATCH 01/12] vfs: allow unprivileged whiteout creation Al Viro
2020-05-05  9:59 ` [PATCH 02/12] aio: fix async fsync creds Miklos Szeredi
2020-05-13 10:01   ` Christoph Hellwig
2020-05-05  9:59 ` [PATCH 03/12] proc/mounts: add cursor Miklos Szeredi
2020-05-13 19:33   ` Al Viro
2020-05-05  9:59 ` [PATCH 04/12] utimensat: AT_EMPTY_PATH support Miklos Szeredi
2020-05-13 10:02   ` Christoph Hellwig
2020-05-05  9:59 ` [PATCH 05/12] f*xattr: allow O_PATH descriptors Miklos Szeredi
2020-05-13 10:04   ` Christoph Hellwig
2020-05-14  8:02     ` Miklos Szeredi
2020-05-14 13:01       ` Miklos Szeredi
2020-05-05  9:59 ` [PATCH 06/12] uapi: deprecate STATX_ALL Miklos Szeredi
2020-05-13 10:04   ` Christoph Hellwig
2020-05-05  9:59 ` [PATCH 07/12] statx: don't clear STATX_ATIME on SB_RDONLY Miklos Szeredi
2020-05-13 10:04   ` Christoph Hellwig
2020-05-05  9:59 ` [PATCH 08/12] statx: add mount ID Miklos Szeredi
2020-05-13 10:05   ` Christoph Hellwig
2020-05-05  9:59 ` [PATCH 09/12] statx: add mount_root Miklos Szeredi
2020-05-05 14:24   ` J . Bruce Fields
2020-05-13 10:05   ` Christoph Hellwig
2020-05-05  9:59 ` [PATCH 10/12] vfs: don't parse forbidden flags Miklos Szeredi
2020-05-13 10:06   ` Christoph Hellwig
2020-05-05  9:59 ` [PATCH 11/12] vfs: don't parse "posixacl" option Miklos Szeredi
2020-05-13 10:07   ` Christoph Hellwig
2020-05-05  9:59 ` [PATCH 12/12] vfs: don't parse "silent" option Miklos Szeredi
2020-05-13 10:07   ` Christoph Hellwig
2020-05-13  7:45 ` [13/12 PATCH] vfs: add faccessat2 syscall Miklos Szeredi
2020-05-13 10:09   ` Christoph Hellwig
2020-05-13  7:47 ` [PATCH 00/12] vfs patch queue Miklos Szeredi
2020-05-13 19:48   ` Al Viro
2020-05-14 11:46     ` Miklos Szeredi
2020-05-14 14:55     ` Miklos Szeredi
2020-05-14 15:10       ` Al Viro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200505095915.11275-2-mszeredi@redhat.com \
    --to=mszeredi@redhat.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=viro@ZenIV.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).