From: Xiao Yang <yangx.jy@cn.fujitsu.com>
To: <linux-unionfs@vger.kernel.org>
Cc: <miklos@szeredi.hu>, <amir73il@gmail.com>, <hch@infradead.org>,
<darrick.wong@oracle.com>, <fstests@vger.kernel.org>,
Xiao Yang <yangx.jy@cn.fujitsu.com>
Subject: [PATCH v2 2/2] ovl: use generic vfs_ioc_setflags_prepare() helper
Date: Tue, 29 Sep 2020 15:28:48 +0800 [thread overview]
Message-ID: <20200929072848.853877-2-yangx.jy@cn.fujitsu.com> (raw)
In-Reply-To: <20200929072848.853877-1-yangx.jy@cn.fujitsu.com>
From: Amir Goldstein <amir73il@gmail.com>
Canonalize to ioctl FS_* flags instead of inode S_* flags.
Note that we do not call the helper vfs_ioc_fssetxattr_check()
for FS_IOC_FSSETXATTR ioctl. The reason is that underlying filesystem
will perform all the checks. We only need to perform the capability
check before overriding credentials.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
Reviewed-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
V1->v2:
1) Rebase on top of the following branch:
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git overlayfs-nex
fs/overlayfs/file.c | 62 ++++++++++++++++++++++-----------------------
1 file changed, 30 insertions(+), 32 deletions(-)
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index 90b9aaebdf57..7f82c9fc9d9a 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -559,12 +559,28 @@ static long ovl_real_ioctl(struct file *file, unsigned int cmd,
return ret;
}
+static unsigned int ovl_iflags_to_fsflags(unsigned int iflags)
+{
+ unsigned int flags = 0;
+
+ if (iflags & S_SYNC)
+ flags |= FS_SYNC_FL;
+ if (iflags & S_APPEND)
+ flags |= FS_APPEND_FL;
+ if (iflags & S_IMMUTABLE)
+ flags |= FS_IMMUTABLE_FL;
+ if (iflags & S_NOATIME)
+ flags |= FS_NOATIME_FL;
+
+ return flags;
+}
+
static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd,
- unsigned long arg, unsigned int iflags)
+ unsigned long arg, unsigned int flags)
{
long ret;
struct inode *inode = file_inode(file);
- unsigned int old_iflags;
+ unsigned int oldflags;
if (!inode_owner_or_capable(inode))
return -EACCES;
@@ -576,10 +592,9 @@ static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd,
inode_lock(inode);
/* Check the capability before cred override */
- ret = -EPERM;
- old_iflags = READ_ONCE(inode->i_flags);
- if (((iflags ^ old_iflags) & (S_APPEND | S_IMMUTABLE)) &&
- !capable(CAP_LINUX_IMMUTABLE))
+ oldflags = ovl_iflags_to_fsflags(READ_ONCE(inode->i_flags));
+ ret = vfs_ioc_setflags_prepare(inode, oldflags, flags);
+ if (ret)
goto unlock;
ret = ovl_maybe_copy_up(file_dentry(file), O_WRONLY);
@@ -598,22 +613,6 @@ static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd,
}
-static unsigned int ovl_fsflags_to_iflags(unsigned int flags)
-{
- unsigned int iflags = 0;
-
- if (flags & FS_SYNC_FL)
- iflags |= S_SYNC;
- if (flags & FS_APPEND_FL)
- iflags |= S_APPEND;
- if (flags & FS_IMMUTABLE_FL)
- iflags |= S_IMMUTABLE;
- if (flags & FS_NOATIME_FL)
- iflags |= S_NOATIME;
-
- return iflags;
-}
-
static long ovl_ioctl_set_fsflags(struct file *file, unsigned int cmd,
unsigned long arg)
{
@@ -622,24 +621,23 @@ static long ovl_ioctl_set_fsflags(struct file *file, unsigned int cmd,
if (get_user(flags, (int __user *) arg))
return -EFAULT;
- return ovl_ioctl_set_flags(file, cmd, arg,
- ovl_fsflags_to_iflags(flags));
+ return ovl_ioctl_set_flags(file, cmd, arg, flags);
}
-static unsigned int ovl_fsxflags_to_iflags(unsigned int xflags)
+static unsigned int ovl_fsxflags_to_fsflags(unsigned int xflags)
{
- unsigned int iflags = 0;
+ unsigned int flags = 0;
if (xflags & FS_XFLAG_SYNC)
- iflags |= S_SYNC;
+ flags |= FS_SYNC_FL;
if (xflags & FS_XFLAG_APPEND)
- iflags |= S_APPEND;
+ flags |= FS_APPEND_FL;
if (xflags & FS_XFLAG_IMMUTABLE)
- iflags |= S_IMMUTABLE;
+ flags |= FS_IMMUTABLE_FL;
if (xflags & FS_XFLAG_NOATIME)
- iflags |= S_NOATIME;
+ flags |= FS_NOATIME_FL;
- return iflags;
+ return flags;
}
static long ovl_ioctl_set_fsxflags(struct file *file, unsigned int cmd,
@@ -652,7 +650,7 @@ static long ovl_ioctl_set_fsxflags(struct file *file, unsigned int cmd,
return -EFAULT;
return ovl_ioctl_set_flags(file, cmd, arg,
- ovl_fsxflags_to_iflags(fa.fsx_xflags));
+ ovl_fsxflags_to_fsflags(fa.fsx_xflags));
}
long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
--
2.25.1
prev parent reply other threads:[~2020-09-29 7:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-29 7:28 [PATCH v2 1/2] ovl: support [S|G]ETFLAGS and FS[S|G]ETXATTR ioctls for directories Xiao Yang
2020-09-29 7:28 ` Xiao Yang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200929072848.853877-2-yangx.jy@cn.fujitsu.com \
--to=yangx.jy@cn.fujitsu.com \
--cc=amir73il@gmail.com \
--cc=darrick.wong@oracle.com \
--cc=fstests@vger.kernel.org \
--cc=hch@infradead.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.