From mboxrd@z Thu Jan 1 00:00:00 1970 From: Deepa Dinamani Subject: [PATCH v3 2/5] vfs: Add checks for filesystem timestamp limits Date: Sat, 18 Feb 2017 15:30:05 -0800 Message-ID: <1487460608-15697-3-git-send-email-deepa.kernel@gmail.com> References: <1487460608-15697-1-git-send-email-deepa.kernel@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Cc: linux-fsdevel@vger.kernel.org, y2038@lists.linaro.org, linux-kernel@vger.kernel.org, arnd@arndb.de To: viro@zeniv.linux.org.uk, tytso@mit.edu, adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org Return-path: In-Reply-To: <1487460608-15697-1-git-send-email-deepa.kernel@gmail.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: y2038-bounces@lists.linaro.org Sender: "Y2038" List-Id: linux-ext4.vger.kernel.org QWxsb3cgcmVhZCBvbmx5IG1vdW50cyBmb3IgZmlsZXN5c3RlbXMgdGhhdCBkbyBub3QKaGF2ZSBt YXhpbXVtIHRpbWVzdGFtcHMgYmV5b25kIHRoZSB5MjAzOCBleHBpcnkKdGltZXN0YW1wLgoKQWxz bywgYWxsb3cgYSBzeXNjdGwgb3ZlcnJpZGUgdG8gYWxsIHN1Y2ggZmlsZXN5c3RlbXMKdG8gYmUg bW91bnRlZCB3aXRoIHdyaXRlIHBlcm1pc3Npb25zLgpBIGJvb3QgcGFyYW0gc3VwcG9ydHMgaW5p dGlhbCBvdmVycmlkZSBvZiB0aGVzZQpjaGVja3MgZnJvbSB0aGUgZWFybHkgYm9vdCB3aXRob3V0 IHJlY29tcGlsYXRpb24uCgpTdWdnZXN0ZWQtYnk6IEFybmQgQmVyZ21hbm4gPGFybmRAYXJuZGIu ZGU+ClNpZ25lZC1vZmYtYnk6IERlZXBhIERpbmFtYW5pIDxkZWVwYS5rZXJuZWxAZ21haWwuY29t PgotLS0KIGZzL2lub2RlLmMgICAgICAgICAgICAgIHwgMTMgKysrKysrKysrKysrKwogZnMvaW50 ZXJuYWwuaCAgICAgICAgICAgfCAgMiArKwogZnMvbmFtZXNwYWNlLmMgICAgICAgICAgfCAxMiAr KysrKysrKysrKysKIGZzL3N1cGVyLmMgICAgICAgICAgICAgIHwgIDcgKysrKysrKwogaW5jbHVk ZS9saW51eC9mcy5oICAgICAgfCAgMSArCiBpbmNsdWRlL2xpbnV4L3RpbWU2NC5oICB8ICA0ICsr KysKIGluY2x1ZGUvdWFwaS9saW51eC9mcy5oIHwgIDYgKysrKystCiBrZXJuZWwvc3lzY3RsLmMg ICAgICAgICB8ICA3ICsrKysrKysKIDggZmlsZXMgY2hhbmdlZCwgNTEgaW5zZXJ0aW9ucygrKSwg MSBkZWxldGlvbigtKQoKZGlmZiAtLWdpdCBhL2ZzL2lub2RlLmMgYi9mcy9pbm9kZS5jCmluZGV4 IDBiM2VlODkuLjA1NzNhM2UgMTAwNjQ0Ci0tLSBhL2ZzL2lub2RlLmMKKysrIGIvZnMvaW5vZGUu YwpAQCAtNzUsNiArNzUsMTkgQEAgc3RhdGljIERFRklORV9QRVJfQ1BVKHVuc2lnbmVkIGxvbmcs IG5yX3VudXNlZCk7CiAKIHN0YXRpYyBzdHJ1Y3Qga21lbV9jYWNoZSAqaW5vZGVfY2FjaGVwIF9f cmVhZF9tb3N0bHk7CiAKK3N0cnVjdCB2ZnNfbWF4X3RpbWVzdGFtcF9jaGVjayB0aW1lc3RhbXBf Y2hlY2sgPSB7CisJLnRpbWVzdGFtcF9zdXBwb3J0ZWQgPSBZMjAzOF9FWFBJUllfVElNRVNUQU1Q LAorCS5jaGVja19vbiA9IDAsCit9OworCitzdGF0aWMgaW50IF9faW5pdCBzZXR1cF90aW1lc3Rh bXBfY2hlY2soY2hhciAqc3RyKQoreworCXRpbWVzdGFtcF9jaGVjay5jaGVja19vbiA9IDE7Cisg ICAgcmV0dXJuIDA7Cit9CisKK2Vhcmx5X3BhcmFtKCJmc3RpbWVzdGFtcGNoZWNrIiwgc2V0dXBf dGltZXN0YW1wX2NoZWNrKTsKKwogc3RhdGljIGxvbmcgZ2V0X25yX2lub2Rlcyh2b2lkKQogewog CWludCBpOwpkaWZmIC0tZ2l0IGEvZnMvaW50ZXJuYWwuaCBiL2ZzL2ludGVybmFsLmgKaW5kZXgg