From patchwork Mon Dec 7 16:32:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 11956377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3DBB5C1B0D9 for ; Mon, 7 Dec 2020 16:35:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 25371238E8 for ; Mon, 7 Dec 2020 16:35:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727151AbgLGQef (ORCPT ); Mon, 7 Dec 2020 11:34:35 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:35296 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727713AbgLGQef (ORCPT ); Mon, 7 Dec 2020 11:34:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607358788; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wrGV7hqd0sY6Ndza0dri1YXg1lEmApvh0CGfKm2LK30=; b=V2C5ccZj7xTdg3kudkH7ULUEZX/BLHwmPm/Qx+FSIlMO5QP4FhDp3i1Tyz11yYlT9KAX8U mgOm64Hb+NQpKutPQUpnrTCaMEs95dKBe4x89JBjdvgX4OP3qgWG+KKdm/2M+P4AKsc+xF JYFPZMXG4rIGLBV5tIRP60qdt9n1wH4= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-457-jWYaef1UNCip-PaJrhi8vQ-1; Mon, 07 Dec 2020 11:33:02 -0500 X-MC-Unique: jWYaef1UNCip-PaJrhi8vQ-1 Received: by mail-ej1-f70.google.com with SMTP id k15so4058327ejg.8 for ; Mon, 07 Dec 2020 08:33:02 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wrGV7hqd0sY6Ndza0dri1YXg1lEmApvh0CGfKm2LK30=; b=aVF7dSlrgteLV9rjudxDt9yfFO2q07qtLyMrX9nSmF8peClXgjMgRHnSZ6gFUhV6Au yPx331a5UGdh0oItOPsRI3pr62mNpkVPYpF7+3MwOaDIF9COZGHYU+5+j3+eIcxkaiHX TUihOnzl/y5gPnDNTYgBisYNtzo+uNHJRJZYmi30UtmWgpp7MUNNzCoUjDshUBo/XAEn IIB5bcctC+TvuSDHwFUEL1L57z/x8yeLHtc3qRt/AxLyhOXVnfPKQ02oS7ZMrLleF2zX RpJju9osuq5SED3NZZwdvwSIyzCNy/spEreg8FBQO8SNz81UjTO1A9HbvyIRfE7PrFnl kWeA== X-Gm-Message-State: AOAM530eOYWMhsq25/5r7EzPkV17QgmVcaBGlay3XBVOy82lQBbq3DF+ Y4iDTXEX/JZOy5sgUg+3CwtKUiAiGAx1oclbpLqqww9KlyZUGI3z633vvg76D6Q9SZ73wVy2Bmu GkGoLraecKxMAwgKUUv/dOlWq4w== X-Received: by 2002:a50:a694:: with SMTP id e20mr20629147edc.261.1607358781218; Mon, 07 Dec 2020 08:33:01 -0800 (PST) X-Google-Smtp-Source: ABdhPJzacwDTqVI9lhkLtXTTX/Z6WL5s00t1gChOyqFQ1tlVS8dmeqyNuXCDk11RK7mg8BFu3gh98Q== X-Received: by 2002:a50:a694:: with SMTP id e20mr20629136edc.261.1607358781059; Mon, 07 Dec 2020 08:33:01 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id op5sm12801964ejb.43.2020.12.07.08.32.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Dec 2020 08:33:00 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 01/10] vfs: move cap_convert_nscap() call into vfs_setxattr() Date: Mon, 7 Dec 2020 17:32:46 +0100 Message-Id: <20201207163255.564116-2-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> References: <20201207163255.564116-1-mszeredi@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org cap_convert_nscap() does permission checking as well as conversion of the xattr value conditionally based on fs's user-ns. This is needed by overlayfs and probably other layered fs (ecryptfs) and is what vfs_foo() is supposed to do anyway. Signed-off-by: Miklos Szeredi Acked-by: James Morris --- fs/xattr.c | 17 +++++++++++------ include/linux/capability.h | 2 +- security/commoncap.c | 3 +-- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/fs/xattr.c b/fs/xattr.c index cd7a563e8bcd..fd57153b1f61 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -276,8 +276,16 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value, { struct inode *inode = dentry->d_inode; struct inode *delegated_inode = NULL; + const void *orig_value = value; int error; + if (size && strcmp(name, XATTR_NAME_CAPS) == 0) { + error = cap_convert_nscap(dentry, &value, size); + if (error < 0) + return error; + size = error; + } + retry_deleg: inode_lock(inode); error = __vfs_setxattr_locked(dentry, name, value, size, flags, @@ -289,6 +297,9 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value, if (!error) goto retry_deleg; } + if (value != orig_value) + kfree(value); + return error; } EXPORT_SYMBOL_GPL(vfs_setxattr); @@ -537,12 +548,6 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) posix_acl_fix_xattr_from_user(kvalue, size); - else if (strcmp(kname, XATTR_NAME_CAPS) == 0) { - error = cap_convert_nscap(d, &kvalue, size); - if (error < 0) - goto out; - size = error; - } } error = vfs_setxattr(d, kname, kvalue, size, flags); diff --git a/include/linux/capability.h b/include/linux/capability.h index 1e7fe311cabe..b2f698915c0f 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -270,6 +270,6 @@ static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) /* audit system wants to get cap info from files as well */ extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); -extern int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size); +extern int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size); #endif /* !_LINUX_CAPABILITY_H */ diff --git a/security/commoncap.c b/security/commoncap.c index 59bf3c1674c8..bacc1111d871 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -473,7 +473,7 @@ static bool validheader(size_t size, const struct vfs_cap_data *cap) * * If all is ok, we return the new size, on error return < 0. */ -int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size) +int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size) { struct vfs_ns_cap_data *nscap; uid_t nsrootid; @@ -516,7 +516,6 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size) nscap->magic_etc = cpu_to_le32(nsmagic); memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); - kvfree(*ivalue); *ivalue = nscap; return newsize; } From patchwork Mon Dec 7 16:32:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 11956375 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2583FC4167B for ; Mon, 7 Dec 2020 16:35:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EDEF5238E7 for ; Mon, 7 Dec 2020 16:35:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727725AbgLGQee (ORCPT ); Mon, 7 Dec 2020 11:34:34 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:41582 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727704AbgLGQed (ORCPT ); Mon, 7 Dec 2020 11:34:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607358787; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=otYj369xse9R2kbOApLqBDn6NdlRsKHBl6lYbw3xZEw=; b=ilx0XmJ983dYodBhAs4Q4VYTh27yeCPwf400wL+Pl889/kCMZ3H/JgFwXDvphJofHKNn5z mmyVgH0ZX2O/c40zagkLrRiDZrQD92Vr8z45V1iNlB19sXxSuxnS9EyaKArbcmDKD4KQEU EY7LVA4XUQ/pnd9AuBc8Xgik11OMDgw= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-161-NuJeeIE0OXGuGguTw3uL8g-1; Mon, 07 Dec 2020 11:33:03 -0500 X-MC-Unique: NuJeeIE0OXGuGguTw3uL8g-1 Received: by mail-ej1-f71.google.com with SMTP id f12so4030770ejk.2 for ; Mon, 07 Dec 2020 08:33:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=otYj369xse9R2kbOApLqBDn6NdlRsKHBl6lYbw3xZEw=; b=Zd2r2HboLr5Q+l5tw9HZV/pX4MhqaOzCSsHXCMkcimfPd347J8xwidh88dJSx9XP6N /yXNiEo8zCNEBTuL4yCPHtDhwDRLDbbT90xXMOKMQ58sxpOIULTqzoEeKKLRSG+nWx7K lsV2D2x25wddklgnifVGCHCWZwcwQ0s2GaTzS3o9732fwGoA5LThk1vnYcOgicpTMQOo e92FEoCVkicuUVKrFdLjWFTDagSqIzYBs1irjszWNdsvHru4PbIK4aQXTDX323O40Fwr 5Z8nNvsfWCW7QXr8uUPiZcGEYNjle4DXJ08xORgiguP7FHQRPf1XNz2c+tyeFdvbdW3C MtRQ== X-Gm-Message-State: AOAM531cbSkUFpr9XpGDaQb1jkrSpap1CwTNrQRq3FrTMCLRnrz6+K2G sH15K7mrmTfyP2l8WqkzKxPyVuszzkUntW+SsdXzF50Cey7aYMtPRu+1dAB53iL3jad8OMSVqu6 fb3+MM4IMlyGGKZcP9mivv7BpPQ== X-Received: by 2002:a17:906:c83b:: with SMTP id dd27mr19881674ejb.356.1607358782442; Mon, 07 Dec 2020 08:33:02 -0800 (PST) X-Google-Smtp-Source: ABdhPJygw9J/iNohcy2imBMmRfiewi1ytt2qnsha6UorIQb1JISBnH+1nxrUZXhES5TAxxlwjwkJkQ== X-Received: by 2002:a17:906:c83b:: with SMTP id dd27mr19881657ejb.356.1607358782244; Mon, 07 Dec 2020 08:33:02 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id op5sm12801964ejb.43.2020.12.07.08.33.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Dec 2020 08:33:01 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 02/10] vfs: verify source area in vfs_dedupe_file_range_one() Date: Mon, 7 Dec 2020 17:32:47 +0100 Message-Id: <20201207163255.564116-3-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> References: <20201207163255.564116-1-mszeredi@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Call remap_verify_area() on the source file as well as the destination. When called from vfs_dedupe_file_range() the check as already been performed, but not so if called from layered fs (overlayfs, etc...) Could ommit the redundant check in vfs_dedupe_file_range(), but leave for now to get error early (for fear of breaking backward compatibility). This call shouldn't be performance sensitive. Signed-off-by: Miklos Szeredi --- fs/remap_range.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/remap_range.c b/fs/remap_range.c index e6099beefa97..77dba3a49e65 100644 --- a/fs/remap_range.c +++ b/fs/remap_range.c @@ -456,8 +456,16 @@ loff_t vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos, if (ret) return ret; + /* + * This is redundant if called from vfs_dedupe_file_range(), but other + * callers need it and it's not performance sesitive... + */ + ret = remap_verify_area(src_file, src_pos, len, false); + if (ret) + goto out_drop_write; + ret = remap_verify_area(dst_file, dst_pos, len, true); - if (ret < 0) + if (ret) goto out_drop_write; ret = -EPERM; From patchwork Mon Dec 7 16:32:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 11956381 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02A44C3526B for ; Mon, 7 Dec 2020 16:35:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CBEF1238E8 for ; Mon, 7 Dec 2020 16:35:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727931AbgLGQfS (ORCPT ); Mon, 7 Dec 2020 11:35:18 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:35486 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727678AbgLGQec (ORCPT ); Mon, 7 Dec 2020 11:34:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607358786; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YovU3sr3PaW3+O202/CGPLg5GcG7AOB5YNKN3Gg/9CM=; b=eY//RxJ9+AOqhRGCGP3FFBiltTNprKHjjyFG/yj1G0J5SmOgBmsKRHw7wFynTs7rKVRSaz H7YyNA8z26sLu4y5+h1x/f9vr5rhB8AZErvh0pgD8iX/wpygC92whFS3n0qw9y9rKO6BLM L5smGVo13fzvlfGWgjC4ryuscIG2q/o= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-380-6p7sW53jPY2h843hVvuLzg-1; Mon, 07 Dec 2020 11:33:04 -0500 X-MC-Unique: 6p7sW53jPY2h843hVvuLzg-1 Received: by mail-ed1-f69.google.com with SMTP id bf13so5987886edb.10 for ; Mon, 07 Dec 2020 08:33:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=YovU3sr3PaW3+O202/CGPLg5GcG7AOB5YNKN3Gg/9CM=; b=inIwpgJBdB/EcWo7Fqi5FDQKWMzfAVb2Gr8zogu6tBfyv2nDWd4Qz2O2wyAxgComAn AQrTaA1pKYD0cvmTLfdGvD4b4my1aDEf9yIfaQrxNHHeAuiLYGZILH1jzSZWf/0Z2gDp g+qqEeA9CdN4B14loRHczm7Q4nEEYPZcxNCajGd7nW0jBBLnswfH2QepGDDCisOwO+q3 g0ng54rkLLWyvV2ocoevLxcNSE/ZbXnnn3LVgjK6aeu4rQjoTFiSLcodMUu+AoOD6NJT 11fspwStPaU7e23zjDdEeemix5potImgLTYoHChHrP1qbaix/re70cL85Rm6HZaVqUa3 w5Iw== X-Gm-Message-State: AOAM533fbHGCqEc7nRTK9or1KW14dsRVI3+gRi0NyV29qJGu12KL5DJE Xt/7iVq8h51iuLad2Wil6w6ZsZ2rWRf/LN31kvzq/6KJb6TNtcfieJ+zeCyYuwvoVqN67b7lAPS BgJ1Cp6DjNA/viBa9qGkFhomX2A== X-Received: by 2002:a17:906:fa12:: with SMTP id lo18mr20047770ejb.354.1607358783580; Mon, 07 Dec 2020 08:33:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJxRh6Xa+5iZaFkMzkShNmnm8HMI1mEJZ43C03cBXKlr6CObJxEgF3paS8CuYV44ij1yPUSsGQ== X-Received: by 2002:a17:906:fa12:: with SMTP id lo18mr20047758ejb.354.1607358783452; Mon, 07 Dec 2020 08:33:03 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id op5sm12801964ejb.43.2020.12.07.08.33.