lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231124-vfs-fixes-3420a81c0abe@brauner>
Date:   Fri, 24 Nov 2023 11:27:28 +0100
From:   Christian Brauner <brauner@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Christian Brauner <brauner@...nel.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] vfs fixes

Hey Linus,

/* Summary */
This contains the usual miscellaneous fixes:

* Avoid calling back into LSMs from vfs_getattr_nosec() calls.

  IMA used to query inode properties accessing raw inode fields without
  dedicated helpers. That was finally fixed a few releases ago by
  forcing IMA to use vfs_getattr_nosec() helpers.

  The goal of the vfs_getattr_nosec() helper is to query for attributes
  without calling into the LSM layer which would be quite problematic
  because incredibly IMA is called from __fput()...

  __fput()
    -> ima_file_free()

  What it does is to call back into the filesystem to update the file's
  IMA xattr. Querying the inode without using vfs_getattr_nosec() meant
  that IMA didn't handle stacking filesystems such as overlayfs
  correctly. So the switch to vfs_getattr_nosec() is quite correct. But
  the switch to vfs_getattr_nosec() revealed another bug when used on
  stacking filesystems:

  __fput()
    -> ima_file_free()
       -> vfs_getattr_nosec()
          -> i_op->getattr::ovl_getattr()
             -> vfs_getattr()
                -> i_op->getattr::$WHATEVER_UNDERLYING_FS_getattr()
                   -> security_inode_getattr() # calls back into LSMs

  Now, if that __fput() happens from task_work_run() of an exiting task
  current->fs and various other pointer could already be NULL. So
  anything in the LSM layer relying on that not being NULL would be
  quite surprised.

  Fix that by passing the information that this is a security request
  through to the stacking filesystem by adding a new internal
  ATT_GETATTR_NOSEC flag. Now the callchain becomes:

  __fput()
    -> ima_file_free()
       -> vfs_getattr_nosec()
          -> i_op->getattr::ovl_getattr()
             -> if (AT_GETATTR_NOSEC)
                       vfs_getattr_nosec()
                else
                       vfs_getattr()
                -> i_op->getattr::$WHATEVER_UNDERLYING_FS_getattr()

* Fix a bug introduced with the iov_iter rework from last cycle.

  This broke /proc/kcore by copying too much and without the correct
  offset.

* Add a missing NULL check when allocating the root inode in
  autofs_fill_super().

* Fix stable writes for multi-device filesystems (xfs, btrfs etc) and
  the block device pseudo filesystem.

  Stable writes used to be a superblock flag only, making it a per
  filesystem property. Add an additional AS_STABLE_WRITES mapping flag
  to allow for fine-grained control.

* Ensure that offset_iterate_dir() returns 0 after reaching the end of a
  directory so it adheres to getdents() convention.

/* Testing */
clang: Debian clang version 16.0.6 (16)
gcc: gcc (Debian 13.2.0-5) 13.2.0

All patches are based on v6.7-rc1 and have been sitting in linux-next.
No build failures or warnings were observed. Passes xfstests.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with
current mainline.

The following changes since commit b85ea95d086471afb4ad062012a4d73cd328fa86:

  Linux 6.7-rc1 (2023-11-12 16:19:07 -0800)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-6.7-rc3.fixes

for you to fetch changes up to 796432efab1e372d404e7a71cc6891a53f105051:

  libfs: getdents() should return 0 after reaching EOD (2023-11-20 15:34:22 +0100)

Please consider pulling these changes from the signed vfs-6.7-rc3.fixes tag.

Thanks!
Christian

----------------------------------------------------------------
vfs-6.7-rc3.fixes

----------------------------------------------------------------
Christoph Hellwig (4):
      filemap: add a per-mapping stable writes flag
      block: update the stable_writes flag in bdev_add
      xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
      xfs: respect the stable writes flag on the RT device

Chuck Lever (1):
      libfs: getdents() should return 0 after reaching EOD

Ian Kent (1):
      autofs: add: new_inode check in autofs_fill_super()

Omar Sandoval (1):
      iov_iter: fix copy_page_to_iter_nofault()

Stefan Berger (1):
      fs: Pass AT_GETATTR_NOSEC flag to getattr interface function

 block/bdev.c               |  2 ++
 fs/autofs/inode.c          | 56 +++++++++++++++++-----------------------------
 fs/ecryptfs/inode.c        | 12 ++++++++--
 fs/inode.c                 |  2 ++
 fs/libfs.c                 | 14 +++++++++---
 fs/overlayfs/inode.c       | 10 ++++-----
 fs/overlayfs/overlayfs.h   |  8 +++++++
 fs/stat.c                  |  6 ++++-
 fs/xfs/xfs_inode.h         |  8 +++++++
 fs/xfs/xfs_ioctl.c         | 30 ++++++++++++++++---------
 fs/xfs/xfs_iops.c          |  7 ++++++
 include/linux/pagemap.h    | 17 ++++++++++++++
 include/uapi/linux/fcntl.h |  3 +++
 lib/iov_iter.c             |  2 +-
 mm/page-writeback.c        |  2 +-
 15 files changed, 121 insertions(+), 58 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