lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <d6648e7f56169468216a3a8155815613de412371.1731433903.git.josef@toxicpanda.com> Date: Tue, 12 Nov 2024 12:55:23 -0500 From: Josef Bacik <josef@...icpanda.com> To: kernel-team@...com, linux-fsdevel@...r.kernel.org, jack@...e.cz, amir73il@...il.com, brauner@...nel.org, torvalds@...ux-foundation.org, linux-xfs@...r.kernel.org, linux-btrfs@...r.kernel.org, linux-mm@...ck.org, linux-ext4@...r.kernel.org Subject: [PATCH v7 08/18] fsnotify: generate pre-content permission event on truncate From: Amir Goldstein <amir73il@...il.com> Generate FS_PRE_ACCESS event before truncate, without sb_writers held. Move the security hooks also before sb_start_write() to conform with other security hooks (e.g. in write, fallocate). The event will have a range info of the page surrounding the new size to provide an opportunity to fill the conetnt at the end of file before truncating to non-page aligned size. Signed-off-by: Amir Goldstein <amir73il@...il.com> --- fs/open.c | 31 +++++++++++++++++++++---------- include/linux/fsnotify.h | 32 ++++++++++++++++++++++---------- 2 files changed, 43 insertions(+), 20 deletions(-) diff --git a/fs/open.c b/fs/open.c index e6911101fe71..e75456cda440 100644 --- a/fs/open.c +++ b/fs/open.c @@ -81,14 +81,18 @@ long vfs_truncate(const struct path *path, loff_t length) if (!S_ISREG(inode->i_mode)) return -EINVAL; - error = mnt_want_write(path->mnt); - if (error) - goto out; - idmap = mnt_idmap(path->mnt); error = inode_permission(idmap, inode, MAY_WRITE); if (error) - goto mnt_drop_write_and_out; + return error; + + error = fsnotify_truncate_perm(path, length); + if (error) + return error; + + error = mnt_want_write(path->mnt); + if (error) + return error; error = -EPERM; if (IS_APPEND(inode)) @@ -114,7 +118,7 @@ long vfs_truncate(const struct path *path, loff_t length) put_write_access(inode); mnt_drop_write_and_out: mnt_drop_write(path->mnt); -out: + return error; } EXPORT_SYMBOL_GPL(vfs_truncate); @@ -175,11 +179,18 @@ long do_ftruncate(struct file *file, loff_t length, int small) /* Check IS_APPEND on real upper inode */ if (IS_APPEND(file_inode(file))) return -EPERM; - sb_start_write(inode->i_sb); + error = security_file_truncate(file); - if (!error) - error = do_truncate(file_mnt_idmap(file), dentry, length, - ATTR_MTIME | ATTR_CTIME, file); + if (error) + return error; + + error = fsnotify_truncate_perm(&file->f_path, length); + if (error) + return error; + + sb_start_write(inode->i_sb); + error = do_truncate(file_mnt_idmap(file), dentry, length, + ATTR_MTIME | ATTR_CTIME, file); sb_end_write(inode->i_sb); return error; diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index 2d1c13df112c..f1ef072a3b2f 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -154,17 +154,14 @@ static inline int fsnotify_file(struct file *file, __u32 mask) } #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS -static inline int fsnotify_pre_content(const struct file *file, +static inline int fsnotify_pre_content(const struct path *path, const loff_t *ppos, size_t count) { - struct inode *inode = file_inode(file); + struct inode *inode = d_inode(path->dentry); struct file_range range; const void *data; int data_type; - if (!fsnotify_file_watchable(file, FS_PRE_ACCESS)) - return 0; - /* * Pre-content events are only reported for regular files and dirs * if there are any pre-content event watchers on this sb. @@ -177,18 +174,17 @@ static inline int fsnotify_pre_content(const struct file *file, /* Report page aligned range only when pos is known */ if (ppos) { - range.path = &file->f_path; + range.path = path; range.pos = PAGE_ALIGN_DOWN(*ppos); range.count = PAGE_ALIGN(*ppos + count) - range.pos; data = ⦥ data_type = FSNOTIFY_EVENT_FILE_RANGE; } else { - data = &file->f_path; + data = path; data_type = FSNOTIFY_EVENT_PATH; } - return fsnotify_parent(file->f_path.dentry, FS_PRE_ACCESS, - data, data_type); + return fsnotify_parent(path->dentry, FS_PRE_ACCESS, data, data_type); } /* @@ -206,11 +202,14 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, */ lockdep_assert_once(file_write_not_started(file)); + if (!fsnotify_file_watchable(file, FS_PRE_ACCESS | FS_ACCESS_PERM)) + return 0; + /* * read()/write and other types of access generate pre-content events. */ if (perm_mask & (MAY_READ | MAY_WRITE | MAY_ACCESS | MAY_OPEN)) { - int ret = fsnotify_pre_content(file, ppos, count); + int ret = fsnotify_pre_content(&file->f_path, ppos, count); if (ret) return ret; @@ -226,6 +225,14 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, return fsnotify_file(file, FS_ACCESS_PERM); } +/* + * fsnotify_truncate_perm - permission hook before file truncate + */ +static inline int fsnotify_truncate_perm(const struct path *path, loff_t length) +{ + return fsnotify_pre_content(path, &length, 0); +} + /* * fsnotify_file_perm - permission hook before file access (unknown range) */ @@ -254,6 +261,11 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, return 0; } +static inline int fsnotify_truncate_perm(const struct path *path, loff_t length) +{ + return 0; +} + static inline int fsnotify_file_perm(struct file *file, int perm_mask) { return 0; -- 2.43.0
Powered by blists - more mailing lists