Received: by 2002:ab2:7b86:0:b0:1f7:5705:b850 with SMTP id q6csp320068lqh; Sat, 4 May 2024 02:44:05 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVfkTVfPZoUFYcLAyTSi6eDsnEScx5uNmAHTpAuow3mETz1vm8bj/S3q3suxNhAyT1DSoDDNpN/vG45eq57Muy36m8KdbCbugnnZbSRUg== X-Google-Smtp-Source: AGHT+IHKV4yI8HPnqVx2ocVixAkQQ+b8WVo1D5TUaupiqvPtaFvrEPVkFsR4q8zFQYIqcWIPBThK X-Received: by 2002:a05:6214:224f:b0:69b:695f:ad20 with SMTP id c15-20020a056214224f00b0069b695fad20mr6204073qvc.16.1714815845068; Sat, 04 May 2024 02:44:05 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714815845; cv=pass; d=google.com; s=arc-20160816; b=fAZ/iH/pPGJiSF9YiO8kuO6b8mzosuuLDCn2BcISkoGsceeC5CiXRvvWo9X4lpm9NB JjkTOLCpmt0u8BC13Yp6afJGX90reF1szBFwWlahOxAjJgNMMBgyp4Gib4BY1Iwz8+No gIA6SaaHfHzagqcXXpbzQRWoFXJ5QCvvzThTZt/v+t14H/4XBphKuqTKpKmZwYiUHIJ2 rnHeSi+ZZa3z1g7KU5TBQBqbGLHffBvhvWHF33mpg9LWqv9HPRzNXtbW85p8kl8wEk8F RdjbFTIJvCdg3XbVLyctIFY0kHp5HqIW9vyFJd7EsL2iaMW+W+x2IMAGjTuTr7jI1t4F meeQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=fIow/lRUtXKVyk5QatEWyX22X750ehCcRrV8cIvs8RE=; fh=Nrqsv3yO3EleVuBwg8mU155fV2C3zXtqa5CxcNq5b2g=; b=BqYfSMTjg0xQbt/RsWHbJKt3v0pl8+61TZJ0VbqeAmo/dYszxsPm9n1F8ofJXYlzCM FGbCLI392bpuiHUm4WD6nit+2V0h4BFG1qVi5Rfb36JPNQQUYnSjOrHvH6HrMzmeIuHE WGTS/rQTAi3IGkF8sTluUytrF95ZQtZMQkkhHvmv3PkNyQYT57i28Q8s01vWwfVkRmNc g7CVfJggscr9q5H0x13SerLCKegkHRHOdfcEj3jw9qpyvTGaf5fuIK5bBNS8q1BqBI8j QHrCfWgEFa4JZzE/5WBz13asIq8J5ZsafSKqGOs1hKWRsLLw2OqHFAeGDQHlNa0ssoUj Hk6g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=jfL2WBXk; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-168575-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-168575-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id iw2-20020a0562140f2200b006a0cc2d50c3si4368447qvb.486.2024.05.04.02.44.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 May 2024 02:44:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-168575-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=jfL2WBXk; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-168575-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-168575-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id BB00F1C212A6 for ; Sat, 4 May 2024 09:44:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DB19917BB9; Sat, 4 May 2024 09:43:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jfL2WBXk" Received: from mail-qv1-f42.google.com (mail-qv1-f42.google.com [209.85.219.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF47C5234; Sat, 4 May 2024 09:43:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.42 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714815838; cv=none; b=H8K77OSpVzAOYF02UIPDuY2DstFwBmZzOIBhLgm1MRPJijVjm9juwFgLS/aeeJLzZWdlJFnE0bzhd2fqbC9975AkmdJoGSoPAEhN+S4U7zOVj4lILIoqZwq/W4nM/eU/JmlD1f7m4vPezMa6nJnYXGsj+5r+MyHMrRNcG5hLv/w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714815838; c=relaxed/simple; bh=1w/AH4GdTaY6CWyKTTAvN+nMscC+JR6sHUysLqvmOjE=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=BRFwlZa7eSnkaFvi3/NbEka66So9Q8Ynw9CYXxT4cJwi94hk6UHUXWitOn6fDLX8gs37LzaLViK7M5IpfeeApEd1dujrz8mx6kc+E4LNBz23t36OaJkObvu3afvTelkNCg6w29zEvHy5U1X2MzhNz1uQ6X7holKaf3zEWNu7BtY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=jfL2WBXk; arc=none smtp.client-ip=209.85.219.