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Dec 2020 08:33:02 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 03/10] ovl: check privs before decoding file handle Date: Mon, 7 Dec 2020 17:32:48 +0100 Message-Id: <20201207163255.564116-4-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> References: <20201207163255.564116-1-mszeredi@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org CAP_DAC_READ_SEARCH is required by open_by_handle_at(2) so check it in ovl_decode_real_fh() as well to prevent privilege escalation for unprivileged overlay mounts. Signed-off-by: Miklos Szeredi --- fs/overlayfs/namei.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index a6162c4076db..82a55fdb1e7a 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -156,6 +156,9 @@ struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt, struct dentry *real; int bytes; + if (!capable(CAP_DAC_READ_SEARCH)) + return NULL; + /* * Make sure that the stored uuid matches the uuid of the lower * layer where file handle will be decoded. From patchwork Mon Dec 7 16:32:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 11956379 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B6A8C2BBCD for ; Mon, 7 Dec 2020 16:35:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EF207238E8 for ; Mon, 7 Dec 2020 16:35:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727897AbgLGQfJ (ORCPT ); Mon, 7 Dec 2020 11:35:09 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:57469 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727728AbgLGQeg (ORCPT ); Mon, 7 Dec 2020 11:34:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607358789; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Z9GFPfP4QUc9Eox0SoIdqm6RVWFYT3GmDgPPKwCvoZY=; b=BtehgoyXnmOIRhbF3FzG92Up0VW4JGlEbEwItKs+U+2tIVJOY91xQ643IPaG7pv/O2btre u8bwVYt1lXO9DQEpGKzZqNV/JK7PvJYyJ42r1Upk3IiXFQ/ugC49DdPsS45uaScODIw5hc Ae3KdLkQQtgJGNMv8X4OQnQKcHYoqQ0= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-7-znF2coCYOWqoVksJ7tO4MA-1; Mon, 07 Dec 2020 11:33:07 -0500 X-MC-Unique: znF2coCYOWqoVksJ7tO4MA-1 Received: by mail-ed1-f69.google.com with SMTP id dh21so5155362edb.6 for ; Mon, 07 Dec 2020 08:33:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Z9GFPfP4QUc9Eox0SoIdqm6RVWFYT3GmDgPPKwCvoZY=; b=OZE6d0BVcUZPxNGE/bY+5u9iOCGVQ09MRvn31riEWMXCcNVekYXHitRdEinXy9yP9m WTxhx8REsItgeH6XoSbYwfKcwBSiAQ1rIx41WhMUKkIssgLLmO/8Txqkl6lgi0Vthszp vA8L2mhuV+3sS0hUOT1u0xIYvjTGYSe1L1C2TsGYrnUADAgPTynj4fKf+Fef8fv/99Up F34JGgX+34On2cmCPNs4c341JotFc6O5vVFTtXqbmgIl+X0xaCegx5KWHPwxBSppVyS8 1QnsLAtJQLjkOYCAR5MAKRiFYtwjrQaDQ+2sjV8oqXq/ez9AZ5Xcgtwi7nG4oYnV7lPf u3aQ== X-Gm-Message-State: AOAM530j30ntN01QPxpGxmqOI197L5JHgCGqxMYQ4LwM0n7RP6J5jFMz cGKjkSSW+eVKZRTC4RjKMNpHDLivaD2aV4QlLfYTI1RvsmOA0i6Cns92XM1FFcavrCFAt24bOgb e1F8GJTRnv2TkiyoNV4sKC92rtA== X-Received: by 2002:a50:b243:: with SMTP id o61mr21246726edd.57.1607358785672; Mon, 07 Dec 2020 08:33:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJxdoaGF6V93HN0G1oEmt6WxNgh14Oc+j5HptlRhKBAGk7XVmmffsr/juqgIckKEWhSdANFcew== X-Received: by 2002:a50:b243:: with SMTP id o61mr21246662edd.57.1607358785086; Mon, 07 Dec 2020 08:33:05 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id op5sm12801964ejb.43.2020.12.07.08.33.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Dec 2020 08:33:03 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Dmitry Vyukov Subject: [PATCH v2 04/10] ovl: make ioctl() safe Date: Mon, 7 Dec 2020 17:32:49 +0100 Message-Id: <20201207163255.564116-5-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> References: <20201207163255.564116-1-mszeredi@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org ovl_ioctl_set_flags() does a capability check using flags, but then the real ioctl double-fetches flags and uses potentially different value. The "Check the capability before cred override" comment misleading: user can skip this check by presenting benign flags first and then overwriting them to non-benign flags. Just remove the cred override for now, hoping this doesn't cause a regression. The proper solution is to create a new setxflags i_op (patches are in the works). Xfstests don't show a regression. Reported-by: Dmitry Vyukov Signed-off-by: Miklos Szeredi Reviewed-by: Amir Goldstein --- fs/overlayfs/file.c | 75 ++------------------------------------------- 1 file changed, 3 insertions(+), 72 deletions(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index efccb7c1f9bc..3cd1590f2030 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -541,46 +541,26 @@ static long ovl_real_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { struct fd real; - const struct cred *old_cred; long ret; ret = ovl_real_fdget(file, &real); if (ret) return ret; - old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = security_file_ioctl(real.file, cmd, arg); if (!ret) ret = vfs_ioctl(real.file, cmd, arg); - revert_creds(old_cred); fdput(real); return ret; } -static unsigned int ovl_iflags_to_fsflags(unsigned int iflags) -{ - unsigned int flags = 0; - - if (iflags & S_SYNC) - flags |= FS_SYNC_FL; - if (iflags & S_APPEND) - flags |= FS_APPEND_FL; - if (iflags & S_IMMUTABLE) - flags |= FS_IMMUTABLE_FL; - if (iflags & S_NOATIME) - flags |= FS_NOATIME_FL; - - return flags; -} - static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd, - unsigned long arg, unsigned int flags) + unsigned long arg) { long ret; struct inode *inode = file_inode(file); - unsigned int oldflags; if (!inode_owner_or_capable(inode)) return -EACCES; @@ -591,12 +571,6 @@ static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd, inode_lock(inode); - /* Check the capability before cred override */ - oldflags = ovl_iflags_to_fsflags(READ_ONCE(inode->i_flags)); - ret = vfs_ioc_setflags_prepare(inode, oldflags, flags); - if (ret) - goto unlock; - ret = ovl_maybe_copy_up(file_dentry(file), O_WRONLY); if (ret) goto unlock; @@ -613,46 +587,6 @@ static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd, } -static long ovl_ioctl_set_fsflags(struct file *file, unsigned int cmd, - unsigned long arg) -{ - unsigned int flags; - - if (get_user(flags, (int __user *) arg)) - return -EFAULT; - - return ovl_ioctl_set_flags(file, cmd, arg, flags); -} - -static unsigned int ovl_fsxflags_to_fsflags(unsigned int xflags) -{ - unsigned int flags = 0; - - if (xflags & FS_XFLAG_SYNC) - flags |= FS_SYNC_FL; - if (xflags & FS_XFLAG_APPEND) - flags |= FS_APPEND_FL; - if (xflags & FS_XFLAG_IMMUTABLE) - flags |= FS_IMMUTABLE_FL; - if (xflags & FS_XFLAG_NOATIME) - flags |= FS_NOATIME_FL; - - return flags; -} - -static long ovl_ioctl_set_fsxflags(struct file *file, unsigned int cmd, - unsigned long arg) -{ - struct fsxattr fa; - - memset(&fa, 0, sizeof(fa)); - if (copy_from_user(&fa, (void __user *) arg, sizeof(fa))) - return -EFAULT; - - return ovl_ioctl_set_flags(file, cmd, arg, - ovl_fsxflags_to_fsflags(fa.fsx_xflags)); -} - long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { long ret; @@ -663,12 +597,9 @@ long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) ret = ovl_real_ioctl(file, cmd, arg); break; - case FS_IOC_SETFLAGS: - ret = ovl_ioctl_set_fsflags(file, cmd, arg); - break; - case FS_IOC_FSSETXATTR: - ret = ovl_ioctl_set_fsxflags(file, cmd, arg); + case FS_IOC_SETFLAGS: + ret = ovl_ioctl_set_flags(file, cmd, arg); break; default: From patchwork Mon Dec 7 16:32:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 11956383 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6B39C2BBD4 for ; Mon, 7 Dec 2020 16:35:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9C062238E8 for ; Mon, 7 Dec 2020 16:35:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727700AbgLGQfO (ORCPT ); Mon, 7 Dec 2020 11:35:14 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:35128 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727727AbgLGQef (ORCPT ); Mon, 7 Dec 2020 11:34:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607358789; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=slnEJYBwmhqKOQO5uk6sWnTW5gdRX2VMxeSBeR8XW8Q=; b=BuBt6g/UG4viMEPK1VEsPiZFTtOFdYrzZxMNUvu0pFpQGwWJCzBeRcp70ZwH542WlzUoFZ dCWDJ0yR/U9KIn3uBy1k9oXLAPwKVcXi7uUIG9N9lTXQiFw02HZ6uzDeIN4HkW8/8ZP+ky aV0+Wlz07qGMjZyL+IbEjzStaK3nuG4= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-108-GignYF6fOBiNsPDqjnxtng-1; Mon, 07 Dec 2020 11:33:07 -0500 X-MC-Unique: GignYF6fOBiNsPDqjnxtng-1 Received: by mail-ej1-f69.google.com with SMTP id t17so4060872ejd.12 for ; Mon, 07 Dec 2020 08:33:07 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=slnEJYBwmhqKOQO5uk6sWnTW5gdRX2VMxeSBeR8XW8Q=; b=Mvien3uILwF+kfJ2N32zuSRXLiURp6bIEkw//6ocJXos2SHMDtZxWB5RzmolwKYZAb dslcG6dhb8cKVjMA+e+nESGCiQCLFQhG5wv2eXqwkWPI6tgYmBCh543zQ/8dqwwIDy1p HvVfZFdyy5hXhI9MaVp44wEoiIxnigN9Kuf/Wne2/gQCQf2/He0+on2W55O+wa00mfc7 gnt/7TD/MlD6zGQhs2ykBbAP4PSaXk36Irl58YrFf7fF5yp2B8x3IMnue9elHvcoCjj/ sZAD+GprdtMWcha9wWEgjd0UOwQ+nDvTcVUA1Hjk1L2SBdgLg5pd5IaBjW1SV106Xvu9 ZgNA== X-Gm-Message-State: AOAM530IaIlWxX3cZNHhbv0GJq55M0tpIztMBtvKRfhigoGua0A/KFSN v7BUsMFcyn0CiAErkmhuo7lV/w3/fWsskwXJA7R5OJ2uzk2+OW6xyVBxsnp6yURofX3r93kRHRo 4vYxs4l9XZcFroDfHB9yxAlt9/Q== X-Received: by 2002:a05:6402:1b1e:: with SMTP id by30mr19432219edb.75.1607358786631; Mon, 07 Dec 2020 08:33:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJzx0eatSbnQFhmj8ZAY47IpBzt1G1gtOIufiyiAi4IqzHOg0Ye7dB87LiC49RkGGzdIWq8D8A== X-Received: by 2002:a05:6402:1b1e:: with SMTP id by30mr19432206edb.75.1607358786499; Mon, 07 Dec 2020 08:33:06 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id op5sm12801964ejb.43.2020.12.07.08.33.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Dec 2020 08:33:06 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 05/10] ovl: simplify file splice Date: Mon, 7 Dec 2020 17:32:50 +0100 Message-Id: <20201207163255.564116-6-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> References: <20201207163255.564116-1-mszeredi@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org generic_file_splice_read() and iter_file_splice_write() will call back into f_op->iter_read() and f_op->iter_write() respectively. These already do the real file lookup and cred override. So the code in ovl_splice_read() and ovl_splice_write() is redundant. In addition the ovl_file_accessed() call in ovl_splice_write() is incorrect, though probably harmless. Fix by calling generic_file_splice_read() and iter_file_splice_write() directly. Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 46 ++------------------------------------------- 1 file changed, 2 insertions(+), 44 deletions(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 3cd1590f2030..dc767034d37b 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -397,48 +397,6 @@ static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) return ret; } -static ssize_t ovl_splice_read(struct file *in, loff_t *ppos, - struct pipe_inode_info *pipe, size_t len, - unsigned int flags) -{ - ssize_t ret; - struct fd real; - const struct cred *old_cred; - - ret = ovl_real_fdget(in, &real); - if (ret) - return ret; - - old_cred = ovl_override_creds(file_inode(in)->i_sb); - ret = generic_file_splice_read(real.file, ppos, pipe, len, flags); - revert_creds(old_cred); - - ovl_file_accessed(in); - fdput(real); - return ret; -} - -static ssize_t -ovl_splice_write(struct pipe_inode_info *pipe, struct file *out, - loff_t *ppos, size_t len, unsigned int flags) -{ - struct fd real; - const struct cred *old_cred; - ssize_t ret; - - ret = ovl_real_fdget(out, &real); - if (ret) - return ret; - - old_cred = ovl_override_creds(file_inode(out)->i_sb); - ret = iter_file_splice_write(pipe, real.file, ppos, len, flags); - revert_creds(old_cred); - - ovl_file_accessed(out); - fdput(real); - return