lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAOQ4uxj4kBULWFt53rqM_Q-pfR8dWyMyraUWjHxo=0C09_XMkA@mail.gmail.com>
Date: Mon, 4 Nov 2024 22:44:17 +0100
From: Amir Goldstein <amir73il@...il.com>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Stefan Berger <stefanb@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, 
	Stefan Berger <stefanb@...ux.ibm.com>, Tyler Hicks <code@...icks.com>, ecryptfs@...r.kernel.org, 
	Miklos Szeredi <miklos@...redi.hu>, linux-unionfs@...r.kernel.org, 
	Christian Brauner <brauner@...nel.org>, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] fs: Simplify getattr interface function checking
 AT_GETATTR_NOSEC flag

On Fri, Nov 1, 2024 at 10:30 PM Al Viro <viro@...iv.linux.org.uk> wrote:
>
> On Fri, Nov 01, 2024 at 03:37:03PM -0400, Stefan Berger wrote:
> > From: Stefan Berger <stefanb@...ux.ibm.com>
> >
> > Commit 8a924db2d7b5 ("fs: Pass AT_GETATTR_NOSEC flag to getattr interface
> > function")' introduced the AT_GETATTR_NOSEC flag to ensure that the
> > call paths only call vfs_getattr_nosec if it is set instead of vfs_getattr.
> > Now, simplify the getattr interface functions of filesystems where the flag
> > AT_GETATTR_NOSEC is checked.
> >
> > There is only a single caller of inode_operations getattr function and it
> > is located in fs/stat.c in vfs_getattr_nosec. The caller there is the only
> > one from which the AT_GETATTR_NOSEC flag is passed from.
> >
> > Two filesystems are checking this flag in .getattr and the flag is always
> > passed to them unconditionally from only vfs_getattr_nosec:
> >
> > - ecryptfs:  Simplify by always calling vfs_getattr_nosec in
> >              ecryptfs_getattr. From there the flag is passed to no other
> >              function and this function is not called otherwise.
> >
> > - overlayfs: Simplify by always calling vfs_getattr_nosec in
> >              ovl_getattr. From there the flag is passed to no other
> >              function and this function is not called otherwise.
> >
> > The query_flags in vfs_getattr_nosec will mask-out AT_GETATTR_NOSEC from
> > any caller using AT_STATX_SYNC_TYPE as mask so that the flag is not
> > important inside this function. Also, since no filesystem is checking the
> > flag anymore, remove the flag entirely now, including the BUG_ON check that
> > never triggered.
> >
> > The net change of the changes here combined with the originan commit is
> > that ecryptfs and overlayfs do not call vfs_getattr but only
> > vfs_getattr_nosec.
> >
> > Fixes: 8a924db2d7b5 ("fs: Pass AT_GETATTR_NOSEC flag to getattr interface function")
> > Reported-by: Al Viro <viro@...iv.linux.org.uk>
> > Closes: https://lore.kernel.org/linux-fsdevel/20241101011724.GN1350452@ZenIV/T/#u
> > Cc: Tyler Hicks <code@...icks.com>
> > Cc: ecryptfs@...r.kernel.org
> > Cc: Miklos Szeredi <miklos@...redi.hu>
> > Cc: Amir Goldstein <amir73il@...il.com>
> > Cc: linux-unionfs@...r.kernel.org
> > Cc: Christian Brauner <brauner@...nel.org>
> > Cc: linux-fsdevel@...r.kernel.org
> > Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
>
> Applied (viro/vfs.git#work.statx2)

Acked-by: Amir Goldstein <amir73il@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