| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aimijj4mxtklldc3w6xpuwaaneoa7ekv5cnjj7rva3xmzoslgx@x4cwlmwb7dpm>
Date: Thu, 3 Jul 2025 17:45:48 -0500
From: John Groves <John@...ves.net>
To: Dan Williams <dan.j.williams@...el.com>,
Miklos Szeredi <miklos@...redi.hu>, Bernd Schubert <bschubert@....com>
Cc: John Groves <jgroves@...ron.com>, Jonathan Corbet <corbet@....net>,
Vishal Verma <vishal.l.verma@...el.com>, Dave Jiang <dave.jiang@...el.com>,
Matthew Wilcox <willy@...radead.org>, Jan Kara <jack@...e.cz>,
Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>,
"Darrick J . Wong" <djwong@...nel.org>, Randy Dunlap <rdunlap@...radead.org>,
Jeff Layton <jlayton@...nel.org>, Kent Overstreet <kent.overstreet@...ux.dev>,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, nvdimm@...ts.linux.dev,
linux-cxl@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Amir Goldstein <amir73il@...il.com>, Jonathan Cameron <Jonathan.Cameron@...wei.com>,
Stefan Hajnoczi <shajnocz@...hat.com>, Joanne Koong <joannelkoong@...il.com>,
Josef Bacik <josef@...icpanda.com>, Aravind Ramesh <arramesh@...ron.com>,
Ajay Joshi <ajayjoshi@...ron.com>
Subject: Re: [RFC V2 10/18] famfs_fuse: Basic fuse kernel ABI enablement for
famfs
On 25/07/03 01:50PM, John Groves wrote:
> * FUSE_DAX_FMAP flag in INIT request/reply
>
> * fuse_conn->famfs_iomap (enable famfs-mapped files) to denote a
> famfs-enabled connection
>
> Signed-off-by: John Groves <john@...ves.net>
> ---
> fs/fuse/fuse_i.h | 3 +++
> fs/fuse/inode.c | 14 ++++++++++++++
> include/uapi/linux/fuse.h | 4 ++++
> 3 files changed, 21 insertions(+)
>
> diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
> index 9d87ac48d724..a592c1002861 100644
> --- a/fs/fuse/fuse_i.h
> +++ b/fs/fuse/fuse_i.h
> @@ -873,6 +873,9 @@ struct fuse_conn {
> /* Use io_uring for communication */
> unsigned int io_uring;
>
> + /* dev_dax_iomap support for famfs */
> + unsigned int famfs_iomap:1;
> +
> /** Maximum stack depth for passthrough backing files */
> int max_stack_depth;
>
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 29147657a99f..e48e11c3f9f3 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -1392,6 +1392,18 @@ static void process_init_reply(struct fuse_mount *fm, struct fuse_args *args,
> }
> if (flags & FUSE_OVER_IO_URING && fuse_uring_enabled())
> fc->io_uring = 1;
> + if (IS_ENABLED(CONFIG_FUSE_FAMFS_DAX) &&
> + flags & FUSE_DAX_FMAP) {
> + /* XXX: Should also check that fuse server
> + * has CAP_SYS_RAWIO and/or CAP_SYS_ADMIN,
> + * since it is directing the kernel to access
> + * dax memory directly - but this function
> + * appears not to be called in fuse server
> + * process context (b/c even if it drops
> + * those capabilities, they are held here).
> + */
> + fc->famfs_iomap = 1;
I think there should be a check here that the fuse server is
capable(CAP_SYS_RAWIO) (or maybe CAP_SYS_ADMIN), but this function doesn't
run in fuse server context. A famfs fuse server is providing fmaps, which
map files to devdax memory, which should not be an unprivileged operation.
1) Does fs/fuse already store the capabilities of the fuse server?
2) If not, where do you suggest I do that, and where do you suggest I store
that info? The only dead-obvious place (to me) that fs/fuse runs in server
context is in fuse_dev_open(), but it doesn't store anything...
@Miklos, I'd appreciate your advice here.
Thanks!
John
Powered by blists - more mailing lists