lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230824-frohlocken-vorabend-725f6fdaad50@brauner>
Date:   Thu, 24 Aug 2023 16:44:15 +0200
From:   Christian Brauner <brauner@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Christian Brauner <brauner@...nel.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] fchmodat2

Hey Linus,

/* Summary */
This adds the fchmodat2() system call. It is a revised version of the
fchmodat() system call, adding a missing flag argument. Support for both
AT_SYMLINK_NOFOLLOW and AT_EMPTY_PATH are included.

Adding this system call revision has been a longstanding request but so
far has always fallen through the cracks. While the kernel
implementation of fchmodat() does not have a flag argument the libc
provided POSIX-compliant fchmodat(3) version does. Both libcs have to
implement a workaround in order to support AT_SYMLINK_NOFOLLOW (see [1]
and [2]).

The workaround is brittle because it relies not just on O_PATH and
O_NOFOLLOW semantics and procfs magic links but also on our rather
inconsistent symlink semantics.

This pull request gives userspace a proper fchmodat2() system call that
libcs can use to properly implement fchmodat(3) and allows them to get
rid of their hacks. In this case it will immediately benefit them as the
current workaround is already defunct because of aformentioned
inconsistencies.

In addition to AT_SYMLINK_NOFOLLOW, give userspace the ability to use
AT_EMPTY_PATH with fchmodat2(). This is already possible with fchownat()
so there's no reason to not also support it for fchmodat2().

The implementation is simple and comes with selftests. Implementation of
the system call and wiring up the system call are done as separate
patches even though they could arguably be one patch. But in case there
are merge conflicts from other system call additions it can be
beneficial to have separate patches.

Link: [1] https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/fchmodat.c;h=17eca54051ee28ba1ec3f9aed170a62630959143;hb=a492b1e5ef7ab50c6fdd4e4e9879ea5569ab0a6c#l35
Link: [2] https://git.musl-libc.org/cgit/musl/tree/src/stat/fchmodat.c?id=718f363bc2067b6487900eddc9180c84e7739f80#n28

/* Testing */
clang: Ubuntu clang version 15.0.7
gcc: (Ubuntu 12.2.0-3ubuntu1) 12.2.0

All patches are based on v6.5-rc1 and have been sitting in linux-next.
No build failures or warnings were observed. All old and new tests in
selftests, and LTP pass without regressions.

/* Conflicts */
(1) linux-next: manual merge of the tip tree with the vfs-brauner tree
    https://lore.kernel.org/lkml/20230815142437.01441969@canb.auug.org.au

    This is a simple conflict in system call numbering with the
    map_shadow_stack() system call in case that gets sent.

The following changes since commit 06c2afb862f9da8dc5efa4b6076a0e48c3fbaaa5:

  Linux 6.5-rc1 (2023-07-09 13:53:13 -0700)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/v6.6-vfs.fchmodat2

for you to fetch changes up to 71214379532794b5a05ea760524cdfb1c4ddbfcb:

  selftests: fchmodat2: remove duplicate unneeded defines (2023-08-05 12:40:44 +0200)

Please consider pulling these changes from the signed v6.6-vfs.fchmodat2 tag.

Thanks!
Christian

----------------------------------------------------------------
v6.6-vfs.fchmodat2

----------------------------------------------------------------
Aleksa Sarai (1):
      fchmodat2: add support for AT_EMPTY_PATH

Alexey Gladkov (2):
      fs: Add fchmodat2()
      selftests: Add fchmodat2 selftest

Muhammad Usama Anjum (1):
      selftests: fchmodat2: remove duplicate unneeded defines

Palmer Dabbelt (2):
      Non-functional cleanup of a "__user * filename"
      arch: Register fchmodat2, usually as syscall 452

 arch/alpha/kernel/syscalls/syscall.tbl             |   1 +
 arch/arm/tools/syscall.tbl                         |   1 +
 arch/arm64/include/asm/unistd.h                    |   2 +-
 arch/arm64/include/asm/unistd32.h                  |   2 +
 arch/ia64/kernel/syscalls/syscall.tbl              |   1 +
 arch/m68k/kernel/syscalls/syscall.tbl              |   1 +
 arch/microblaze/kernel/syscalls/syscall.tbl        |   1 +
 arch/mips/kernel/syscalls/syscall_n32.tbl          |   1 +
 arch/mips/kernel/syscalls/syscall_n64.tbl          |   1 +
 arch/mips/kernel/syscalls/syscall_o32.tbl          |   1 +
 arch/parisc/kernel/syscalls/syscall.tbl            |   1 +
 arch/powerpc/kernel/syscalls/syscall.tbl           |   1 +
 arch/s390/kernel/syscalls/syscall.tbl              |   1 +
 arch/sh/kernel/syscalls/syscall.tbl                |   1 +
 arch/sparc/kernel/syscalls/syscall.tbl             |   1 +
 arch/x86/entry/syscalls/syscall_32.tbl             |   1 +
 arch/x86/entry/syscalls/syscall_64.tbl             |   1 +
 arch/xtensa/kernel/syscalls/syscall.tbl            |   1 +
 fs/open.c                                          |  23 +++-
 include/linux/syscalls.h                           |   4 +-
 include/uapi/asm-generic/unistd.h                  |   5 +-
 tools/testing/selftests/Makefile                   |   1 +
 tools/testing/selftests/fchmodat2/.gitignore       |   2 +
 tools/testing/selftests/fchmodat2/Makefile         |   6 +
 tools/testing/selftests/fchmodat2/fchmodat2_test.c | 142 +++++++++++++++++++++
 25 files changed, 196 insertions(+), 7 deletions(-)
 create mode 100644 tools/testing/selftests/fchmodat2/.gitignore
 create mode 100644 tools/testing/selftests/fchmodat2/Makefile
 create mode 100644 tools/testing/selftests/fchmodat2/fchmodat2_test.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