From mboxrd@z Thu Jan 1 00:00:00 1970 From: Deepa Dinamani Subject: [PATCH v4 2/5] vfs: Add checks for filesystem timestamp limits Date: Fri, 24 Feb 2017 17:41:00 -0800 Message-ID: <1487986863-6005-3-git-send-email-deepa.kernel@gmail.com> References: <1487986863-6005-1-git-send-email-deepa.kernel@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Cc: linux-fsdevel@vger.kernel.org, y2038@lists.linaro.org, linux-kernel@vger.kernel.org, arnd@arndb.de To: viro@zeniv.linux.org.uk, tytso@mit.edu, adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org Return-path: In-Reply-To: <1487986863-6005-1-git-send-email-deepa.kernel@gmail.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: y2038-bounces@lists.linaro.org Sender: "Y2038" List-Id: linux-ext4.vger.kernel.org QWxsb3cgcmVhZCBvbmx5IG1vdW50cyBmb3IgZmlsZXN5c3RlbXMgdGhhdCBkbyBub3QKaGF2ZSBt YXhpbXVtIHRpbWVzdGFtcHMgYmV5b25kIHRoZSB5MjAzOCBleHBpcnkKdGltZXN0YW1wLgoKQWxz bywgYWxsb3cgYSBzeXNjdGwgb3ZlcnJpZGUgdG8gYWxsIHN1Y2ggZmlsZXN5c3RlbXMKdG8gYmUg bW91bnRlZCB3aXRoIHdyaXRlIHBlcm1pc3Npb25zLgpBIGJvb3QgcGFyYW0gc3VwcG9ydHMgaW5p dGlhbCBvdmVycmlkZSBvZiB0aGVzZQpjaGVja3MgZnJvbSB0aGUgZWFybHkgYm9vdCB3aXRob3V0 IHJlY29tcGlsYXRpb24uCgpTdWdnZXN0ZWQtYnk6IEFybmQgQmVyZ21hbm4gPGFybmRAYXJuZGIu ZGU+ClNpZ25lZC1vZmYtYnk6IERlZXBhIERpbmFtYW5pIDxkZWVwYS5rZXJuZWxAZ21haWwuY29t PgotLS0KIGZzL2lub2RlLmMgICAgICAgICAgICAgIHwgMTUgKysrKysrKysrKysrKysrCiBmcy9p bnRlcm5hbC5oICAgICAgICAgICB8ICAyICsrCiBmcy9uYW1lc3BhY2UuYyAgICAgICAgICB8IDEy ICsrKysrKysrKysrKwogZnMvc3VwZXIuYyAgICAgICAgICAgICAgfCAgNyArKysrKysrCiBpbmNs dWRlL2xpbnV4L2ZzLmggICAgICB8ICAxICsKIGluY2x1ZGUvbGludXgvdGltZTY0LmggIHwgIDQg KysrKwogaW5jbHVkZS91YXBpL2xpbnV4L2ZzLmggfCAgNiArKysrKy0KIGtlcm5lbC9zeXNjdGwu YyAgICAgICAgIHwgIDcgKysrKysrKwogOCBmaWxlcyBjaGFuZ2VkLCA1MyBpbnNlcnRpb25zKCsp LCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvZnMvaW5vZGUuYyBiL2ZzL2lub2RlLmMKaW5k ZXggMGIzZWU4OS4uNzk2N2Y5YyAxMDA2NDQKLS0tIGEvZnMvaW5vZGUuYworKysgYi9mcy9pbm9k ZS5jCkBAIC03NSw2ICs3NSwyMSBAQCBzdGF0aWMgREVGSU5FX1BFUl9DUFUodW5zaWduZWQgbG9u ZywgbnJfdW51c2VkKTsKIAogc3RhdGljIHN0cnVjdCBrbWVtX2NhY2hlICppbm9kZV9jYWNoZXAg X19yZWFkX21vc3RseTsKIAorc3RydWN0IHZmc19tYXhfdGltZXN0YW1wX2NoZWNrIHRpbWVzdGFt cF9jaGVjayA9IHsKKwkudGltZXN0YW1wX3N1cHBvcnRlZCA9IFkyMDM4X0VYUElSWV9USU1FU1RB TVAsCisJLmNoZWNrX29uID0gMCwKK307CisKK3N0YXRpYyBpbnQgX19pbml0IHNldHVwX3RpbWVz dGFtcF9jaGVjayhjaGFyICpzdHIpCit7CisJaWYgKCpzdHIpCisJCXJldHVybiAwOworCXRpbWVz dGFtcF9jaGVjay5jaGVja19vbiA9IDE7CisJcmV0dXJuIDE7Cit9CisKK19fc2V0dXAoImZzdGlt ZXN0YW1wY2hlY2siLCBzZXR1cF90aW1lc3RhbXBfY2hlY2spOworCiBzdGF0aWMgbG9uZyBnZXRf bnJfaW5vZGVzKHZvaWQpCiB7CiAJaW50IGk7CmRpZmYgLS1naXQgYS9mcy9pbnRlcm5hbC5oIGIv