| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Feb 2021 15:51:56 +0200
From: Amir Goldstein <amir73il@...il.com>
To: Luis Henriques <lhenriques@...e.de>
Cc: Trond Myklebust <trondmy@...merspace.com>,
"samba-technical@...ts.samba.org" <samba-technical@...ts.samba.org>,
"drinkcat@...omium.org" <drinkcat@...omium.org>,
"iant@...gle.com" <iant@...gle.com>,
"linux-cifs@...r.kernel.org" <linux-cifs@...r.kernel.org>,
"darrick.wong@...cle.com" <darrick.wong@...cle.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"jlayton@...nel.org" <jlayton@...nel.org>,
"anna.schumaker@...app.com" <anna.schumaker@...app.com>,
"llozano@...omium.org" <llozano@...omium.org>,
"linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
"miklos@...redi.hu" <miklos@...redi.hu>,
"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
"dchinner@...hat.com" <dchinner@...hat.com>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"sfrench@...ba.org" <sfrench@...ba.org>,
"ceph-devel@...r.kernel.org" <ceph-devel@...r.kernel.org>
Subject: Re: [PATCH v2] vfs: prevent copy_file_range to copy across devices
> Ugh. And I guess overlayfs may have a similar problem.
Not exactly.
Generally speaking, overlayfs should call vfs_copy_file_range()
with the flags it got from layer above, so if called from nfsd it
will allow cross fs copy and when called from syscall it won't.
There are some corner cases where overlayfs could benefit from
COPY_FILE_SPLICE (e.g. copy from lower file to upper file), but
let's leave those for now. Just leave overlayfs code as is.
>
> > This is easy to solve with a flag COPY_FILE_SPLICE (or something) that
> > is internal to kernel users.
> >
> > FWIW, you may want to look at the loop in ovl_copy_up_data()
> > for improvements to nfsd_copy_file_range().
> >
> > We can move the check out to copy_file_range syscall:
> >
> > if (flags != 0)
> > return -EINVAL;
> >
> > Leave the fallback from all filesystems and check for the
> > COPY_FILE_SPLICE flag inside generic_copy_file_range().
>
> Ok, the diff bellow is just to make sure I understood your suggestion.
>
> The patch will also need to:
>
> - change nfs and overlayfs calls to vfs_copy_file_range() so that they
> use the new flag.
>
> - check flags in generic_copy_file_checks() to make sure only valid flags
> are used (COPY_FILE_SPLICE at the moment).
>
> Also, where should this flag be defined? include/uapi/linux/fs.h?
Grep for REMAP_FILE_
Same header file, same Documentation rst file.
>
> Cheers,
> --
> Luis
>
> diff --git a/fs/read_write.c b/fs/read_write.c
> index 75f764b43418..341d315d2a96 100644
> --- a/fs/read_write.c
> +++ b/fs/read_write.c
> @@ -1383,6 +1383,13 @@ ssize_t generic_copy_file_range(struct file *file_in, loff_t pos_in,
> struct file *file_out, loff_t pos_out,
> size_t len, unsigned int flags)
> {
> + if (!(flags & COPY_FILE_SPLICE)) {
> + if (!file_out->f_op->copy_file_range)
> + return -EOPNOTSUPP;
> + else if (file_out->f_op->copy_file_range !=
> + file_in->f_op->copy_file_range)
> + return -EXDEV;
> + }
That looks strange, because you are duplicating the logic in
do_copy_file_range(). Maybe better:
if (WARN_ON_ONCE(flags & ~COPY_FILE_SPLICE))
return -EINVAL;
if (flags & COPY_FILE_SPLICE)
return do_splice_direct(file_in, &pos_in, file_out, &pos_out,
len > MAX_RW_COUNT ? MAX_RW_COUNT : len, 0);
if (!file_out->f_op->copy_file_range)
return -EOPNOTSUPP;
return -EXDEV;
> }
> @@ -1474,9 +1481,6 @@ ssize_t vfs_copy_file_range(struct file *file_in, loff_t pos_in,
> {
> ssize_t ret;
>
> - if (flags != 0)
> - return -EINVAL;
> -
This needs to move to the beginning of SYSCALL_DEFINE6(copy_file_range,...
Thanks,
Amir.
Powered by blists - more mailing lists