lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y3+jz5CVA9S+h2+b@ZenIV>
Date:   Thu, 24 Nov 2022 17:03:11 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Thorsten Leemhuis <regressions@...mhuis.info>
Cc:     Linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        "regressions@...ts.linux.dev" <regressions@...ts.linux.dev>,
        LKML <linux-kernel@...r.kernel.org>,
        "Christian Brauner (Microsoft)" <brauner@...nel.org>,
        Pierre Labastie <pierre.labastie@...f.fr>,
        Miklos Szeredi <miklos@...redi.hu>,
        linux-unionfs@...r.kernel.org
Subject: Re: [regression, bisected] BugĀ 216738 - Adding O_APPEND to O_RDWR with fcntl(fd, F_SETFL) does not work on overlayfs

On Thu, Nov 24, 2022 at 04:47:56PM +0100, Thorsten Leemhuis wrote:
> Hi, this is your Linux kernel regression tracker speaking.
> 
> I noticed a regression report in bugzilla.kernel.org. As many (most?)
> kernel developer don't keep an eye on it, I decided to forward it by
> mail. Quoting from https://bugzilla.kernel.org/show_bug.cgi?id=216738 :
> 
> >  Pierre Labastie 2022-11-24 14:53:33 UTC
> > 
> > Created attachment 303287 [details]
> > C program for reproducing the bug
> > 
> > Not sure this is the right place to report this, but at least the offending commit
> 
> [offending commit is 164f4064ca8 ("keep iocb_flags() result cached in
> struct file"), as specified in the "Kernel Version:" field in bugzilla]

So basically we have this
static int ovl_change_flags(struct file *file, unsigned int flags)
{
        struct inode *inode = file_inode(file);
        int err;

        flags &= OVL_SETFL_MASK;

        if (((flags ^ file->f_flags) & O_APPEND) && IS_APPEND(inode))
                return -EPERM;

        if ((flags & O_DIRECT) && !(file->f_mode & FMODE_CAN_ODIRECT))
                return -EINVAL;

        if (file->f_op->check_flags) {
                err = file->f_op->check_flags(flags);
                if (err)
                        return err;
        }

        spin_lock(&file->f_lock);
        file->f_flags = (file->f_flags & ~OVL_SETFL_MASK) | flags;
        spin_unlock(&file->f_lock);

        return 0;
}
open-coding what setfl() would've done, without updating ->f_iocb_flags...
Not hard to deal with...

I could pick it in vfs.git #fixes, or Miklos could put it through his tree.
Miklos, which way would you prefer that to go?

[PATCH] update ->f_iocb_flags when ovl_change_flags() modifies ->f_flags

ovl_change_flags() is an open-coded variant of fs/fcntl.c:setfl() and it got
missed by 164f4064ca81e "keep iocb_flags() result cached in struct file";
the same change applies there.

Reported-by: Pierre Labastie <pierre.labastie@...f.fr>
Fixes: 164f4064ca81e "keep iocb_flags() result cached in struct file"
Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
---
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index a1a22f58ba18..dd688a842b0b 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -96,6 +96,7 @@ static int ovl_change_flags(struct file *file, unsigned int flags)
 
 	spin_lock(&file->f_lock);
 	file->f_flags = (file->f_flags & ~OVL_SETFL_MASK) | flags;
+	file->f_iocb_flags = iocb_flags(file);
 	spin_unlock(&file->f_lock);
 
 	return 0;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