ZnMvaW50ZXJuYWwuaAppbmRleCAxMWM2ZDg5Li40YjNjYjllIDEwMDY0NAotLS0gYS9mcy9pbnRl cm5hbC5oCisrKyBiL2ZzL2ludGVybmFsLmgKQEAgLTY3LDYgKzY3LDggQEAgZXh0ZXJuIGludCBm aW5pc2hfYXV0b21vdW50KHN0cnVjdCB2ZnNtb3VudCAqLCBzdHJ1Y3QgcGF0aCAqKTsKIAogZXh0 ZXJuIGludCBzYl9wcmVwYXJlX3JlbW91bnRfcmVhZG9ubHkoc3RydWN0IHN1cGVyX2Jsb2NrICop OwogCitleHRlcm4gYm9vbCBzYl9maWxlX3RpbWVzX3VwZGF0YWJsZShzdHJ1Y3Qgc3VwZXJfYmxv Y2sgKnNiKTsKKwogZXh0ZXJuIHZvaWQgX19pbml0IG1udF9pbml0KHZvaWQpOwogCiBleHRlcm4g aW50IF9fbW50X3dhbnRfd3JpdGUoc3RydWN0IHZmc21vdW50ICopOwpkaWZmIC0tZ2l0IGEvZnMv bmFtZXNwYWNlLmMgYi9mcy9uYW1lc3BhY2UuYwppbmRleCA4YmZhZDQyLi5kYmYzZjFjIDEwMDY0 NAotLS0gYS9mcy9uYW1lc3BhY2UuYworKysgYi9mcy9uYW1lc3BhY2UuYwpAQCAtNTM4LDYgKzUz OCwxOCBAQCBzdGF0aWMgdm9pZCBfX21udF91bm1ha2VfcmVhZG9ubHkoc3RydWN0IG1vdW50ICpt bnQpCiAJdW5sb2NrX21vdW50X2hhc2goKTsKIH0KIAorYm9vbCBzYl9maWxlX3RpbWVzX3VwZGF0 YWJsZShzdHJ1Y3Qgc3VwZXJfYmxvY2sgKnNiKQoreworCisJaWYgKCF0aW1lc3RhbXBfY2hlY2su Y2hlY2tfb24pCisJCXJldHVybiB0cnVlOworCisJaWYgKHNiLT5zX3RpbWVfbWF4ID4gdGltZXN0 YW1wX2NoZWNrLnRpbWVzdGFtcF9zdXBwb3J0ZWQpCisJCXJldHVybiB0cnVlOworCisJcmV0dXJu IGZhbHNlOworfQorCiBpbnQgc2JfcHJlcGFyZV9yZW1vdW50X3JlYWRvbmx5KHN0cnVjdCBzdXBl cl9ibG9jayAqc2IpCiB7CiAJc3RydWN0IG1vdW50ICptbnQ7CmRpZmYgLS1naXQgYS9mcy9zdXBl ci5jIGIvZnMvc3VwZXIuYwppbmRleCBmOWMyMjQxLi40ZTc1NzdiIDEwMDY0NAotLS0gYS9mcy9z dXBlci5jCisrKyBiL2ZzL3N1cGVyLmMKQEAgLTEyNDUsNiArMTI0NSwxMyBAQCBtb3VudF9mcyhz dHJ1Y3QgZmlsZV9zeXN0ZW1fdHlwZSAqdHlwZSwgaW50IGZsYWdzLCBjb25zdCBjaGFyICpuYW1l LCB2b2lkICpkYXRhKQogCVdBUk4oKHNiLT5zX21heGJ5dGVzIDwgMCksICIlcyBzZXQgc2ItPnNf bWF4Ynl0ZXMgdG8gIgogCQkibmVnYXRpdmUgdmFsdWUgKCVsbGQpXG4iLCB0eXBlLT5uYW1lLCBz Yi0+c19tYXhieXRlcyk7CiAKKwlpZiAoIShzYi0+c19mbGFncyAmIE1TX1JET05MWSkgJiYgIXNi X2ZpbGVfdGltZXNfdXBkYXRhYmxlKHNiKSkgeworCQlXQVJOKDEsICJGaWxlIHRpbWVzIGNhbm5v dCBiZSB1cGRhdGVkIG9uIHRoZSBmaWxlc3lzdGVtLlxuIik7CisJCVdBUk4oMSwgIlJldHJ5IG1v dW50aW5nIHRoZSBmaWxlc3lzdGVtIHJlYWRvbmx5LlxuIik7CisJCWVycm9yID0gLUVST0ZTOwor CQlnb3RvIG91dF9zYjsKKwl9CisKIAl1cF93cml0ZSgmc2ItPnNfdW1vdW50KTsKIAlmcmVlX3Nl Y2RhdGEoc2VjZGF0YSk7CiAJcmV0dXJuIHJvb3Q7CmRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4 L2ZzLmggYi9pbmNsdWRlL2xpbnV4L2ZzLmgKaW5kZXggZWY1NWRmYi4uZTEyYTMyZCAxMDA2NDQK LS0tIGEvaW5jbHVkZS9saW51eC9mcy5oCisrKyBiL2luY2x1ZGUvbGludXgvZnMuaApAQCAtNjgs NiArNjgsNyBAQCBleHRlcm4gc3RydWN0IGlub2Rlc19zdGF0X3QgaW5vZGVzX3N0YXQ7CiBleHRl cm4gaW50IGxlYXNlc19lbmFibGUsIGxlYXNlX2JyZWFrX3RpbWU7CiBleHRlcm4gaW50IHN5c2N0 bF9wcm90ZWN0ZWRfc3ltbGlua3M7CiBleHRlcm4gaW50IHN5c2N0bF9wcm90ZWN0ZWRfaGFyZGxp bmtzOworZXh0ZXJuIHN0cnVjdCB2ZnNfbWF4X3RpbWVzdGFtcF9jaGVjayB0aW1lc3RhbXBfY2hl Y2s7CiAKIHN0cnVjdCBidWZmZXJfaGVhZDsKIHR5cGVkZWYgaW50IChnZXRfYmxvY2tfdCkoc3Ry