lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cover.1687884029.git.nabijaczleweli@nabijaczleweli.xyz>
Date:   Tue, 27 Jun 2023 18:55:22 +0200
From:   Ahelenia Ziemiańska 
        <nabijaczleweli@...ijaczleweli.xyz>
To:     Amir Goldstein <amir73il@...il.com>
Cc:     Alexander Viro <viro@...iv.linux.org.uk>,
        Christian Brauner <brauner@...nel.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        Jan Kara <jack@...e.cz>,
        Chung-Chiang Cheng <cccheng@...ology.com>, ltp@...r.kernel.org
Subject: [PATCH v3 0/3+1] fanotify accounting for fs/splice.c

In 1/3 I've applied if/else if/else tree like you said,
and expounded a bit in the message.

This is less pretty now, however, since it turns out that
iter_file_splice_write() already marks the out fd as written because it
writes to it via vfs_iter_write(), and that sent a double notification.

$ git grep -F .splice_write | grep -v iter_file_splice_write
drivers/char/mem.c:     .splice_write   = splice_write_null,
drivers/char/virtio_console.c:  .splice_write = port_fops_splice_write,
fs/fuse/dev.c:  .splice_write   = fuse_dev_splice_write,
fs/gfs2/file.c: .splice_write   = gfs2_file_splice_write,
fs/gfs2/file.c: .splice_write   = gfs2_file_splice_write,
fs/overlayfs/file.c:    .splice_write   = ovl_splice_write,
net/socket.c:   .splice_write = generic_splice_sendpage,
scripts/coccinelle/api/stream_open.cocci:    .splice_write = splice_write_f,

Of these, splice_write_null() doesn't mark out as written
(but it's for /dev/null so I think this is expected),
and I haven't been able to visually confirm whether
port_fops_splice_write() and generic_splice_sendpage() do.

All the others delegate to iter_file_splice_write().

In 2/3 I fixed the vmsplice notification placement
(access from pipe, modify to pipe).

I'm following this up with an LTP patch, where only sendfile_file_to_pipe
passes on 6.1.27-1 and all tests pass on v6.4 + this patchset.

Ahelenia Ziemiańska (3):
  splice: always fsnotify_access(in), fsnotify_modify(out) on success
  splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice
  splice: fsnotify_access(in), fsnotify_modify(out) on success in tee

 fs/splice.c | 43 +++++++++++++++++++++++++------------------
 1 file changed, 25 insertions(+), 18 deletions(-)


Interdiff against v2:
diff --git a/fs/splice.c b/fs/splice.c
index 3234aaa6e957..0427f0a91c7d 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1155,10 +1155,7 @@ long do_splice(struct file *in, loff_t *off_in, struct file *out,
 			flags |= SPLICE_F_NONBLOCK;
 
 		ret = splice_pipe_to_pipe(ipipe, opipe, len, flags);
-		goto notify;
-	}
-
-	if (ipipe) {
+	} else if (ipipe) {
 		if (off_in)
 			return -ESPIPE;
 		if (off_out) {
@@ -1188,10 +1185,10 @@ long do_splice(struct file *in, loff_t *off_in, struct file *out,
 		else
 			*off_out = offset;
 
-		goto notify;
-	}
-
-	if (opipe) {
+		// ->splice_write already marked out
+		// as modified via vfs_iter_write()
+		goto noaccessout;
+	} else if (opipe) {
 		if (off_out)
 			return -ESPIPE;
 		if (off_in) {
@@ -1211,17 +1208,14 @@ long do_splice(struct file *in, loff_t *off_in, struct file *out,
 			in->f_pos = offset;
 		else
 			*off_in = offset;
+	} else
+		return -EINVAL;
 
-		goto notify;
-	}
-
-	return -EINVAL;
-
-notify:
-	if (ret > 0) {
-		fsnotify_access(in);
+	if (ret > 0)
 		fsnotify_modify(out);
-	}
+noaccessout:
+	if (ret > 0)
+		fsnotify_access(in);
 
 	return ret;
 }
@@ -1352,6 +1346,9 @@ static long vmsplice_to_user(struct file *file, struct iov_iter *iter,
 		pipe_unlock(pipe);
 	}
 
+	if (ret > 0)
+		fsnotify_access(file);
+
 	return ret;
 }
 
@@ -1381,8 +1378,10 @@ static long vmsplice_to_pipe(struct file *file, struct iov_iter *iter,
 	if (!ret)
 		ret = iter_to_pipe(iter, pipe, buf_flag);
 	pipe_unlock(pipe);
-	if (ret > 0)
+	if (ret > 0) {
 		wakeup_pipe_readers(pipe);
+		fsnotify_modify(file);
+	}
 	return ret;
 }
 
@@ -1447,9 +1446,6 @@ SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, uiov,
 	else
 		error = vmsplice_to_user(f.file, &iter, flags);
 
-	if (error > 0)
-		fsnotify_modify(f.file);
-
 	kfree(iov);
 out_fdput:
 	fdput(f);
-- 
2.39.2

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