From: Miklos Szeredi <miklos@szeredi.hu>
To: Miklos Szeredi <mszeredi@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, Avi Kivity <avi@scylladb.com>,
Giuseppe Scrivano <gscrivan@redhat.com>,
stable <stable@vger.kernel.org>
Subject: Re: [PATCH 01/12] aio: fix async fsync creds
Date: Fri, 13 Dec 2019 10:32:11 +0100 [thread overview]
Message-ID: <CAJfpegun6_cX_6udQNrZSPD+Loum8RDTiwh3k6=NgUFbsm=YLw@mail.gmail.com> (raw)
In-Reply-To: <20191128155940.17530-2-mszeredi@redhat.com>
Hi Al,
Could you please review/apply this patch?
Thanks,
Miklos
On Thu, Nov 28, 2019 at 4:59 PM Miklos Szeredi <mszeredi@redhat.com> wrote:
>
> Avi Kivity reports that on fuse filesystems running in a user namespace
> asyncronous fsync fails with EOVERFLOW.
>
> The reason is that f_ops->fsync() is called with the creds of the kthread
> performing aio work instead of the creds of the process originally
> submitting IOCB_CMD_FSYNC.
>
> Fuse sends the creds of the caller in the request header and it needs to
> translate the uid and gid into the server's user namespace. Since the
> kthread is running in init_user_ns, the translation will fail and the
> operation returns an error.
>
> It can be argued that fsync doesn't actually need any creds, but just
> zeroing out those fields in the header (as with requests that currently
> don't take creds) is a backward compatibility risk.
>
> Instead of working around this issue in fuse, solve the core of the problem
> by calling the filesystem with the proper creds.
>
> Reported-by: Avi Kivity <avi@scylladb.com>
> Tested-by: Giuseppe Scrivano <gscrivan@redhat.com>
> Fixes: c9582eb0ff7d ("fuse: Fail all requests with invalid uids or gids")
> Cc: stable@vger.kernel.org # 4.18+
> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
> ---
> fs/aio.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/fs/aio.c b/fs/aio.c
> index 0d9a559d488c..37828773e2fe 100644
> --- a/fs/aio.c
> +++ b/fs/aio.c
> @@ -176,6 +176,7 @@ struct fsync_iocb {
> struct file *file;
> struct work_struct work;
> bool datasync;
> + struct cred *creds;
> };
>
> struct poll_iocb {
> @@ -1589,8 +1590,11 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb,
> static void aio_fsync_work(struct work_struct *work)
> {
> struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work);
> + const struct cred *old_cred = override_creds(iocb->fsync.creds);
>
> iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync);
> + revert_creds(old_cred);
> + put_cred(iocb->fsync.creds);
> iocb_put(iocb);
> }
>
> @@ -1604,6 +1608,10 @@ static int aio_fsync(struct fsync_iocb *req, const struct iocb *iocb,
> if (unlikely(!req->file->f_op->fsync))
> return -EINVAL;
>
> + req->creds = prepare_creds();
> + if (!req->creds)
> + return -ENOMEM;
> +
> req->datasync = datasync;
> INIT_WORK(&req->work, aio_fsync_work);
> schedule_work(&req->work);
> --
> 2.21.0
>
next prev parent reply other threads:[~2019-12-13 9:32 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-28 15:59 [PATCH 00/12] various vfs patches Miklos Szeredi
2019-11-28 15:59 ` [PATCH 01/12] aio: fix async fsync creds Miklos Szeredi
2019-12-13 9:32 ` Miklos Szeredi [this message]
2020-05-04 8:05 ` Avi Kivity
2019-11-28 15:59 ` [PATCH 02/12] fs_parse: fix fs_param_v_optional handling Miklos Szeredi
2019-11-29 11:31 ` Andrew Price
2019-11-29 14:43 ` Miklos Szeredi
2019-11-29 15:56 ` Andrew Price
2019-12-16 23:28 ` Al Viro
2019-12-17 1:18 ` Al Viro
2019-12-17 3:27 ` Al Viro
2019-11-28 15:59 ` [PATCH 03/12] vfs: verify param type in vfs_parse_sb_flag() Miklos Szeredi
2019-11-28 15:59 ` [PATCH 04/12] uapi: deprecate STATX_ALL Miklos Szeredi
2019-11-28 15:59 ` [PATCH 05/12] statx: don't clear STATX_ATIME on SB_RDONLY Miklos Szeredi
2019-11-28 15:59 ` [PATCH 06/12] utimensat: AT_EMPTY_PATH support Miklos Szeredi
2019-11-28 15:59 ` [PATCH 07/12] f*xattr: allow O_PATH descriptors Miklos Szeredi
2019-11-28 15:59 ` [PATCH 08/12] vfs: allow unprivileged whiteout creation Miklos Szeredi
2019-12-17 3:51 ` Al Viro
2019-12-17 4:22 ` Miklos Szeredi
2019-11-28 15:59 ` [PATCH 09/12] fs_parser: "string" with missing value is a "flag" Miklos Szeredi
2019-12-17 17:32 ` Al Viro
2019-12-17 18:31 ` Al Viro
2019-11-28 15:59 ` [PATCH 10/12] vfs: don't parse forbidden flags Miklos Szeredi
2019-11-28 15:59 ` [PATCH 11/12] vfs: don't parse "posixacl" option Miklos Szeredi
2019-12-17 3:42 ` Al Viro
2019-12-17 4:18 ` Miklos Szeredi
2019-12-17 4:28 ` Al Viro
2019-11-28 15:59 ` [PATCH 12/12] vfs: don't parse "silent" option Miklos Szeredi
2019-12-17 3:37 ` Al Viro
2019-12-17 4:12 ` Miklos Szeredi
2019-12-17 4:16 ` Miklos Szeredi
2019-12-17 4:19 ` Al Viro
2019-12-17 4:23 ` Miklos Szeredi
2019-12-17 4:28 ` Miklos Szeredi
2019-12-17 4:17 ` Al Viro
2019-12-13 9:33 ` [PATCH 00/12] various vfs patches Miklos Szeredi
2019-12-16 23:13 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJfpegun6_cX_6udQNrZSPD+Loum8RDTiwh3k6=NgUFbsm=YLw@mail.gmail.com' \
--to=miklos@szeredi.hu \
--cc=avi@scylladb.com \
--cc=gscrivan@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=stable@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).