lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240906143453.179506-3-aleksandr.mikhalitsyn@canonical.com>
Date: Fri,  6 Sep 2024 16:34:53 +0200
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
To: mszeredi@...hat.com
Cc: brauner@...nel.org,
	linux-fsdevel@...r.kernel.org,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>,
	Miklos Szeredi <miklos@...redi.hu>,
	linux-kernel@...r.kernel.org
Subject: [PATCH v1 3/3] fs/fuse: convert to use invalid_mnt_idmap

We should convert fs/fuse code to use a newly introduced
invalid_mnt_idmap instead of passing a NULL as idmap pointer.

Suggested-by: Christian Brauner <brauner@...nel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
---
 fs/fuse/dev.c    | 47 +++++++++++++++++++++++------------------------
 fs/fuse/dir.c    |  6 +++---
 fs/fuse/fuse_i.h |  2 +-
 3 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index 04a6490a587c..e42b2f38d35f 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -114,7 +114,11 @@ static struct fuse_req *fuse_get_req(struct mnt_idmap *idmap,
 {
 	struct fuse_conn *fc = fm->fc;
 	struct fuse_req *req;
+	bool no_idmap = (fm->sb->s_iflags & SB_I_NOIDMAP);
+	kuid_t fsuid;
+	kgid_t fsgid;
 	int err;
+
 	atomic_inc(&fc->num_waiting);
 
 	if (fuse_block_alloc(fc, for_background)) {
@@ -148,29 +152,24 @@ static struct fuse_req *fuse_get_req(struct mnt_idmap *idmap,
 	if (for_background)
 		__set_bit(FR_BACKGROUND, &req->flags);
 
-	if ((fm->sb->s_iflags & SB_I_NOIDMAP) || idmap) {
-		kuid_t idmapped_fsuid;
-		kgid_t idmapped_fsgid;
+	/*
+	 * Keep the old behavior when idmappings support was not
+	 * declared by a FUSE server.
+	 *
+	 * For those FUSE servers who support idmapped mounts,
+	 * we send UID/GID only along with "inode creation"
+	 * fuse requests, otherwise idmap == &invalid_mnt_idmap and
+	 * req->in.h.{u,g}id will be equal to FUSE_INVALID_UIDGID.
+	 */
+	fsuid = no_idmap ? current_fsuid() : mapped_fsuid(idmap, fc->user_ns);
+	fsgid = no_idmap ? current_fsgid() : mapped_fsgid(idmap, fc->user_ns);
+	req->in.h.uid = from_kuid(fc->user_ns, fsuid);
+	req->in.h.gid = from_kgid(fc->user_ns, fsgid);
 
-		/*
-		 * Note, that when
-		 * (fm->sb->s_iflags & SB_I_NOIDMAP) is true, then
-		 * (idmap == &nop_mnt_idmap) is always true and therefore,
-		 * mapped_fsuid(idmap, fc->user_ns) == current_fsuid().
-		 */
-		idmapped_fsuid = idmap ? mapped_fsuid(idmap, fc->user_ns) : current_fsuid();
-		idmapped_fsgid = idmap ? mapped_fsgid(idmap, fc->user_ns) : current_fsgid();
-		req->in.h.uid = from_kuid(fc->user_ns, idmapped_fsuid);
-		req->in.h.gid = from_kgid(fc->user_ns, idmapped_fsgid);
-
-		if (unlikely(req->in.h.uid == ((uid_t)-1) ||
-			     req->in.h.gid == ((gid_t)-1))) {
-			fuse_put_request(req);
-			return ERR_PTR(-EOVERFLOW);
-		}
-	} else {
-		req->in.h.uid = FUSE_INVALID_UIDGID;
-		req->in.h.gid = FUSE_INVALID_UIDGID;
+	if (no_idmap && unlikely(req->in.h.uid == ((uid_t)-1) ||
+				 req->in.h.gid == ((gid_t)-1))) {
+		fuse_put_request(req);
+		return ERR_PTR(-EOVERFLOW);
 	}
 
 	return req;
@@ -619,7 +618,7 @@ int fuse_simple_background(struct fuse_mount *fm, struct fuse_args *args,
 		__set_bit(FR_BACKGROUND, &req->flags);
 	} else {
 		WARN_ON(args->nocreds);
-		req = fuse_get_req(NULL, fm, true);
+		req = fuse_get_req(&invalid_mnt_idmap, fm, true);
 		if (IS_ERR(req))
 			return PTR_ERR(req);
 	}
@@ -641,7 +640,7 @@ static int fuse_simple_notify_reply(struct fuse_mount *fm,
 	struct fuse_req *req;
 	struct fuse_iqueue *fiq = &fm->fc->iq;
 
-	req = fuse_get_req(NULL, fm, false);
+	req = fuse_get_req(&invalid_mnt_idmap, fm, false);
 	if (IS_ERR(req))
 		return PTR_ERR(req);
 
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 491e112819be..54104dd48af7 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1093,7 +1093,7 @@ static int fuse_rename2(struct mnt_idmap *idmap, struct inode *olddir,
 		if (fc->no_rename2 || fc->minor < 23)
 			return -EINVAL;
 
-		err = fuse_rename_common((flags & RENAME_WHITEOUT) ? idmap : NULL,
+		err = fuse_rename_common((flags & RENAME_WHITEOUT) ? idmap : &invalid_mnt_idmap,
 					 olddir, oldent, newdir, newent, flags,
 					 FUSE_RENAME2,
 					 sizeof(struct fuse_rename2_in));
@@ -1102,7 +1102,7 @@ static int fuse_rename2(struct mnt_idmap *idmap, struct inode *olddir,
 			err = -EINVAL;
 		}
 	} else {
-		err = fuse_rename_common(NULL, olddir, oldent, newdir, newent, 0,
+		err = fuse_rename_common(&invalid_mnt_idmap, olddir, oldent, newdir, newent, 0,
 					 FUSE_RENAME,
 					 sizeof(struct fuse_rename_in));
 	}
@@ -1127,7 +1127,7 @@ static int fuse_link(struct dentry *entry, struct inode *newdir,
 	args.in_args[0].value = &inarg;
 	args.in_args[1].size = newent->d_name.len + 1;
 	args.in_args[1].value = newent->d_name.name;
-	err = create_new_entry(NULL, fm, &args, newdir, newent, inode->i_mode);
+	err = create_new_entry(&invalid_mnt_idmap, fm, &args, newdir, newent, inode->i_mode);
 	if (!err)
 		fuse_update_ctime_in_cache(inode);
 	else if (err == -EINTR)
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index b2c7834f21b5..e6cc3d552b13 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -1153,7 +1153,7 @@ ssize_t __fuse_simple_request(struct mnt_idmap *idmap,
 
 static inline ssize_t fuse_simple_request(struct fuse_mount *fm, struct fuse_args *args)
 {
-	return __fuse_simple_request(NULL, fm, args);
+	return __fuse_simple_request(&invalid_mnt_idmap, fm, args);
 }
 
 static inline ssize_t fuse_simple_idmap_request(struct mnt_idmap *idmap,
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