Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3494868imm; Tue, 29 May 2018 08:11:24 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrt7TFt1BVfo3G6+2grdxQlRpBkeKFZr/zDcqM1TRTzSIN2JIlqiTRzBaaOxkmJr2sJMuqa X-Received: by 2002:a65:52cc:: with SMTP id z12-v6mr14044708pgp.126.1527606684108; Tue, 29 May 2018 08:11:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527606684; cv=none; d=google.com; s=arc-20160816; b=THzF+E3kOZMnVj1IQA+uOUfhO4qFo5JDEy1OS81ZkeaotI7i1w4Miyy6j8ww/1NFHu ApsgvSWkNwjA88UkHhCiztJn7rXgXj51oepns9PonTw5QETK1+LiRZfPsC+iU3/ADFmD njDZ4McBJIg+seC0TYjd4wV50/ALSpI1Gr28X0+SAvlgIDpHr5NbEpKZH8uOkJhNb3O8 AcoenUDVAvnkSTjN8Cy5GiWJHUeRmDg5ch/eQocKKqaLFjU2SOvOpS8OD8wQS7IoicAC x3cPW9ak9FZuTPnNwBAjWq43oNxWYr6EJykVlg6fevU7lF7k8E0NwsDpbl7VULB7ngl5 xqxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=cJgd/9nR+mNkfbZ9icyzgu6j5uXmEyWzOwJKoYgEO58=; b=BbsUQ975dxJQhzYPoPLzUcv+LzVo+XET10qmHnmo4EpzxqLaXL/qWu+sUnHNpfhqL/ g3bew1oC7DNHgaefoSDRMf4typ0VvobPii7ocLXoRixiGma+UH94nN4eE+MKK59PffNo kf9kCBA90bugDazhZjQwqZ6oFdtF7n2t7WtWon+yd3XeRd7y0fhAJ38qKICx4onEk1ME R6r45Pd4dbe74kHAqvImyDe7iFjqtHHJcWPQXA8//EBc+ruAqPKF3L1cwcAGMX86J+HE BDRnWJJfwxwkMIC0sH+U+G63RRe70WfCQW1qql80EPqdci3AnVcyk5GIfvLEJ3eY5tz+ zfMA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e26-v6si31972200pfn.244.2018.05.29.08.11.09; Tue, 29 May 2018 08:11:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964988AbeE2PJQ (ORCPT + 99 others); Tue, 29 May 2018 11:09:16 -0400 Received: from mail-wr0-f194.google.com ([209.85.128.194]:45627 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S935811AbeE2OoV (ORCPT ); Tue, 29 May 2018 10:44:21 -0400 Received: by mail-wr0-f194.google.com with SMTP id w3-v6so25966438wrl.12 for ; Tue, 29 May 2018 07:44:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cJgd/9nR+mNkfbZ9icyzgu6j5uXmEyWzOwJKoYgEO58=; b=YrXYwP3hk3+rvbnp6AW/kEzUfCgKwPreDpA5cWS/8RV6fmk7DbKmOtsADZUd7SQN8/ s6mxLbb8JNva2YPNLZPrw/cTIp5DBCyp3vUGwLnT7kIu2tYWzLnwUZTjL05wcRSsG/I7 2f0Nv4+kKhtkz63LS9O2bziflhdmxZsgbO2/zBWg3CmGBN7eiEtx2T3WqVgQD6NfJO66 wnSgeVNcLNU+NJA7sDiBnqJEzyBylDNZIhGjuIOwIU/uqV4YBmKmKXMaxFnGM9dV9uE8 vn5rXOhrmAIQ9yMJgeFu4xCa5/G7PJXbvsBH/qSB66Pjkq64iZD+yeWLd+AyKIMBcWBx a9fQ== X-Gm-Message-State: ALKqPwepVJNuu9HmLGxxDIxHJIqLi6y0Ehshs/EHOOmO/2hUkJ1Y9/rb uktY71BhyV4iIkEKgUDOxyI4UkCo71o= X-Received: by 2002:adf:a3c3:: with SMTP id m3-v6mr8442002wrb.208.1527605059785; Tue, 29 May 2018 07:44:19 -0700 (PDT) Received: from veci.piliscsaba.redhat.com (catv-176-63-54-97.catv.broadband.hu. [176.63.54.97]) by smtp.gmail.com with ESMTPSA id t198-v6sm18834422wmt.23.2018.05.29.07.44.18 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 29 May 2018 07:44:19 -0700 (PDT) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 31/39] Revert "ovl: don't allow writing ioctl on lower layer" Date: Tue, 29 May 2018 16:43:31 +0200 Message-Id: <20180529144339.16538-32-mszeredi@redhat.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180529144339.16538-1-mszeredi@redhat.com> References: <20180529144339.16538-1-mszeredi@redhat.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This reverts commit 7c6893e3c9abf6a9676e060a1e35e5caca673d57. Overlayfs no longer relies on the vfs for checking writability of files. Signed-off-by: Miklos Szeredi --- fs/internal.h | 2 -- fs/namespace.c | 64 +++------------------------------------------------------- fs/open.c | 4 ++-- fs/xattr.c | 9 ++++----- 4 files changed, 9 insertions(+), 70 deletions(-) diff --git a/fs/internal.h b/fs/internal.h index 6821cf475fc6..29c9a2fab592 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -80,10 +80,8 @@ extern void __init mnt_init(void); extern int __mnt_want_write(struct vfsmount *); extern int __mnt_want_write_file(struct file *); -extern int mnt_want_write_file_path(struct file *); extern void __mnt_drop_write(struct vfsmount *); extern void __mnt_drop_write_file(struct file *); -extern void mnt_drop_write_file_path(struct file *); /* * fs_struct.c diff --git a/fs/namespace.c b/fs/namespace.c index c3f7152a8419..5286c5313e67 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -431,18 +431,13 @@ int __mnt_want_write_file(struct file *file) } /** - * mnt_want_write_file_path - get write access to a file's mount + * mnt_want_write_file - get write access to a file's mount * @file: the file who's mount on which to take a write * * This is like mnt_want_write, but it takes a file and can * do some optimisations if the file is open for write already - * - * Called by the vfs for cases when we have an open file at hand, but will do an - * inode operation on it (important distinction for files opened on overlayfs, - * since the file operations will come from the real underlying file, while - * inode operations come from the overlay). */ -int mnt_want_write_file_path(struct file *file) +int mnt_want_write_file(struct file *file) { int ret; @@ -452,53 +447,6 @@ int mnt_want_write_file_path(struct file *file) sb_end_write(file->f_path.mnt->mnt_sb); return ret; } - -static inline int may_write_real(struct file *file) -{ - struct dentry *dentry = file->f_path.dentry; - struct dentry *upperdentry; - - /* Writable file? */ - if (file->f_mode & FMODE_WRITER) - return 0; - - /* Not overlayfs? */ - if (likely(!(dentry->d_flags & DCACHE_OP_REAL))) - return 0; - - /* File refers to upper, writable layer? */ - upperdentry = d_real(dentry, NULL, 0, D_REAL_UPPER); - if (upperdentry && file_inode(file) == d_inode(upperdentry)) - return 0; - - /* Lower layer: can't write to real file, sorry... */ - return -EPERM; -} - -/** - * mnt_want_write_file - get write access to a file's mount - * @file: the file who's mount on which to take a write - * - * This is like mnt_want_write, but it takes a file and can - * do some optimisations if the file is open for write already - * - * Mostly called by filesystems from their ioctl operation before performing - * modification. On overlayfs this needs to check if the file is on a read-only - * lower layer and deny access in that case. - */ -int mnt_want_write_file(struct file *file) -{ - int ret; - - ret = may_write_real(file); - if (!ret) { - sb_start_write(file_inode(file)->i_sb); - ret = __mnt_want_write_file(file); - if (ret) - sb_end_write(file_inode(file)->i_sb); - } - return ret; -} EXPORT_SYMBOL_GPL(mnt_want_write_file); /** @@ -536,15 +484,9 @@ void __mnt_drop_write_file(struct file *file) __mnt_drop_write(file->f_path.mnt); } -void mnt_drop_write_file_path(struct file *file) -{ - mnt_drop_write(file->f_path.mnt); -} - void mnt_drop_write_file(struct file *file) { - __mnt_drop_write(file->f_path.mnt); - sb_end_write(file_inode(file)->i_sb); + mnt_drop_write(file->f_path.mnt); } EXPORT_SYMBOL(mnt_drop_write_file); diff --git a/fs/open.c b/fs/open.c index 1d4bc541c619..2db39216c393 100644 --- a/fs/open.c +++ b/fs/open.c @@ -707,12 +707,12 @@ int ksys_fchown(unsigned int fd, uid_t user, gid_t group) if (!f.file) goto out; - error = mnt_want_write_file_path(f.file); + error = mnt_want_write_file(f.file); if (error) goto out_fput; audit_file(f.file); error = chown_common(&f.file->f_path, user, group); - mnt_drop_write_file_path(f.file); + mnt_drop_write_file(f.file); out_fput: fdput(f); out: diff --git a/fs/xattr.c b/fs/xattr.c index 61cd28ba25f3..78eaffbdbee0 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -23,7 +23,6 @@ #include #include -#include "internal.h" static const char * strcmp_prefix(const char *a, const char *a_prefix) @@ -503,10 +502,10 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, if (!f.file) return error; audit_file(f.file); - error = mnt_want_write_file_path(f.file); + error = mnt_want_write_file(f.file); if (!error) { error = setxattr(f.file->f_path.dentry, name, value, size, flags); - mnt_drop_write_file_path(f.file); + mnt_drop_write_file(f.file); } fdput(f); return error; @@ -735,10 +734,10 @@ SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) if (!f.file) return error; audit_file(f.file); - error = mnt_want_write_file_path(f.file); + error = mnt_want_write_file(f.file); if (!error) { error = removexattr(f.file->f_path.dentry, name); - mnt_drop_write_file_path(f.file); + mnt_drop_write_file(f.file); } fdput(f); return error; -- 2.14.3