MTFjNmQ4OS4uNGIzY2I5ZSAxMDA2NDQKLS0tIGEvZnMvaW50ZXJuYWwuaAorKysgYi9mcy9pbnRl cm5hbC5oCkBAIC02Nyw2ICs2Nyw4IEBAIGV4dGVybiBpbnQgZmluaXNoX2F1dG9tb3VudChzdHJ1 Y3QgdmZzbW91bnQgKiwgc3RydWN0IHBhdGggKik7CiAKIGV4dGVybiBpbnQgc2JfcHJlcGFyZV9y ZW1vdW50X3JlYWRvbmx5KHN0cnVjdCBzdXBlcl9ibG9jayAqKTsKIAorZXh0ZXJuIGJvb2wgc2Jf ZmlsZV90aW1lc191cGRhdGFibGUoc3RydWN0IHN1cGVyX2Jsb2NrICpzYik7CisKIGV4dGVybiB2 b2lkIF9faW5pdCBtbnRfaW5pdCh2b2lkKTsKIAogZXh0ZXJuIGludCBfX21udF93YW50X3dyaXRl KHN0cnVjdCB2ZnNtb3VudCAqKTsKZGlmZiAtLWdpdCBhL2ZzL25hbWVzcGFjZS5jIGIvZnMvbmFt ZXNwYWNlLmMKaW5kZXggOGJmYWQ0Mi4uZGJmM2YxYyAxMDA2NDQKLS0tIGEvZnMvbmFtZXNwYWNl LmMKKysrIGIvZnMvbmFtZXNwYWNlLmMKQEAgLTUzOCw2ICs1MzgsMTggQEAgc3RhdGljIHZvaWQg X19tbnRfdW5tYWtlX3JlYWRvbmx5KHN0cnVjdCBtb3VudCAqbW50KQogCXVubG9ja19tb3VudF9o YXNoKCk7CiB9CiAKK2Jvb2wgc2JfZmlsZV90aW1lc191cGRhdGFibGUoc3RydWN0IHN1cGVyX2Js b2NrICpzYikKK3sKKworCWlmICghdGltZXN0YW1wX2NoZWNrLmNoZWNrX29uKQorCQlyZXR1cm4g dHJ1ZTsKKworCWlmIChzYi0+c190aW1lX21heCA+IHRpbWVzdGFtcF9jaGVjay50aW1lc3RhbXBf c3VwcG9ydGVkKQorCQlyZXR1cm4gdHJ1ZTsKKworCXJldHVybiBmYWxzZTsKK30KKwogaW50IHNi X3ByZXBhcmVfcmVtb3VudF9yZWFkb25seShzdHJ1Y3Qgc3VwZXJfYmxvY2sgKnNiKQogewogCXN0 cnVjdCBtb3VudCAqbW50OwpkaWZmIC0tZ2l0IGEvZnMvc3VwZXIuYyBiL2ZzL3N1cGVyLmMKaW5k ZXggZjljMjI0MS4uNGU3NTc3YiAxMDA2NDQKLS0tIGEvZnMvc3VwZXIuYworKysgYi9mcy9zdXBl ci5jCkBAIC0xMjQ1LDYgKzEyNDUsMTMgQEAgbW91bnRfZnMoc3RydWN0IGZpbGVfc3lzdGVtX3R5 cGUgKnR5cGUsIGludCBmbGFncywgY29uc3QgY2hhciAqbmFtZSwgdm9pZCAqZGF0YSkKIAlXQVJO KChzYi0+c19tYXhieXRlcyA8IDApLCAiJXMgc2V0IHNiLT5zX21heGJ5dGVzIHRvICIKIAkJIm5l Z2F0aXZlIHZhbHVlICglbGxkKVxuIiwgdHlwZS0+bmFtZSwgc2ItPnNfbWF4Ynl0ZXMpOwogCisJ aWYgKCEoc2ItPnNfZmxhZ3MgJiBNU19SRE9OTFkpICYmICFzYl9maWxlX3RpbWVzX3VwZGF0YWJs ZShzYikpIHsKKwkJV0FSTigxLCAiRmlsZSB0aW1lcyBjYW5ub3QgYmUgdXBkYXRlZCBvbiB0aGUg ZmlsZXN5c3RlbS5cbiIpOworCQlXQVJOKDEsICJSZXRyeSBtb3VudGluZyB0aGUgZmlsZXN5c3Rl bSByZWFkb25seS5cbiIpOworCQllcnJvciA9IC1FUk9GUzsKKwkJZ290byBvdXRfc2I7CisJfQor CiAJdXBfd3JpdGUoJnNiLT5zX3Vtb3VudCk7CiAJZnJlZV9zZWNkYXRhKHNlY2RhdGEpOwogCXJl dHVybiByb290OwpkaWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9mcy5oIGIvaW5jbHVkZS9saW51 eC9mcy5oCmluZGV4IGVmNTVkZmIuLmUxMmEzMmQgMTAwNjQ0Ci0tLSBhL2luY2x1ZGUvbGludXgv ZnMuaAorKysgYi9pbmNsdWRlL2xpbnV4L2ZzLmgKQEAgLTY4LDYgKzY4LDcgQEAgZXh0ZXJuIHN0 cnVjdCBpbm9kZXNfc3RhdF90IGlub2Rlc19zdGF0OwogZXh0ZXJuIGludCBsZWFzZXNfZW5hYmxl LCBsZWFzZV9icmVha190aW1lOwogZXh0ZXJuIGludCBzeXNjdGxfcHJvdGVjdGVkX3N5bWxpbmtz OwogZXh0ZXJuIGludCBzeXNjdGxfcHJvdGVjdGVkX2hhcmRsaW5rczsKK2V4dGVybiBzdHJ1Y3Qg dmZzX21heF90aW1lc3RhbXBfY2hlY2sgdGltZXN0YW1wX2NoZWNrOwogCiBzdHJ1Y3QgYnVmZmVy X2hlYWQ7CiB0eXBlZGVmIGludCAoZ2V0X2Jsb2NrX3QpKHN0cnVjdCBpbm9kZSAqaW5vZGUsIHNl