ret; -} - static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) { struct fd real; @@ -732,8 +690,8 @@ const struct file_operations ovl_file_operations = { #ifdef CONFIG_COMPAT .compat_ioctl = ovl_compat_ioctl, #endif - .splice_read = ovl_splice_read, - .splice_write = ovl_splice_write, + .splice_read = generic_file_splice_read, + .splice_write = iter_file_splice_write, .copy_file_range = ovl_copy_file_range, .remap_file_range = ovl_remap_file_range, From patchwork Mon Dec 7 16:32:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 11956373 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5A0CC3527A for ; Mon, 7 Dec 2020 16:35:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C0846238E7 for ; Mon, 7 Dec 2020 16:35:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727818AbgLGQem (ORCPT ); Mon, 7 Dec 2020 11:34:42 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:42869 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727771AbgLGQek (ORCPT ); Mon, 7 Dec 2020 11:34:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607358793; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J5CrqcdZP0JC44tlDBTo3v7wQmTJC4XSFRl9brgS1vk=; b=ZDaCfjegV338VKG1qXymdZaOkD6soyKxx2Zq5sfn1/GlyGb0TY1USlDT1HFdfnjm5MOLcw 46VsA0dRjxr/kkQD6xjqu2pnrlz3uBJXmTt52Vx+cVZkEWiNgr5svH3kk3zLHfxRqyKyak DlQzRgS9VjjxTycaJFHmzvvPTN7Smr4= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-326-WYnptdDYP8iH23JWFkcz_g-1; Mon, 07 Dec 2020 11:33:09 -0500 X-MC-Unique: WYnptdDYP8iH23JWFkcz_g-1 Received: by mail-ed1-f69.google.com with SMTP id a9so5357370edy.8 for ; Mon, 07 Dec 2020 08:33:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=J5CrqcdZP0JC44tlDBTo3v7wQmTJC4XSFRl9brgS1vk=; b=tekd17CBUDyJRzPpFvP1xwTp7opSzEkZfc7JOAM7VISEpA8sxm/Tud11W325tKsomv GHnGEx29lyQ4XSO2vQRnSvEsnde7SHRdM0jYlnA+M14ocLb7NK4PUYuj7k/EzcOlA3MW /sM+Rfluu3zkAA0uRMMqr3MJGFkWkY2+RNBJFLW6CdXEBWgWfPNCp7HbYKkqHeGvCZWZ TYidpbvv/Zft98+nQNdtay+oiqIrgm9Hf4E5zVY+1Y28sfegPelOfZKc3msPyBIX3JBe XE+plFwsDcavkd1LtQmAvqVZyqhJ9dGMyy2BXJMCLdTT2qULVzmuia26XmYpFr2JQbSp gq7Q== X-Gm-Message-State: AOAM530ZU/ETZq0JW8DXkGiAS8QYSWeiKiiVF0WpPqfkloZXQwY2iIs+ amghZj5dxTLl+16vIOkFDfI5oC0xmiEcOD7n921fdY4XpCGLRfdBq/ZYRKnoBzw0YztyQL38Viz EzG/I8iL+M7hGH19om2yPUdmZug== X-Received: by 2002:a05:6402:1748:: with SMTP id v8mr21085845edx.136.1607358787967; Mon, 07 Dec 2020 08:33:07 -0800 (PST) X-Google-Smtp-Source: ABdhPJzzAuhTSfXXuoEIUlmALY4vyTdGWr6hP1fGthB3JW1sF+CSvvUQT2iRkv0cNIfX52kx8D749Q== X-Received: by 2002:a05:6402:1748:: with SMTP id v8mr21085829edx.136.1607358787676; Mon, 07 Dec 2020 08:33:07 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id op5sm12801964ejb.43.2020.12.07.08.33.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Dec 2020 08:33:06 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 06/10] ovl: user xattr Date: Mon, 7 Dec 2020 17:32:51 +0100 Message-Id: <20201207163255.564116-7-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> References: <20201207163255.564116-1-mszeredi@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Optionally allow using "user.overlay." namespace instead of "trusted.overlay." This is necessary for overlayfs to be able to be mounted in an unprivileged namepsace. Make the option explicit, since it makes the filesystem format be incompatible. Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the "user.overlay.redirect" or "user.overlay.metacopy" xattrs. Signed-off-by: Miklos Szeredi Reviewed-by: Amir Goldstein --- fs/overlayfs/inode.c | 10 ++++++-- fs/overlayfs/overlayfs.h | 8 +++--- fs/overlayfs/ovl_entry.h | 1 + fs/overlayfs/super.c | 55 ++++++++++++++++++++++++++++++++++++---- fs/overlayfs/util.c | 5 ++-- 5 files changed, 67 insertions(+), 12 deletions(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index b584dca845ba..8ec3062999a9 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -329,8 +329,14 @@ static const char *ovl_get_link(struct dentry *dentry, bool ovl_is_private_xattr(struct super_block *sb, const char *name) { - return strncmp(name, OVL_XATTR_PREFIX, - sizeof(OVL_XATTR_PREFIX) - 1) == 0; + struct ovl_fs *ofs = sb->s_fs_info; + + if (ofs->config.userxattr) + return strncmp(name, OVL_XATTR_USER_PREFIX, + sizeof(OVL_XATTR_USER_PREFIX) - 1) == 0; + else + return strncmp(name, OVL_XATTR_TRUSTED_PREFIX, + sizeof(OVL_XATTR_TRUSTED_PREFIX) - 1) == 0; } int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name, diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index f8880aa2ba0e..46282111d6e6 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -22,7 +22,9 @@ enum ovl_path_type { #define OVL_TYPE_MERGE(type) ((type) & __OVL_PATH_MERGE) #define OVL_TYPE_ORIGIN(type) ((type) & __OVL_PATH_ORIGIN) -#define OVL_XATTR_PREFIX XATTR_TRUSTED_PREFIX "overlay." +#define OVL_XATTR_NAMESPACE "overlay." +#define OVL_XATTR_TRUSTED_PREFIX XATTR_TRUSTED_PREFIX OVL_XATTR_NAMESPACE +#define OVL_XATTR_USER_PREFIX XATTR_USER_PREFIX OVL_XATTR_NAMESPACE enum ovl_xattr { OVL_XATTR_OPAQUE, @@ -113,10 +115,10 @@ struct ovl_fh { #define OVL_FH_FID_OFFSET (OVL_FH_WIRE_OFFSET + \ offsetof(struct ovl_fb, fid)) -extern const char *ovl_xattr_table[]; +extern const char *ovl_xattr_table[][2]; static inline const char *ovl_xattr(struct ovl_fs *ofs, enum ovl_xattr ox) { - return ovl_xattr_table[ox]; + return ovl_xattr_table[ox][ofs->config.userxattr]; } static inline int ovl_do_rmdir(struct inode *dir, struct dentry *dentry) diff --git a/fs/overlayfs/ovl_entry.h b/fs/overlayfs/ovl_entry.h index 1b5a2094df8e..d634c7ba3b9c 100644 --- a/fs/overlayfs/ovl_entry.h +++ b/fs/overlayfs/ovl_entry.h @@ -17,6 +17,7 @@ struct ovl_config { bool nfs_export; int xino; bool metacopy; + bool userxattr; bool