dWN0IGlub2RlICppbm9kZSwgc2VjdG9yX3QgaWJsb2NrLApkaWZmIC0tZ2l0IGEvaW5jbHVkZS9s aW51eC90aW1lNjQuaCBiL2luY2x1ZGUvbGludXgvdGltZTY0LmgKaW5kZXggMjU0MzNiMTguLjkw NmUwYjMgMTAwNjQ0Ci0tLSBhL2luY2x1ZGUvbGludXgvdGltZTY0LmgKKysrIGIvaW5jbHVkZS9s aW51eC90aW1lNjQuaApAQCAtNDMsNiArNDMsMTAgQEAgc3RydWN0IGl0aW1lcnNwZWM2NCB7CiAj ZGVmaW5lIEtUSU1FX01BWAkJCSgoczY0KX4oKHU2NCkxIDw8IDYzKSkKICNkZWZpbmUgS1RJTUVf U0VDX01BWAkJCShLVElNRV9NQVggLyBOU0VDX1BFUl9TRUMpCiAKKy8qIFRpbWVzdGFtcHMgb24g Ym91bmRhcnkgKi8KKyNkZWZpbmUgWTIwMzhfRVhQSVJZX1RJTUVTVEFNUAkJUzMyX01BWCAvKiAy MTQ3NDgzNjQ3ICovCisjZGVmaW5lIFkyMTA2X0VYUElSWV9USU1FU1RBTVAJCVUzMl9NQVggLyog NDI5NDk2NzI5NSAqLworCiAjaWYgX19CSVRTX1BFUl9MT05HID09IDY0CiAKIHN0YXRpYyBpbmxp bmUgc3RydWN0IHRpbWVzcGVjIHRpbWVzcGVjNjRfdG9fdGltZXNwZWMoY29uc3Qgc3RydWN0IHRp bWVzcGVjNjQgdHM2NCkKZGlmZiAtLWdpdCBhL2luY2x1ZGUvdWFwaS9saW51eC9mcy5oIGIvaW5j bHVkZS91YXBpL2xpbnV4L2ZzLmgKaW5kZXggMDQ4YTg1ZS4uMTI1ZTRhZSAxMDA2NDQKLS0tIGEv aW5jbHVkZS91YXBpL2xpbnV4L2ZzLmgKKysrIGIvaW5jbHVkZS91YXBpL2xpbnV4L2ZzLmgKQEAg LTkxLDYgKzkxLDExIEBAIHN0cnVjdCBmaWxlc19zdGF0X3N0cnVjdCB7CiAJdW5zaWduZWQgbG9u ZyBtYXhfZmlsZXM7CQkvKiB0dW5hYmxlICovCiB9OwogCitzdHJ1Y3QgdmZzX21heF90aW1lc3Rh bXBfY2hlY2sgeworCXRpbWU2NF90IHRpbWVzdGFtcF9zdXBwb3J0ZWQ7CisJaW50IGNoZWNrX29u OworfTsKKwogc3RydWN0IGlub2Rlc19zdGF0X3QgewogCWxvbmcgbnJfaW5vZGVzOwogCWxvbmcg bnJfdW51c2VkOwpAQCAtMTAwLDcgKzEwNSw2IEBAIHN0cnVjdCBpbm9kZXNfc3RhdF90IHsKIAog I2RlZmluZSBOUl9GSUxFICA4MTkyCS8qIHRoaXMgY2FuIHdlbGwgYmUgbGFyZ2VyIG9uIGEgbGFy Z2VyIHN5c3RlbSAqLwogCi0KIC8qCiAgKiBUaGVzZSBhcmUgdGhlIGZzLWluZGVwZW5kZW50IG1v dW50LWZsYWdzOiB1cCB0byAzMiBmbGFncyBhcmUgc3VwcG9ydGVkCiAgKi8KZGlmZiAtLWdpdCBh L2tlcm5lbC9zeXNjdGwuYyBiL2tlcm5lbC9zeXNjdGwuYwppbmRleCBiYjI2MGNlLi5lZGE2MGQ5 IDEwMDY0NAotLS0gYS9rZXJuZWwvc3lzY3RsLmMKKysrIGIva2VybmVsL3N5c2N0bC5jCkBAIC0x NjY3LDYgKzE2NjcsMTMgQEAgc3RhdGljIHN0cnVjdCBjdGxfdGFibGUgZnNfdGFibGVbXSA9IHsK IAkJLnByb2NfaGFuZGxlcgk9IHByb2NfZG91bG9uZ3ZlY19taW5tYXgsCiAJfSwKIAl7CisJCS5w cm9jbmFtZQk9ICJmcy10aW1lc3RhbXAtY2hlY2stb24iLAorCQkuZGF0YQkJPSAmdGltZXN0YW1w X2NoZWNrLmNoZWNrX29uLAorCQkubWF4bGVuCQk9IHNpemVvZihpbnQpLAorCQkubW9kZQkJPSAw NjQ0LAorCQkucHJvY19oYW5kbGVyCT0gcHJvY19kb2ludHZlYywKKwl9LAorCXsKIAkJLnByb2Nu YW1lCT0gIm5yX29wZW4iLAogCQkuZGF0YQkJPSAmc3lzY3RsX25yX29wZW4sCiAJCS5tYXhsZW4J CT0gc2l6ZW9mKHVuc2lnbmVkIGludCksCi0tIAoyLjcuNAoKX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18KWTIwMzggbWFpbGluZyBsaXN0ClkyMDM4QGxpc3Rz LmxpbmFyby5vcmcKaHR0cHM6Ly9saXN0cy5saW5hcm8ub3JnL21haWxtYW4vbGlzdGluZm8veTIw MzgK From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-f67.google.com ([74.125.83.67]:35956 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751583AbdBYBmA (ORCPT ); Fri, 24 Feb 2017 20:42:00 -0500 From: Deepa Dinamani To: viro@zeniv.linux.org.uk, tytso@mit.edu, adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, arnd@arndb.de, y2038@lists.linaro.org Subject: [PATCH v4 2/5] vfs: Add checks for filesystem timestamp limits Date: Fri, 24 Feb 2017 17:41:00 -0800 Message-Id: <1487986863-6005-3-git-send-email-deepa.kernel@gmail.com> In-Reply-To: <1487986863-6005-1-git-send-email-deepa.kernel@gmail.com> References: <1487986863-6005-1-git-send-email-deepa.kernel@gmail.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Allow read only mounts for filesystems that do not have maximum timestamps beyond the y2038 expiry timestamp. Also, allow a sysctl override to all such filesystems to be mounted with write permissions. A boot param supports initial override of these checks from the early boot without recompilation. Suggested-by: Arnd Bergmann Signed-off-by: Deepa Dinamani --- fs/inode.c | 15 +++++++++++++++ fs/internal.h | 2 ++ fs/namespace.c | 12 ++++++++++++ fs/super.c | 7 +++++++ include/linux/fs.h | 1 + include/linux/time64.h | 4 ++++ include/uapi/linux/fs.h | 6 +++++- kernel/sysctl.c | 7 +++++++ 8 files changed, 53 insertions(+), 1 deletion(-) diff --git a/fs/inode.c b/fs/inode.c index 0b3ee89..7967f9c 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -75,6 +75,21 @@ static DEFINE_PER_CPU(unsigned long, nr_unused); static struct kmem_cache *inode_cachep __read_mostly; +struct vfs_max_timestamp_check timestamp_check = { + .timestamp_supported = Y2038_EXPIRY_TIMESTAMP, + .check_on = 0, +}; + +static int __init setup_timestamp_check(char *str) +{ + if (*str) + return 0; + timestamp_check.check_on = 1; + return 1; +} + +__setup("fstimestampcheck", setup_timestamp_check); + static long get_nr_inodes(void) { int i; diff --git a/fs/internal.h b/fs/internal.h index 11c6d89..4b3cb9e 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -67,6 +67,8 @@ extern int finish_automount(struct vfsmount *, struct path *); extern int sb_prepare_remount_readonly(struct super_block *); +extern bool sb_file_times_updatable(struct super_block *sb); + extern void __init mnt_init(void); extern int __mnt_want_write(struct vfsmount *); diff --git a/fs/namespace.c b/fs/namespace.c index 8bfad42..dbf3f1c 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -538,6 +538,18 @@ static void __mnt_unmake_readonly(struct mount *mnt) unlock_mount_hash(); } +bool sb_file_times_updatable(struct super_block *sb) +{ + + if (!timestamp_check.check_on) + return true; + + if (sb->s_time_max > timestamp_check.timestamp_supported) + return true; + + return false; +} + int sb_prepare_remount_readonly(struct super_block *sb) { struct mount *mnt; diff --git a/fs/super.c b/fs/super.c index f9c2241..4e7577b 100644 --- a/fs/super.c +++ b/fs/super.c @@ -1245,6 +1245,13 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data) WARN((sb->s_maxbytes < 0), "%s set sb->s_maxbytes to " "negative value (%lld)\n", type->name, sb->s_maxbytes); + if (!