Y3Rvcl90IGlibG9jaywKZGlmZiAtLWdpdCBhL2luY2x1ZGUvbGludXgvdGltZTY0LmggYi9pbmNs dWRlL2xpbnV4L3RpbWU2NC5oCmluZGV4IDI1NDMzYjE4Li45MDZlMGIzIDEwMDY0NAotLS0gYS9p bmNsdWRlL2xpbnV4L3RpbWU2NC5oCisrKyBiL2luY2x1ZGUvbGludXgvdGltZTY0LmgKQEAgLTQz LDYgKzQzLDEwIEBAIHN0cnVjdCBpdGltZXJzcGVjNjQgewogI2RlZmluZSBLVElNRV9NQVgJCQko KHM2NCl+KCh1NjQpMSA8PCA2MykpCiAjZGVmaW5lIEtUSU1FX1NFQ19NQVgJCQkoS1RJTUVfTUFY IC8gTlNFQ19QRVJfU0VDKQogCisvKiBUaW1lc3RhbXBzIG9uIGJvdW5kYXJ5ICovCisjZGVmaW5l IFkyMDM4X0VYUElSWV9USU1FU1RBTVAJCVMzMl9NQVggLyogMjE0NzQ4MzY0NyAqLworI2RlZmlu ZSBZMjEwNl9FWFBJUllfVElNRVNUQU1QCQlVMzJfTUFYIC8qIDQyOTQ5NjcyOTUgKi8KKwogI2lm IF9fQklUU19QRVJfTE9ORyA9PSA2NAogCiBzdGF0aWMgaW5saW5lIHN0cnVjdCB0aW1lc3BlYyB0 aW1lc3BlYzY0X3RvX3RpbWVzcGVjKGNvbnN0IHN0cnVjdCB0aW1lc3BlYzY0IHRzNjQpCmRpZmYg LS1naXQgYS9pbmNsdWRlL3VhcGkvbGludXgvZnMuaCBiL2luY2x1ZGUvdWFwaS9saW51eC9mcy5o CmluZGV4IDA0OGE4NWUuLjEyNWU0YWUgMTAwNjQ0Ci0tLSBhL2luY2x1ZGUvdWFwaS9saW51eC9m cy5oCisrKyBiL2luY2x1ZGUvdWFwaS9saW51eC9mcy5oCkBAIC05MSw2ICs5MSwxMSBAQCBzdHJ1 Y3QgZmlsZXNfc3RhdF9zdHJ1Y3QgewogCXVuc2lnbmVkIGxvbmcgbWF4X2ZpbGVzOwkJLyogdHVu YWJsZSAqLwogfTsKIAorc3RydWN0IHZmc19tYXhfdGltZXN0YW1wX2NoZWNrIHsKKwl0aW1lNjRf dCB0aW1lc3RhbXBfc3VwcG9ydGVkOworCWludCBjaGVja19vbjsKK307CisKIHN0cnVjdCBpbm9k ZXNfc3RhdF90IHsKIAlsb25nIG5yX2lub2RlczsKIAlsb25nIG5yX3VudXNlZDsKQEAgLTEwMCw3 ICsxMDUsNiBAQCBzdHJ1Y3QgaW5vZGVzX3N0YXRfdCB7CiAKICNkZWZpbmUgTlJfRklMRSAgODE5 MgkvKiB0aGlzIGNhbiB3ZWxsIGJlIGxhcmdlciBvbiBhIGxhcmdlciBzeXN0ZW0gKi8KIAotCiAv KgogICogVGhlc2UgYXJlIHRoZSBmcy1pbmRlcGVuZGVudCBtb3VudC1mbGFnczogdXAgdG8gMzIg ZmxhZ3MgYXJlIHN1cHBvcnRlZAogICovCmRpZmYgLS1naXQgYS9rZXJuZWwvc3lzY3RsLmMgYi9r ZXJuZWwvc3lzY3RsLmMKaW5kZXggYmIyNjBjZS4uZWRhNjBkOSAxMDA2NDQKLS0tIGEva2VybmVs L3N5c2N0bC5jCisrKyBiL2tlcm5lbC9zeXNjdGwuYwpAQCAtMTY2Nyw2ICsxNjY3LDEzIEBAIHN0 YXRpYyBzdHJ1Y3QgY3RsX3RhYmxlIGZzX3RhYmxlW10gPSB7CiAJCS5wcm9jX2hhbmRsZXIJPSBw cm9jX2RvdWxvbmd2ZWNfbWlubWF4LAogCX0sCiAJeworCQkucHJvY25hbWUJPSAiZnMtdGltZXN0 YW1wLWNoZWNrLW9uIiwKKwkJLmRhdGEJCT0gJnRpbWVzdGFtcF9jaGVjay5jaGVja19vbiwKKwkJ Lm1heGxlbgkJPSBzaXplb2YoaW50KSwKKwkJLm1vZGUJCT0gMDY0NCwKKwkJLnByb2NfaGFuZGxl cgk9IHByb2NfZG9pbnR2ZWMsCisJfSwKKwl7CiAJCS5wcm9jbmFtZQk9ICJucl9vcGVuIiwKIAkJ LmRhdGEJCT0gJnN5c2N0bF9ucl9vcGVuLAogCQkubWF4bGVuCQk9IHNpemVvZih1bnNpZ25lZCBp bnQpLAotLSAKMi43LjQKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fClkyMDM4IG1haWxpbmcgbGlzdApZMjAzOEBsaXN0cy5saW5hcm8ub3JnCmh0dHBzOi8v bGlzdHMubGluYXJvLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3kyMDM4Cg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-f68.google.com ([74.125.83.68]:34071 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750816AbdBRXbJ (ORCPT ); Sat, 18 Feb 2017 18:31:09 -0500 From: Deepa Dinamani To: viro@zeniv.linux.org.uk, tytso@mit.edu, adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, arnd@arndb.de, y2038@lists.linaro.org Subject: [PATCH v3 2/5] vfs: Add checks for filesystem timestamp limits Date: Sat, 18 Feb 2017 15:30:05 -0800 Message-Id: <1487460608-15697-3-git-send-email-deepa.kernel@gmail.com> In-Reply-To: <1487460608-15697-1-git-send-email-deepa.kernel@gmail.com> References: <1487460608-15697-1-git-send-email-deepa.kernel@gmail.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Allow read only mounts for filesystems that do not have maximum timestamps beyond the y2038 expiry timestamp. Also, allow a sysctl override to all such filesystems to be mounted with write permissions. A boot param supports initial override of these checks from the early boot without recompilation. Suggested-by: Arnd Bergmann Signed-off-by: Deepa Dinamani --- fs/inode.c | 13 +++++++++++++ fs/internal.h | 2 ++ fs/namespace.c | 12 ++++++++++++ fs/super.c | 7 +++++++ include/linux/fs.h | 1 + include/linux/time64.h | 4 ++++ include/uapi/linux/fs.h | 6 +++++- kernel/sysctl.c | 7 +++++++ 8 files changed, 51 insertions(+), 1 deletion(-) diff --git a/fs/inode.c b/fs/inode.c index 0b3ee89..0573a3e 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -75,6 +75,19 @@ static DEFINE_PER_CPU(unsigned long, nr_unused); static struct kmem_cache *inode_cachep __read_mostly; +struct vfs_max_timestamp_check timestamp_check = { + .timestamp_supported = Y2038_EXPIRY_TIMESTAMP, + .check_on = 0, +}; + +static int __init setup_timestamp_check(char *str) +{ + timestamp_check.check_on = 1; + return 0; +} + +early_param("fstimestampcheck", setup_timestamp_check); + static long get_nr_inodes(void) { int i; diff --git a/fs/internal.h b/fs/internal.h index 11c6d89..4b3cb9e 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -67,6 +67,8 @@ extern int finish_automount(struct vfsmount *, struct path *); extern int sb_prepare_remount_readonly(struct super_block *); +extern bool sb_file_times_updatable(struct super_block *sb); + extern void __init mnt_init(void); extern int __mnt_want_write(struct vfsmount *); diff --git a/fs/namespace.c b/fs/namespace.c index 8bfad42..dbf3f1c 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -538,6 +538,18 @@ static void __mnt_unmake_readonly(struct mount *mnt) unlock_mount_hash(); } +bool sb_file_times_updatable(struct super_block *sb) +{ + + if (!timestamp_check.check_on) + return true; + + if (sb->s_time_max > timestamp_check.timestamp_supported) + return true; + + return false; +} + int sb_prepare_remount_readonly(struct super_block *sb) { struct mount *mnt; diff --git a/fs/super.c b/fs/super.c index f9c2241..4e7577b 100644 --- a/fs/super.c +++ b/fs/super.c @@ -1245,6 +1245,13 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data) WARN((sb->s_maxbytes < 0), "%s set sb->s_maxbytes to " "negative value (%lld)\n", type->name, sb->s_maxbytes); + if (!