| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 8 Jan 2022 09:08:57 +0200
From: Amir Goldstein <amir73il@...il.com>
To: David Howells <dhowells@...hat.com>
Cc: linux-cachefs@...hat.com,
Trond Myklebust <trondmy@...merspace.com>,
Anna Schumaker <anna.schumaker@...app.com>,
Steve French <sfrench@...ba.org>,
Dominique Martinet <asmadeus@...ewreck.org>,
Jeff Layton <jlayton@...nel.org>,
Matthew Wilcox <willy@...radead.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Omar Sandoval <osandov@...ndov.com>,
JeffleXu <jefflexu@...ux.alibaba.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-afs@...ts.infradead.org,
Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
CIFS <linux-cifs@...r.kernel.org>,
ceph-devel <ceph-devel@...r.kernel.org>,
v9fs-developer@...ts.sourceforge.net,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v4 38/68] vfs, cachefiles: Mark a backing file in use with
an inode flag
On Sat, Dec 25, 2021 at 1:32 AM David Howells <dhowells@...hat.com> wrote:
>
> Use an inode flag, S_KERNEL_FILE, to mark that a backing file is in use by
> the kernel to prevent cachefiles or other kernel services from interfering
> with that file.
>
> Alter rmdir to reject attempts to remove a directory marked with this flag.
> This is used by cachefiles to prevent cachefilesd from removing them.
>
> Using S_SWAPFILE instead isn't really viable as that has other effects in
> the I/O paths.
>
> Changes
> =======
> ver #3:
> - Check for the object pointer being NULL in the tracepoints rather than
> the caller.
>
> Signed-off-by: David Howells <dhowells@...hat.com>
> cc: linux-cachefs@...hat.com
> Link: https://lore.kernel.org/r/163819630256.215744.4815885535039369574.stgit@warthog.procyon.org.uk/ # v1
> Link: https://lore.kernel.org/r/163906931596.143852.8642051223094013028.stgit@warthog.procyon.org.uk/ # v2
> Link: https://lore.kernel.org/r/163967141000.1823006.12920680657559677789.stgit@warthog.procyon.org.uk/ # v3
> ---
>
> fs/cachefiles/Makefile | 1 +
> fs/cachefiles/namei.c | 43 +++++++++++++++++++++++++++++++++++++
> fs/namei.c | 3 ++-
> include/linux/fs.h | 1 +
> include/trace/events/cachefiles.h | 42 ++++++++++++++++++++++++++++++++++++
> 5 files changed, 89 insertions(+), 1 deletion(-)
> create mode 100644 fs/cachefiles/namei.c
>
> diff --git a/fs/cachefiles/Makefile b/fs/cachefiles/Makefile
> index 463e3d608b75..e0b092ca077f 100644
> --- a/fs/cachefiles/Makefile
> +++ b/fs/cachefiles/Makefile
> @@ -7,6 +7,7 @@ cachefiles-y := \
> cache.o \
> daemon.o \
> main.o \
> + namei.o \
> security.o
>
> cachefiles-$(CONFIG_CACHEFILES_ERROR_INJECTION) += error_inject.o
> diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
> new file mode 100644
> index 000000000000..913f83f1c900
> --- /dev/null
> +++ b/fs/cachefiles/namei.c
> @@ -0,0 +1,43 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/* CacheFiles path walking and related routines
> + *
> + * Copyright (C) 2021 Red Hat, Inc. All Rights Reserved.
> + * Written by David Howells (dhowells@...hat.com)
> + */
> +
> +#include <linux/fs.h>
> +#include "internal.h"
> +
> +/*
> + * Mark the backing file as being a cache file if it's not already in use. The
> + * mark tells the culling request command that it's not allowed to cull the
> + * file or directory. The caller must hold the inode lock.
> + */
> +static bool __cachefiles_mark_inode_in_use(struct cachefiles_object *object,
> + struct dentry *dentry)
> +{
> + struct inode *inode = d_backing_inode(dentry);
> + bool can_use = false;
> +
> + if (!(inode->i_flags & S_KERNEL_FILE)) {
> + inode->i_flags |= S_KERNEL_FILE;
> + trace_cachefiles_mark_active(object, inode);
> + can_use = true;
> + } else {
> + pr_notice("cachefiles: Inode already in use: %pd\n", dentry);
> + }
> +
> + return can_use;
> +}
> +
> +/*
> + * Unmark a backing inode. The caller must hold the inode lock.
> + */
> +static void __cachefiles_unmark_inode_in_use(struct cachefiles_object *object,
> + struct dentry *dentry)
> +{
> + struct inode *inode = d_backing_inode(dentry);
> +
> + inode->i_flags &= ~S_KERNEL_FILE;
> + trace_cachefiles_mark_inactive(object, inode);
> +}
> diff --git a/fs/namei.c b/fs/namei.c
> index 1f9d2187c765..d81f04f8d818 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -3958,7 +3958,8 @@ int vfs_rmdir(struct user_namespace *mnt_userns, struct inode *dir,
> inode_lock(dentry->d_inode);
>
> error = -EBUSY;
> - if (is_local_mountpoint(dentry))
> + if (is_local_mountpoint(dentry) ||
> + (dentry->d_inode->i_flags & S_KERNEL_FILE))
Better as this check to the many other checks in may_delete()
> goto out;
>
> error = security_inode_rmdir(dir, dentry);
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 2c0b8e77d9ab..bcf1ca430139 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -2249,6 +2249,7 @@ struct super_operations {
> #define S_ENCRYPTED (1 << 14) /* Encrypted file (using fs/crypto/) */
> #define S_CASEFOLD (1 << 15) /* Casefolded file */
> #define S_VERITY (1 << 16) /* Verity file (using fs/verity/) */
> +#define S_KERNEL_FILE (1 << 17) /* File is in use by the kernel (eg. fs/cachefiles) */
>
Trying to brand this flag as a generic "in use by kernel" is misleading.
Modules other than cachefiles cannot set/clear this flag, because then
cachefiles won't know that it is allowed to set/clear the flag.
So I think it would be better to call it for what it really is - an inode flag
that is controlled by cachefiles.
Also, the name KERNEL_FILE for a directory is a bit confusing IMO.
Perhaps S_CACHEFILES?
Thanks,
Amir.
Powered by blists - more mailing lists