Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp729966pxf; Thu, 25 Mar 2021 12:40:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/42Zyd6SLofnlvY5CkatuJt7nQ0CTmkVUkg/8W7XswzmmLZ/8tD2O2WQvh/CfMAqWJrT2 X-Received: by 2002:a05:6402:31e9:: with SMTP id dy9mr11163081edb.186.1616701202169; Thu, 25 Mar 2021 12:40:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616701202; cv=none; d=google.com; s=arc-20160816; b=DCVrO/UXyd0kIFR+aPLFehpNYfNhKITyb6ganv1MVXa/UM6M6xRxCAeL9dfy/3Z213 Hd718Dp7dOyh54zPFmh0Lxx11O0uPpeVuESzIpqw7wxxGN00MxPveAYf+TU8f1pGnk3a EZrq/2aVnDXsFfD3s9CNp0I8YOgSnZj6IPn7+mLyrFzHlwEI/FbxDsF2vGJhBORdQobE fDIUOmQsqUfsFHEn9FBG5xiyTm00j8X8HGTqt6G7j0SwbWxxKB7QuVcOmpQQDnp+yL1n k1JfNCUE3UDIww130a9lpHMcNuM9hptZVQXCR1qxf++hAHGqw7Qe50d9aOUuiwKcifn2 IkWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Ta4CkjG/mjBUKrafZ3vedGcl5jpoCWT94WasqZXc5to=; b=MWxURHkMnpV5Le9w93+DqEXdm10ludJFvz+dchMH8xeiKyag/WdBo6Lar7bVmdpW75 Ba7lgb+eTNQtWRYjjBQS72tJAgK+BAubPlav+mUBgoPh1/4ZnopJXdW4cCgs6EB+nv0x PT0308n01aXwC/OB0htLxI65fdxSFQqfv3LmUNzCxMQL/TJ7+7GxsQCCz0ovOGZ9PndW XfDUzoHUPqJLm4xLKonGILlr/rxQgki4pagUkiNMc0iN5XdF8vdKU9ZUIMB4J4poGc7O 2HEzsp95SSnt4XBNbZeuY4o6liRNabyqKR0bB9EoDFm1HH30ZL+9JHgsPhb54Cku4lnX FtEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=jGhm+ckw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s20si5141528edq.484.2021.03.25.12.39.38; Thu, 25 Mar 2021 12:40:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=jGhm+ckw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230376AbhCYTin (ORCPT + 99 others); Thu, 25 Mar 2021 15:38:43 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:24223 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230215AbhCYTiG (ORCPT ); Thu, 25 Mar 2021 15:38:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1616701086; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ta4CkjG/mjBUKrafZ3vedGcl5jpoCWT94WasqZXc5to=; b=jGhm+ckwyLuHZQxn2/Z6jgf1vfAgusL8nxP8VoVbghDHN0EiH6u2W4Rg/2BUzCrhWPkARO IwYart0Bs5+gKHA3yx6iY4jpI7qYEU8hAKLsufFGLcaDBLzgU7rfv76b7k7qKGV3YPPNh0 J+cIfu2jZOHw3WcJ3vE0AnV0e1JZjlA= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-458-F3GZv-wNOFKORX-c5DJ0AA-1; Thu, 25 Mar 2021 15:38:02 -0400 X-MC-Unique: F3GZv-wNOFKORX-c5DJ0AA-1 Received: by mail-ed1-f70.google.com with SMTP id y10so3188175edr.20 for ; Thu, 25 Mar 2021 12:38:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ta4CkjG/mjBUKrafZ3vedGcl5jpoCWT94WasqZXc5to=; b=P1jETnBvc/MT6aY/XFqLdflsfIu8JdJFxx570HFRl4jhWAHwgCjbgz2BzXioqAF4Yh 7B2fzdT2VM+QvGlMJ4D7f9OtrLGbbL3ZRF483msGjwP1ZJjY5ajqZ+j7cKiitozW0aHj +Ey7J04WFMdobx93XUFRvnq305LSOkM/qiPasQRKgCnVRxD8oOWGlkINtjCAEzHNbhKK 2UqF5mK6QvX4Vp4fkf1z7YPGjFlmfnU+kndNeMxXQdKNqkW6KSyD+4E3dGhkueLFeKBa 0uMkKoo/yPnq3M0CucXOpOTSoXlU8BE8AwwNgqbjB+LD1XIqVqepV/fWUQ21ZJ+vGc6B MjxA== X-Gm-Message-State: AOAM532WymPABaJ/d6TY8Lh0tkV4kS7yJmykYOGrGg3DYeEKHCPCIUBx PAaMIYKuSX0RsiSOnMPZSP6AmXgRn+c3FvmS3uOO68pGXnXF8tLmHJYAqJKyIPdkRTRglPstXq9 jkef06otynLcILAhx5p/6hdlN X-Received: by 2002:aa7:d316:: with SMTP id p22mr10582770edq.107.1616701080793; Thu, 25 Mar 2021 12:38:00 -0700 (PDT) X-Received: by 2002:aa7:d316:: with SMTP id p22mr10582757edq.107.1616701080612; Thu, 25 Mar 2021 12:38:00 -0700 (PDT) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id si7sm2881996ejb.84.2021.03.25.12.37.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Mar 2021 12:38:00 -0700 (PDT) From: Miklos Szeredi To: linux-fsdevel@vger.kernel.org Cc: Al Viro , linux-kernel@vger.kernel.org Subject: [PATCH v3 03/18] ovl: stack fileattr ops Date: Thu, 25 Mar 2021 20:37:40 +0100 Message-Id: <20210325193755.294925-4-mszeredi@redhat.