ovl_volatile; }; diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 290983bcfbb3..189380b946be 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -411,6 +411,7 @@ enum { OPT_INDEX_ON, OPT_INDEX_OFF, OPT_NFS_EXPORT_ON, + OPT_USERXATTR, OPT_NFS_EXPORT_OFF, OPT_XINO_ON, OPT_XINO_OFF, @@ -429,6 +430,7 @@ static const match_table_t ovl_tokens = { {OPT_REDIRECT_DIR, "redirect_dir=%s"}, {OPT_INDEX_ON, "index=on"}, {OPT_INDEX_OFF, "index=off"}, + {OPT_USERXATTR, "userxattr"}, {OPT_NFS_EXPORT_ON, "nfs_export=on"}, {OPT_NFS_EXPORT_OFF, "nfs_export=off"}, {OPT_XINO_ON, "xino=on"}, @@ -585,6 +587,10 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) config->ovl_volatile = true; break; + case OPT_USERXATTR: + config->userxattr = true; + break; + default: pr_err("unrecognized mount option \"%s\" or missing value\n", p); @@ -688,6 +694,28 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) } } + + /* Resolve userxattr -> !redirect && !metacopy dependency */ + if (config->userxattr) { + if (config->redirect_follow && redirect_opt) { + pr_err("conflicting options: userxattr,redirect_dir=%s\n", + config->redirect_mode); + return -EINVAL; + } + if (config->metacopy && metacopy_opt) { + pr_err("conflicting options: userxattr,metacopy=on\n"); + return -EINVAL; + } + /* + * Silently disable default setting of redirect and metacopy. + * This shall be the default in the future as well: these + * options must be explicitly enabled if used together with + * userxattr. + */ + config->redirect_dir = config->redirect_follow = false; + config->metacopy = false; + } + return 0; } @@ -1037,8 +1065,14 @@ ovl_posix_acl_default_xattr_handler = { .set = ovl_posix_acl_xattr_set, }; -static const struct xattr_handler ovl_own_xattr_handler = { - .prefix = OVL_XATTR_PREFIX, +static const struct xattr_handler ovl_own_trusted_xattr_handler = { + .prefix = OVL_XATTR_TRUSTED_PREFIX, + .get = ovl_own_xattr_get, + .set = ovl_own_xattr_set, +}; + +static const struct xattr_handler ovl_own_user_xattr_handler = { + .prefix = OVL_XATTR_USER_PREFIX, .get = ovl_own_xattr_get, .set = ovl_own_xattr_set, }; @@ -1049,12 +1083,22 @@ static const struct xattr_handler ovl_other_xattr_handler = { .set = ovl_other_xattr_set, }; -static const struct xattr_handler *ovl_xattr_handlers[] = { +static const struct xattr_handler *ovl_trusted_xattr_handlers[] = { +#ifdef CONFIG_FS_POSIX_ACL + &ovl_posix_acl_access_xattr_handler, + &ovl_posix_acl_default_xattr_handler, +#endif + &ovl_own_trusted_xattr_handler, + &ovl_other_xattr_handler, + NULL +}; + +static const struct xattr_handler *ovl_user_xattr_handlers[] = { #ifdef CONFIG_FS_POSIX_ACL &ovl_posix_acl_access_xattr_handler, &ovl_posix_acl_default_xattr_handler, #endif - &ovl_own_xattr_handler, + &ovl_own_user_xattr_handler, &ovl_other_xattr_handler, NULL }; @@ -1991,7 +2035,8 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent) cap_lower(cred->cap_effective, CAP_SYS_RESOURCE); sb->s_magic = OVERLAYFS_SUPER_MAGIC; - sb->s_xattr = ovl_xattr_handlers; + sb->s_xattr = ofs->config.userxattr ? ovl_user_xattr_handlers : + ovl_trusted_xattr_handlers; sb->s_fs_info = ofs; sb->s_flags |= SB_POSIXACL; sb->s_iflags |= SB_I_SKIP_SYNC; diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 23f475627d07..66eaf4db027f 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -582,9 +582,10 @@ bool ovl_check_dir_xattr(struct super_block *sb, struct dentry *dentry, #define OVL_XATTR_METACOPY_POSTFIX "metacopy" #define OVL_XATTR_TAB_ENTRY(x) \ - [x] = OVL_XATTR_PREFIX x ## _POSTFIX + [x] = { [false] = OVL_XATTR_TRUSTED_PREFIX x ## _POSTFIX, \ + [true] = OVL_XATTR_USER_PREFIX x ## _POSTFIX } -const char *ovl_xattr_table[] = { +const char *ovl_xattr_table[][2] = { OVL_XATTR_TAB_ENTRY(OVL_XATTR_OPAQUE), OVL_XATTR_TAB_ENTRY(OVL_XATTR_REDIRECT), OVL_XATTR_TAB_ENTRY(OVL_XATTR_ORIGIN), From patchwork Mon Dec 7 16:32:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 11956371 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A1C7C3B183 for ; Mon, 7 Dec 2020 16:35:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6E99F238E5 for ; Mon, 7 Dec 2020 16:35:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727874AbgLGQe5 (ORCPT ); Mon, 7 Dec 2020 11:34:57 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:28564 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727790AbgLGQek (ORCPT ); Mon, 7 Dec 2020 11:34:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607358794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WrWD39vQ5236vo/77WTHcclMwYYEe2kMnOzynaA/vIg=; b=YDqWPjUj/8lqyT1F5XRm7icpgYt7c0nHhZNKdTf2NEI7ucPxViLtvKG8lff+gpZltWx6EM v0XBExBkbrfhjUQltdjjnhRX16bm8Re/SJhmwJsWSGSHHxObZlu8SCZfglb8ewVT/lPZW4 rza9e1NDZEy31k6WPZP7zQNfz/+qDDE= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-484-KQC3QfeMNR-UeFWwWXum8w-1; Mon, 07 Dec 2020 11:33:10 -0500 X-MC-Unique: KQC3QfeMNR-UeFWwWXum8w-1 Received: by mail-ej1-f69.google.com with SMTP id f12so4030915ejk.2 for ; Mon, 07 Dec 2020 08:33:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WrWD39vQ5236vo/77WTHcclMwYYEe2kMnOzynaA/vIg=; b=amedP/FJTdJYH5sn9HWsEoZ2OfwNDlhlQoAy6e5f1U2As05llda7uePnJYrXKDxQTx 8fCKAPMoOMg+2xMHKTINhbX8ePKI3u8nPaa6tLJjkNzy6w84UJWmIMm36DHLnNaRl/Sq Urz7/Q8Gf5ArQAE2hvHvIwrIJYeD7Mefc1flbAHbIq4HSIfGRR9K4H17FyA/2LoSNBht evyrVSVcbGy8M0VAB8dFyLoUEnsLTGTZhStTSmzN3t/Nm23lqThpg4wyfEaoJhkcpEPe oYn67gWEVb+shfJflcBn+R74n1yndEabH+p3DafZZFmzFrdo2zfsuUK5wICP6k4e67Qt qn4w== X-Gm-Message-State: AOAM532T7bNallCukinUl9dfEa2kiAbw7GXG9dNJCd3uYq0Xu1L1le3N eTUM3iJgAdSQlM6d/FMgEDWADAWRuDwhZ187MHzlJ8HlxA4TF6q8vz/BojRqM2vhZlUEXuDR/x5 sODaM1lpXvWHGONLBmzuNGk6Wnw== X-Received: by 2002:a05:6402:b57:: with SMTP id bx23mr20433027edb.191.1607358789301; Mon, 07 Dec 2020 08:33:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJyDZ8PBOMTmy7Viq25/DAuAax7RMDShGdfStsG7a9V/Uv4Vpsy2gyL1w0kDb+e0n297b859wQ== X-Received: by 2002:a05:6402:b57:: with SMTP id bx23mr20433017edb.191.1607358789148; Mon, 07 Dec 2020 08:33:09 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id op5sm12801964ejb.43.2020.12.07.08.33.