(sb->s_flags & MS_RDONLY) && !sb_file_times_updatable(sb)) { + WARN(1, "File times cannot be updated on the filesystem.\n"); + WARN(1, "Retry mounting the filesystem readonly.\n"); + error = -EROFS; + goto out_sb; + } + up_write(&sb->s_umount); free_secdata(secdata); return root; diff --git a/include/linux/fs.h b/include/linux/fs.h index ef55dfb..e12a32d 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -68,6 +68,7 @@ extern struct inodes_stat_t inodes_stat; extern int leases_enable, lease_break_time; extern int sysctl_protected_symlinks; extern int sysctl_protected_hardlinks; +extern struct vfs_max_timestamp_check timestamp_check; struct buffer_head; typedef int (get_block_t)(struct inode *inode, sector_t iblock, diff --git a/include/linux/time64.h b/include/linux/time64.h index 25433b18..906e0b3 100644 --- a/include/linux/time64.h +++ b/include/linux/time64.h @@ -43,6 +43,10 @@ struct itimerspec64 { #define KTIME_MAX ((s64)~((u64)1 << 63)) #define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC) +/* Timestamps on boundary */ +#define Y2038_EXPIRY_TIMESTAMP S32_MAX /* 2147483647 */ +#define Y2106_EXPIRY_TIMESTAMP U32_MAX /* 4294967295 */ + #if __BITS_PER_LONG == 64 static inline struct timespec timespec64_to_timespec(const struct timespec64 ts64) diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index 048a85e..125e4ae 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -91,6 +91,11 @@ struct files_stat_struct { unsigned long max_files; /* tunable */ }; +struct vfs_max_timestamp_check { + time64_t timestamp_supported; + int check_on; +}; + struct inodes_stat_t { long nr_inodes; long nr_unused; @@ -100,7 +105,6 @@ struct inodes_stat_t { #define NR_FILE 8192 /* this can well be larger on a larger system */ - /* * These are the fs-independent mount-flags: up to 32 flags are supported */ diff --git a/kernel/sysctl.c b/kernel/sysctl.c index bb260ce..eda60d9 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1667,6 +1667,13 @@ static struct ctl_table fs_table[] = { .proc_handler = proc_doulongvec_minmax, }, { + .procname = "fs-timestamp-check-on", + .data = ×tamp_check.check_on, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, + { .procname = "nr_open", .data = &sysctl_nr_open, .maxlen = sizeof(unsigned int), -- 2.7.4