(sb->s_flags & MS_RDONLY) && !sb_file_times_updatable(sb)) { + WARN(1, "File times cannot be updated on the filesystem.\n"); + WARN(1, "Retry mounting the filesystem readonly.\n"); + error = -EROFS; + goto out_sb; + } + up_write(&sb->s_umount); free_secdata(secdata); return root; diff --git a/include/linux/fs.h b/include/linux/fs.h index ef55dfb..e12a32d 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -68,6 +68,7 @@ extern struct inodes_stat_t inodes_stat; extern int leases_enable, lease_break_time; extern int sysctl_protected_symlinks; extern int sysctl_protected_hardlinks; +extern struct vfs_max_timestamp_check timestamp_check; struct buffer_head; typedef int (get_block_t)(struct inode *inode, sector_t iblock, diff --git a/include/linux/time64.h b/include/linux/time64.h index 25433b18..906e0b3 100644 --- a/include/linux/time64.h +++ b/include/linux/time64.h @@ -43,6 +43,10 @@ struct itimerspec64 { #define KTIME_MAX ((s64)~((u64)1 << 63)) #define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC) +/* Timestamps on boundary */ +#define Y2038_EXPIRY_TIMESTAMP S32_MAX /* 2147483647 */ +#define Y2106_EXPIRY_TIMESTAMP U32_MAX /* 4294967295 */ + #if __BITS_PER_LONG == 64 static inline struct timespec timespec64_to_timespec(const struct timespec64 ts64) diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index 048a85e..125e4ae 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -91,6 +91,11 @@ struct files_stat_struct { unsigned long max_files; /* tunable */ }; +struct vfs_max_timestamp_check { + time64_t timestamp_supported; + int check_on; +}; + struct inodes_stat_t { long nr_inodes; long nr_unused; @@ -100,7 +105,6 @@ struct inodes_stat_t { #define NR_FILE 8192 /* this can well be larger on a larger system */ - /* * These are the fs-independent mount-flags: up to 32 flags are supported */ diff --git a/kernel/sysctl.c b/kernel/sysctl.c index bb260ce..eda60d9 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1667,6 +1667,13 @@ static struct ctl_table fs_table[] = { .proc_handler = proc_doulongvec_minmax, }, { + .procname = "fs-timestamp-check-on", + .data = ×tamp_check.check_on, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, + { .procname = "nr_open", .data = &sysctl_nr_open, .maxlen = sizeof(unsigned int), -- 2.7.4