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-qv1-f42.google.com with SMTP id 6a1803df08f44-6a0ce3e823fso3522046d6.1; Sat, 04 May 2024 02:43:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714815835; x=1715420635; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=fIow/lRUtXKVyk5QatEWyX22X750ehCcRrV8cIvs8RE=; b=jfL2WBXkvyb1YNrP33Up2n0F1pHjHYkkVN830vjY3tRmdszoBIziBaS8E6Q3QTtCjt jCz85Hthx5CvwJ36jedHBk9Vagqn1y8M21VhMFYrB5NT8+jIAV/lLdSFyhaZNwNpnHrT w7VZOnYNczalTx5HbEgt7EiC2Svtg4ct0gsZ4jBcevbrnI57mPiGndhcQB5qpTwTHbzh bu4O4aBioDqP4we1NXi9Ues2pmRJqggQldRcTzE02WvhlJ/1gRTdKO79TJ0PWtb3ZzZS ZjlgSkZElmImSFchWmVhXnj2vrXADJ6H4nAe+40fcG+7QJHV81PdJnRN/ytxfastYNXV 5OVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714815835; x=1715420635; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fIow/lRUtXKVyk5QatEWyX22X750ehCcRrV8cIvs8RE=; b=iz+VQN9snKlRR+SzhEAr68wcCih1XHD/GmpEH9DGGVcPHq7w3OACmI3J+8vck6hMWf 2CX2P377goddlInhl+L8weKOZ2jBhdc1oS0RVN3A8J30TIjgN8+BLrXV4gAczwGSwuwG +BggbkVmO8cCnhPgI6xqDycTanWZqPg+Bk58am2riru81gPABbGYp/m8xoT1G0oM4pfS sIpAH3chjkliSaNQy0lNTQbasRLv895pB+MEF6P0MeFxBkEzOy0/6DBOzhAC5p8ErQPX CFMmC86Avp9nxjL6TwcoBD0qUro3vOMnVobSoJB14Z3UhHowY7L6pnC70Ru06Az4CUm1 CZ1w== X-Forwarded-Encrypted: i=1; AJvYcCUcYFaYkj7MIXkSDaq890KyEXlAZQAEK2XGzw+QS2HJpfJDrfShftisIQUbNr6TaplgQQby0h+oqv6YJ9flUJesyH8oqJ8XkBLkoBbB1LwcA2HlRzipxeBEZGxoeahULqFyZrEZP3UPnFzjww== X-Gm-Message-State: AOJu0YzbiR52P8lf8/aQgH19CkHmzZJ9JAs8N3AjxSWgcnTgf6Rby0hj 2ophtVr4dZMP89IsrhI2zoCnSYCxxyvex/X2t6oMY3UgBwbCFVh2qgwpPAxl1VfekTkCsuCfvh+ 4X8XZcd9sgoeMTIf5klPQjEmQIBHY76uh X-Received: by 2002:a05:6214:1c4f:b0:6a0:a00e:7583 with SMTP id if15-20020a0562141c4f00b006a0a00e7583mr4512882qvb.18.1714815835593; Sat, 04 May 2024 02:43:55 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: In-Reply-To: From: Amir Goldstein Date: Sat, 4 May 2024 12:43:44 +0300 Message-ID: Subject: Re: bug in may_dedupe_file allows to deduplicate files we aren't allowed to write to To: Hugo Valtier Cc: mfasheh@suse.de, viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Christian Brauner Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, May 4, 2024 at 7:49=E2=80=AFAM Hugo Valtier wrote= : > > For context I am making a file based deduplication tool. > > I found that in this commit > 5de4480ae7f8 ("vfs: allow dedupe of user owned read-only files") > it states: > > - the process could get write access > > However the behavior added in allow_file_dedupe now may_dedupe_file is op= posite: > > + if (!inode_permission(file_inode(file), MAY_WRITE)) > > + return true > > I've tested that I can create an other readonly file as root and have > my unprivileged user deduplicate it however if I then make the file > other writeable I cannot anymore*. > It doesn't make sense to me why giving write permissions on a file > should remove the permission to deduplicate*. True. Here is the discussion about adding "could have been opened w" to allow dedupe: https://lore.kernel.org/linux-fsdevel/20180517230150.GA28045@wotan.suse.de/ > > I'm not sure on how to fix this, flipping the condition would work but > that is a breaking change and idk if this is ok here. > Adding a check to also users who have write access to the file would > remove all the logic here since you would always be allowed to dedup > FDs you managed to get your hands on. > > Any input on this welcome, thx My guess is that not many users try to dedupe other users' files, so this feature was never used and nobody complained. What use case do you think flipping the condition could break? breaking uapi is not about theoretical use cases and in any case this needs to be marked with Fixes: and can be backported as far as anyone who cares wants to backport. You should add an xfstest for this and include a _fixed_by_kernel_commit and that will signal all the distros that care to backport the fix. Thanks, Amir.