lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 07 Jun 2017 07:50:14 -0400
From:   Jeff Layton <jlayton@...chiereds.net>
To:     Benjamin Coddington <bcodding@...hat.com>, bfields@...ldses.org,
        Alexander Viro <viro@...iv.linux.org.uk>
Cc:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/3] fs/locks: Use fs-specific l_pid for remote locks

On Tue, 2017-06-06 at 16:45 -0400, Benjamin Coddington wrote:
> Now that we're translating fl_pid for F_GETLK and /proc/locks, we need to
> handle the case where a remote filesystem directly sets fl_pid.  In that
> case, the fl_pid should not be translated into a local pid namespace.  If
> the filesystem implements the lock operation, set a flag to return the
> lock's fl_pid value directly, rather translate it.
> 
> Signed-off-by: Benjamin Coddington <bcodding@...hat.com>
> ---
>  fs/locks.c         | 22 ++++++++++++++++++----
>  include/linux/fs.h |  1 +
>  2 files changed, 19 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/locks.c b/fs/locks.c
> index 8d48e4c42ed3..206a46d28bbd 100644
> --- a/fs/locks.c
> +++ b/fs/locks.c
> @@ -2034,8 +2034,10 @@ SYSCALL_DEFINE2(flock, unsigned int, fd, unsigned int, cmd)
>   */
>  int vfs_test_lock(struct file *filp, struct file_lock *fl)
>  {
> -	if (filp->f_op->lock && is_remote_lock(filp))
> +	if (filp->f_op->lock && is_remote_lock(filp)) {
> +		fl->fl_flags |= FL_PID_PRIV;
>  		return filp->f_op->lock(filp, F_GETLK, fl);
> +	}
>  	posix_test_lock(filp, fl);
>  	return 0;
>  }

I do have one concern here with setting the flag at this point. It's
possible with NFS that we'll end up setting a lock locally if we have a
delegation (also true for CIFS and probably Ceph -- maybe others too).

Here though, you're setting FL_PID_PRIV so those locks will always show
a l_pid of current->tgid, even when you're querying it from a different
pid namespace.

If we want to go this route, then you'll also need to fix NFS to clear
that flag when it sets the lock locally, and audit other fs' that have a
->lock operation for the same thing.

However, I think it might be cleaner to have the filesystems set that
flag to opt out of the default pid translation.

Thoughts?
 
> @@ -2060,9 +2062,18 @@ static pid_t locks_translate_pid(int init_nr, struct pid_namespace *ns)
>  	return vnr;
>  }
>  
> +static pid_t flock_translate_pid(struct file_lock *fl)
> +{
> +	if (IS_OFDLCK(fl))
> +		return -1;
> +	if (fl->fl_flags & FL_PID_PRIV)
> +		return fl->fl_pid;
> +	return locks_translate_pid(fl->fl_pid,  task_active_pid_ns(current));
> +}
> +
>  static int posix_lock_to_flock(struct flock *flock, struct file_lock *fl)
>  {
> -	flock->l_pid = IS_OFDLCK(fl) ? -1 : fl->fl_pid;
> +	flock->l_pid = flock_translate_pid(fl);
>  #if BITS_PER_LONG == 32
>  	/*
>  	 * Make sure we can represent the posix lock via
> @@ -2084,7 +2095,7 @@ static int posix_lock_to_flock(struct flock *flock, struct file_lock *fl)
>  #if BITS_PER_LONG == 32
>  static void posix_lock_to_flock64(struct flock64 *flock, struct file_lock *fl)
>  {
> -	flock->l_pid = IS_OFDLCK(fl) ? -1 : fl->fl_pid;
> +	flock->l_pid = flock_translate_pid(fl);
>  	flock->l_start = fl->fl_start;
>  	flock->l_len = fl->fl_end == OFFSET_MAX ? 0 :
>  		fl->fl_end - fl->fl_start + 1;
> @@ -2598,7 +2609,10 @@ static void lock_get_status(struct seq_file *f, struct file_lock *fl,
>  	unsigned int fl_pid;
>  	struct pid_namespace *proc_pidns = file_inode(f->file)->i_sb->s_fs_info;
>  
> -	fl_pid = locks_translate_pid(fl->fl_pid, proc_pidns);
> +	if (fl->fl_flags & FL_PID_PRIV)
> +		fl_pid = fl->fl_pid;
> +	else
> +		fl_pid = locks_translate_pid(fl->fl_pid, proc_pidns);
>  	/*
>  	 * If there isn't a fl_pid don't display who is waiting on
>  	 * the lock if we are called from locks_show, or if we are
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index b013fac515f7..179496a9719d 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -908,6 +908,7 @@ static inline struct file *get_file(struct file *f)
>  #define FL_UNLOCK_PENDING	512 /* Lease is being broken */
>  #define FL_OFDLCK	1024	/* lock is "owned" by struct file */
>  #define FL_LAYOUT	2048	/* outstanding pNFS layout */
> +#define FL_PID_PRIV	4096	/* F_GETLK should report fl_pid */
>  
>  #define FL_CLOSE_POSIX (FL_POSIX | FL_CLOSE)
>  

-- 
Jeff Layton <jlayton@...chiereds.net>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