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Dec 2020 08:33:08 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 07/10] ovl: do not fail when setting origin xattr Date: Mon, 7 Dec 2020 17:32:52 +0100 Message-Id: <20201207163255.564116-8-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> References: <20201207163255.564116-1-mszeredi@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Comment above call already says this, but only EOPNOTSUPP is ignored, other failures are not. For example setting "user.*" will fail with EPERM on symlink/special. Ignore this error as well. Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 955ecd4030f0..8a7ef40d98f8 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -352,7 +352,8 @@ int ovl_set_origin(struct dentry *dentry, struct dentry *lower, fh ? fh->fb.len : 0, 0); kfree(fh); - return err; + /* Ignore -EPERM from setting "user.*" on symlink/special */ + return err == -EPERM ? 0 : err; } /* Store file handle of @upper dir in @index dir entry */ From patchwork Mon Dec 7 16:32:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 11956369 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1999EC35273 for ; Mon, 7 Dec 2020 16:35:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ECBC5238E5 for ; Mon, 7 Dec 2020 16:35:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727809AbgLGQel (ORCPT ); Mon, 7 Dec 2020 11:34:41 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:27602 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727781AbgLGQek (ORCPT ); Mon, 7 Dec 2020 11:34:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607358794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=q1fH8U2k617dM0XyiEykpCNbr+LOxy6e2jOJ7NB6sW0=; b=e/IrhDUJ5UrOemjndxXNFPZmGb7mXxAU0pfvFO+r/z7baK7qRDUQtjf+duM+5n97kB+LGo v5bne3pj1lyf4eB4hl8O0gn6iDzVYB1xM746YdsGk7dyP8iAp6e/VVFVuZSWA+k0yLSO4F PfRyxIR+p2Vnh80+IwBKQ2qXyPRq1Lg= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-365-4GWLfU6lOQ6u1OPsrI4Jzw-1; Mon, 07 Dec 2020 11:33:12 -0500 X-MC-Unique: 4GWLfU6lOQ6u1OPsrI4Jzw-1 Received: by mail-ej1-f70.google.com with SMTP id m4so998795ejc.14 for ; Mon, 07 Dec 2020 08:33:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=q1fH8U2k617dM0XyiEykpCNbr+LOxy6e2jOJ7NB6sW0=; b=MDIuG6tRZ9YB0zEg+Tlt8UTx+DYHyY4/jybNxqHAaxLVwA2nQsBKkD75Bo0K2C11fm V89j5T6CaejvPfduqzosjBCs/eQPYUU1nkmi1gWT/iPXhWLllOeCTP8LVmR+s/3mdgWX yUgf2Bi/0PRFYF23bFejYv48zk7R8E1McClyFjal6PwoHkjgeHQGgWxGKCcRrvepm1HZ fRHOZDpXDtJgF37HgwcS4c4J5W4IUAinCBZ0gBq8b8OH5vodhnJGHJ7pT5yvov5tnWl+ KJG6hiOa+jacneJqrLvFwF8/v8HpmnKMroHjtam5SDi/elX82aZBo1dkFWuhdLtTdd65 MyQA== X-Gm-Message-State: AOAM5302Q69Xup5bC32aM67OAfP7rD7vVW8NKxL8qprkA+owr4GiZrbW VAR5laFBYoXkim2biWRYkAkQ+8llJBqRepuyUr5d96M2MhQYTR+pBZOioQL6sBBsuTfu/6roRyR LaLMeb932IGOveMODzZwgnprSHA== X-Received: by 2002:a17:906:a2d0:: with SMTP id by16mr19156481ejb.207.1607358790895; Mon, 07 Dec 2020 08:33:10 -0800 (PST) X-Google-Smtp-Source: ABdhPJweaIFgMC09TO4pnW1Q9E6ePGnwgJZA2DaWMFT2e+UPWDLsluzpW5Ef28/5k5tUJJKQ0PR7fA== X-Received: by 2002:a17:906:a2d0:: with SMTP id by16mr19156470ejb.207.1607358790718; Mon, 07 Dec 2020 08:33:10 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id op5sm12801964ejb.43.2020.12.07.08.33.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Dec 2020 08:33:10 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 08/10] ovl: do not fail because of O_NOATIME Date: Mon, 7 Dec 2020 17:32:53 +0100 Message-Id: <20201207163255.564116-9-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> References: <20201207163255.564116-1-mszeredi@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org In case the file cannot be opened with O_NOATIME because of lack of capabilities, then clear O_NOATIME instead of failing. Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index dc767034d37b..d6ac7ac66410 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -53,9 +53,10 @@ static struct file *ovl_open_realfile(const struct file *file, err = inode_permission(realinode, MAY_OPEN | acc_mode); if (err) { realfile = ERR_PTR(err); - } else if (!inode_owner_or_capable(realinode)) { - realfile = ERR_PTR(-EPERM); } else { + if (!inode_owner_or_capable(realinode)) + flags &= ~O_NOATIME; + realfile = open_with_fake_path(&file->f_path, flags, realinode, current_cred()); } From patchwork Mon Dec 7 16:32:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 11956365 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91FB8C2BBCA for ; Mon, 7 Dec 2020 16:35:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6A6E9238E8 for ; Mon, 7 Dec 2020 16:35:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727822AbgLGQem (ORCPT ); Mon, 7 Dec 2020 11:34:42 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:55612 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727794AbgLGQel (ORCPT ); Mon, 7 Dec 2020 11:34:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607358795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PLCQKZfzWqBvZ3fNsIg7ssx6JJEt23zVLXYENI3nPr8=; b=NzcW/TcdiYV6pe1NgnOv5g6YUXRyR/VrkxlnoTfJC6Znr2SP2NwJkexB6GkfXWON7a7P3Z TTFpRPJa9xv96xSiNSiNQIm1vQULhhl2R27lICZ+HD74AvwwL4+NSAZybNyGbbIfZC1u6r dgodPu8m0X3hvGSRx+zlsN6Oexn8/xc= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-189-ZGyNkzmEMUGENmjRLQSI8g-1; Mon, 07 Dec 2020 11:33:13 -0500 X-MC-Unique: ZGyNkzmEMUGENmjRLQSI8g-1 Received: by mail-ed1-f69.google.com with SMTP id dh21so5155473edb.6 for ; Mon, 07 Dec 2020 08:33:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PLCQKZfzWqBvZ3fNsIg7ssx6JJEt23zVLXYENI3nPr8=; b=Stz1S4eOhyht1FCTduIiDj/lyGCW06yzjI1WaGIwgxMTnc/stcV5EHhKSrv+ceJkIY NTbzEhwfXM7jy3DHFYCP/0jbSeTuPLDk/O5CW2lvyt7TgEZTa1z+tLQCFMtacPbc3Fb4 hPQIEm5Ad2f+MEQPU1RfGu5vKSW9d5rNJK3U8uwHv1mvwohBHnOsaqg0VYFFI3AOjUP9 gReNwmakEVloVfa1HtQOqJ69sLKNZXk+PwaTR/cwh1hb9FuPEM5zcWpWYY4iY/ghHjEU L7oMw3v2jYAdmO2RGvKfBNqQvTo50W7Z1cvY4a5PAmHSeCDDbzEbvGjNHk8V0R8DlCL1 quGw== X-Gm-Message-State: AOAM530NX7fw85hgjaV7qjW+KydN90K+dBC2/sYAvqj+5ujrWrDbD73p lE9lIEFmSv40dkUY/C9J5qd2bG+YHutXyUC7h/s35/u/iClEBuJKuhvr15hXN96mDCUkPSNqGtz EJIrFaD6/mzBXz30JaKYWRxXmZA== X-Received: by 2002:a50:9f4a:: with SMTP id b68mr20511325edf.296.1607358792115; Mon, 07 Dec 2020 08:33:12 -0800 (PST) X-Google-Smtp-Source: ABdhPJwcfXNOTxIA60QUdAr/l6040dD7T0L3kweELtDlwwC95Xbikn5wQvx9TnMAECGb3KS/JY4RKA== X-Received: by 2002:a50:9f4a:: with SMTP id b68mr20511314edf.296.1607358791932; Mon, 07 Dec 2020 08:33:11 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id op5sm12801964ejb.43.2020.12.07.08.33.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Dec 2020 08:33:11 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 09/10] ovl: do not get metacopy for userxattr Date: Mon, 7 Dec 2020 17:32:54 +0100 Message-Id: <20201207163255.564116-10-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> References: <20201207163255.564116-1-mszeredi@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org When looking up an inode on the lower layer for which the mounter lacks read permisison the metacopy check will fail. This causes the lookup to fail as well, even though the directory is readable. So ignore EACCES for the "userxattr" case and assume no metacopy for the unreadable file. Signed-off-by: Miklos Szeredi --- fs/overlayfs/util.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 66eaf4db027f..703c6e529f39 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -880,6 +880,13 @@ int ovl_check_metacopy_xattr(struct ovl_fs *ofs, struct dentry *dentry) if (res < 0) { if (res == -ENODATA || res == -EOPNOTSUPP) return 0; + /* + * getxattr on user.* may fail with EACCES in case there's no + * read permission on the inode. Not much we can do, other than + * tell the caller that this is not a metacopy inode. + */ + if (ofs->config.userxattr && res == -EACCES) + return 0; goto out; } From patchwork Mon Dec 7 16:32:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 11956367 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6202CC3526C for ; Mon, 7 Dec 2020 16:35:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4A674238E7 for ; Mon, 7 Dec 2020 16:35:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727834AbgLGQeo (ORCPT ); Mon, 7 Dec 2020 11:34:44 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:42404 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727811AbgLGQem (ORCPT ); Mon, 7 Dec 2020 11:34:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607358796; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RE0m3vgq1/OaRAwZjvKOK2ey/mE38mR/q+wtN6wib9s=; b=Eg87k5igU07VVyU7gpntFf3poClRUjMOlw7v0GBPEorMtynYOXsofThHhUeLdb1V6DxNjI /JLlV88aynvZQ5Dc5aj3pw0U1aLb3J69TrXmEQScAGoinIL6+JScwpbTn+6XSdKges5l1t DaAC9Bu+/wJggHOT4WG4Ej477iq1RCQ= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-103-45VGdHYhNlm5LXG75mpyHg-1; Mon, 07 Dec 2020 11:33:14 -0500 X-MC-Unique: 45VGdHYhNlm5LXG75mpyHg-1 Received: by mail-ed1-f69.google.com with SMTP id g8so6030036edm.7 for ; Mon, 07 Dec 2020 08:33:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RE0m3vgq1/OaRAwZjvKOK2ey/mE38mR/q+wtN6wib9s=; b=g8Fv8r9R7mifCAV1mKrlhJS4FFgna4NBEoj8fZFik0U8c8/dVhWbQV9V6RgTNG0o8E ef5jt2zI+QcobVFLBKPU+AOTMR2X6NXB3BWs1iy/SqU+g6QwCFMNQe0FAugEx2y51meG mjRIe1TvvuZb7b0MCKZAnPENZYnwEJ+zZaOr7fr3mu0aS70Q/bk9RtT46//K5YVM0gaR HO+lotei1S4tb5gVSfVT7HCMJ6OC3x8FPUySPfTAxXs7KDg7NePMgz9Q3+cotqBTezap B6jryZHApyuHe7OL5vh5BzliGcK8BvgjiVGYaqbipVpF8c7y8xX5i0Jrm0V5sMqueOcr 6PLA== X-Gm-Message-State: AOAM531BnDXxgxEcLU5CDcV+I0lD8clFiy8iTDOmThLZERoS1f72zgxL 9ucsRn9rNXuBhudi6bdVCBwgP8zZ3Zsai6CPn4XNITDEr55Z4pivUvSSB3wlsAXug/eT433B4iU oza9oZK1UiQjaDXaKFpsXGa77HQ== X-Received: by 2002:a50:d74c:: with SMTP id i12mr20512779edj.236.1607358793439; Mon, 07 Dec 2020 08:33:13 -0800 (PST) X-Google-Smtp-Source: ABdhPJzZo9cLo2B/sr3LytBzOfhCP7NvepbgDDGPqp8OuSqAKVtWfqlfy6nWwFOViRsEnP4mLzJm9A== X-Received: by 2002:a50:d74c:: with SMTP id i12mr20512764edj.236.1607358793260; Mon, 07 Dec 2020 08:33:13 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id op5sm12801964ejb.43.2020.12.07.08.33.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Dec 2020 08:33:12 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 10/10] ovl: unprivieged mounts Date: Mon, 7 Dec 2020 17:32:55 +0100 Message-Id: <20201207163255.564116-11-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> References: <20201207163255.564116-1-mszeredi@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Enable unprivileged user namespace mounts of overlayfs. Overlayfs's permission model (*) ensures that the mounter itself cannot gain additional privileges by the act of creating an overlayfs mount. This feature request is coming from the "rootless" container crowd. (*) Documentation/filesystems/overlayfs.txt#Permission model Signed-off-by: Miklos Szeredi --- fs/overlayfs/super.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 189380b946be..019e6f1834b0 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -2073,6 +2073,7 @@ static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags, static struct file_system_type ovl_fs_type = { .owner = THIS_MODULE, .name = "overlay", + .fs_flags = FS_USERNS_MOUNT, .mount = ovl_mount, .kill_sb = kill_anon_super, };