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210325193755.294925-1-mszeredi@redhat.com> References: <20210325193755.294925-1-mszeredi@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add stacking for the fileattr operations. Add hack for calling security_file_ioctl() for now. Probably better to have a pair of specific hooks for these operations. Signed-off-by: Miklos Szeredi --- fs/overlayfs/dir.c | 2 ++ fs/overlayfs/inode.c | 77 ++++++++++++++++++++++++++++++++++++++++ fs/overlayfs/overlayfs.h | 3 ++ 3 files changed, 82 insertions(+) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 836f14b9d3a6..93efe7048a77 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -1301,4 +1301,6 @@ const struct inode_operations ovl_dir_inode_operations = { .listxattr = ovl_listxattr, .get_acl = ovl_get_acl, .update_time = ovl_update_time, + .fileattr_get = ovl_fileattr_get, + .fileattr_set = ovl_fileattr_set, }; diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 003cf83bf78a..c3c96b4b3b33 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -11,6 +11,8 @@ #include #include #include +#include +#include #include "overlayfs.h" @@ -500,6 +502,79 @@ static int ovl_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, return err; } +/* + * Work around the fact that security_file_ioctl() takes a file argument. + * Introducing security_inode_fileattr_get/set() hooks would solve this issue + * properly. + */ +static int ovl_security_fileattr(struct dentry *dentry, struct fileattr *fa, + bool set) +{ + struct path realpath; + struct file *file; + unsigned int cmd; + int err; + + ovl_path_real(dentry, &realpath); + file = dentry_open(&realpath, O_RDONLY, current_cred()); + if (IS_ERR(file)) + return PTR_ERR(file); + + if (set) + cmd = fa->fsx_valid ? FS_IOC_FSSETXATTR : FS_IOC_SETFLAGS; + else + cmd = fa->fsx_valid ? FS_IOC_FSGETXATTR : FS_IOC_GETFLAGS; + + err = security_file_ioctl(file, cmd, 0); + fput(file); + + return err; +} + +int ovl_fileattr_set(struct user_namespace *mnt_userns, + struct dentry *dentry, struct fileattr *fa) +{ + struct inode *inode = d_inode(dentry); + struct dentry *upperdentry; + const struct cred *old_cred; + int err; + + err = ovl_want_write(dentry); + if (err) + goto out; + + err = ovl_copy_up(dentry); + if (!err) { + upperdentry = ovl_dentry_upper(dentry); + + old_cred = ovl_override_creds(inode->i_sb); + err = ovl_security_fileattr(dentry, fa, true); + if (!err) + err = vfs_fileattr_set(&init_user_ns, upperdentry, fa); + revert_creds(old_cred); + ovl_copyflags(ovl_inode_real(inode), inode); + } + ovl_drop_write(dentry); +out: + return err; +} + +int ovl_fileattr_get(struct dentry *dentry, struct fileattr *fa) +{ + struct inode *inode = d_inode(dentry); + struct dentry *realdentry = ovl_dentry_real(dentry); + const struct cred *old_cred; + int err; + + old_cred = ovl_override_creds(inode->i_sb); + err = ovl_security_fileattr(dentry, fa, false); + if (!err) + err = vfs_fileattr_get(realdentry, fa); + revert_creds(old_cred); + + return err; +} + static const struct inode_operations ovl_file_inode_operations = { .setattr = ovl_setattr, .permission = ovl_permission, @@ -508,6 +583,8 @@ static const struct inode_operations ovl_file_inode_operations = { .get_acl = ovl_get_acl, .update_time = ovl_update_time, .fiemap = ovl_fiemap, + .fileattr_get = ovl_fileattr_get, + .fileattr_set = ovl_fileattr_set, }; static const struct inode_operations ovl_symlink_inode_operations = { diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 95cff83786a5..a1c1b5ae59e9 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -521,6 +521,9 @@ int __init ovl_aio_request_cache_init(void); void ovl_aio_request_cache_destroy(void); long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg); long ovl_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg); +int ovl_fileattr_get(struct dentry *dentry, struct fileattr *fa); +int ovl_fileattr_set(struct user_namespace *mnt_userns, + struct dentry *dentry, struct fileattr *fa); /* copy_up.c */ int ovl_copy_up(struct dentry *dentry); -- 2.30.2