* [PATCH 0/2] Some fixes for overlayfs remove privs
@ 2022-10-03 12:21 Amir Goldstein
2022-10-03 12:21 ` [PATCH 1/2] ovl: remove privs in ovl_copyfile() Amir Goldstein
2022-10-03 12:21 ` [PATCH 2/2] ovl: remove privs in ovl_fallocate() Amir Goldstein
0 siblings, 2 replies; 4+ messages in thread
From: Amir Goldstein @ 2022-10-03 12:21 UTC (permalink / raw)
To: Miklos Szeredi
Cc: Christian Brauner, Yang Xu, Darrick J . Wong, Filipe Manana,
linux-unionfs, linux-fsdevel
Miklos,
While running latest fstests on overlayfs-next, I noticed these
failures:
generic/673 generic/683 generic/684 generic/685 generic/686 generic/687
Christian has also reported those failures earlier.
Those are not regressions, those are 5 new tests added to fstests and
one test whose expected result was modified by fstests commit b3a59bb6
("generic/673: fix golden output to reflect vfs setgid behavior").
The following two patches aim to fix those test failures, but they are
incomplete - without those patches, the tests fail miserably in all test
cases, because no privs are stripped.
With those two patches, only two test cases are failing, which are the
two test cases whose expectation was changed by fstests commit b3a59bb6.
The reason was explained in [1] and the issue was fixed for xfs by kernel
commit e014f37db1a2 ("xfs: use setattr_copy to set vfs inode attributes").
Trying to figure out how to fix this hurts my brain, so I'll need
suggestions how to proceed.
Thanks,
Amir.
[1] https://lore.kernel.org/linux-xfs/CAL3q7H47iNQ=Wmk83WcGB-KBJVOEtR9+qGczzCeXJ9Y2KCV25Q@mail.gmail.com/
Amir Goldstein (2):
ovl: remove privs in ovl_copyfile()
ovl: remove privs in ovl_fallocate()
fs/overlayfs/file.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] ovl: remove privs in ovl_copyfile()
2022-10-03 12:21 [PATCH 0/2] Some fixes for overlayfs remove privs Amir Goldstein
@ 2022-10-03 12:21 ` Amir Goldstein
2022-10-03 12:21 ` [PATCH 2/2] ovl: remove privs in ovl_fallocate() Amir Goldstein
1 sibling, 0 replies; 4+ messages in thread
From: Amir Goldstein @ 2022-10-03 12:21 UTC (permalink / raw)
To: Miklos Szeredi
Cc: Christian Brauner, Yang Xu, Darrick J . Wong, Filipe Manana,
linux-unionfs, linux-fsdevel
Underlying fs doesn't remove privs because copy_range/remap_range are
called with privileged mounter credentials.
This fixes some failures in fstest generic/673.
Fixes: 8ede205541ff ("ovl: add reflink/copyfile/dedup support")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
fs/overlayfs/file.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index d17faeb014e5..c8308da8909a 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -567,14 +567,23 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in,
const struct cred *old_cred;
loff_t ret;
+ inode_lock(inode_out);
+ if (op != OVL_DEDUPE) {
+ /* Update mode */
+ ovl_copyattr(inode_out);
+ ret = file_remove_privs(file_out);
+ if (ret)
+ goto out_unlock;
+ }
+
ret = ovl_real_fdget(file_out, &real_out);
if (ret)
- return ret;
+ goto out_unlock;
ret = ovl_real_fdget(file_in, &real_in);
if (ret) {
fdput(real_out);
- return ret;
+ goto out_unlock;
}
old_cred = ovl_override_creds(file_inode(file_out)->i_sb);
@@ -603,6 +612,9 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in,
fdput(real_in);
fdput(real_out);
+out_unlock:
+ inode_unlock(inode_out);
+
return ret;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] ovl: remove privs in ovl_fallocate()
2022-10-03 12:21 [PATCH 0/2] Some fixes for overlayfs remove privs Amir Goldstein
2022-10-03 12:21 ` [PATCH 1/2] ovl: remove privs in ovl_copyfile() Amir Goldstein
@ 2022-10-03 12:21 ` Amir Goldstein
1 sibling, 0 replies; 4+ messages in thread
From: Amir Goldstein @ 2022-10-03 12:21 UTC (permalink / raw)
To: Miklos Szeredi
Cc: Christian Brauner, Yang Xu, Darrick J . Wong, Filipe Manana,
linux-unionfs, linux-fsdevel
Underlying fs doesn't remove privs because fallocate is called with
privileged mounter credentials.
This fixes some failure in fstests generic/683..687.
Fixes: aab8848cee5e ("ovl: add ovl_fallocate()")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
fs/overlayfs/file.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index c8308da8909a..e90ac5376456 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -517,9 +517,16 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len
const struct cred *old_cred;
int ret;
+ inode_lock(inode);
+ /* Update mode */
+ ovl_copyattr(inode);
+ ret = file_remove_privs(file);
+ if (ret)
+ goto out_unlock;
+
ret = ovl_real_fdget(file, &real);
if (ret)
- return ret;
+ goto out_unlock;
old_cred = ovl_override_creds(file_inode(file)->i_sb);
ret = vfs_fallocate(real.file, mode, offset, len);
@@ -530,6 +537,9 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len
fdput(real);
+out_unlock:
+ inode_unlock(inode);
+
return ret;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 0/2] Some fixes for overlayfs remove privs
@ 2022-10-03 12:30 Amir Goldstein
0 siblings, 0 replies; 4+ messages in thread
From: Amir Goldstein @ 2022-10-03 12:30 UTC (permalink / raw)
To: Miklos Szeredi
Cc: Christian Brauner, Yang Xu, Darrick J . Wong, Filipe Manana,
linux-unionfs, linux-fsdevel
Miklos,
While running latest fstests on overlayfs-next, I noticed these
failures:
generic/673 generic/683 generic/684 generic/685 generic/686 generic/687
Christian has also reported those failures earlier.
Those are not regressions, those are 5 new tests added to fstests and
one test whose expected result was modified by fstests commit b3a59bb6
("generic/673: fix golden output to reflect vfs setgid behavior").
The following two patches aim to fix those test failures, but they are
incomplete - without those patches, the tests fail miserably in all test
cases, because no privs are stripped.
With those two patches, only two test cases are failing, which are the
two test cases whose expectation was changed by fstests commit b3a59bb6.
The reason was explained in [1] and the issue was fixed for xfs by kernel
commit e014f37db1a2 ("xfs: use setattr_copy to set vfs inode attributes").
Trying to figure out how to fix this hurts my brain, so I'll need
suggestions how to proceed.
Thanks,
Amir.
[1] https://lore.kernel.org/linux-xfs/CAL3q7H47iNQ=Wmk83WcGB-KBJVOEtR9+qGczzCeXJ9Y2KCV25Q@mail.gmail.com/
Amir Goldstein (2):
ovl: remove privs in ovl_copyfile()
ovl: remove privs in ovl_fallocate()
fs/overlayfs/file.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-10-03 12:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-03 12:21 [PATCH 0/2] Some fixes for overlayfs remove privs Amir Goldstein
2022-10-03 12:21 ` [PATCH 1/2] ovl: remove privs in ovl_copyfile() Amir Goldstein
2022-10-03 12:21 ` [PATCH 2/2] ovl: remove privs in ovl_fallocate() Amir Goldstein
2022-10-03 12:30 [PATCH 0/2] Some fixes for overlayfs remove privs Amir Goldstein
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).