Re: [PATCH] debugfs: debugfs_create_* shouldn't be checking permissions

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org
Subject: Re: [PATCH] debugfs: debugfs_create_* shouldn't be checking permissions
Date: Mon, 30 Mar 2015 16:38:23 +0200	[thread overview]
Message-ID: <20150330143823.GA10992@kroah.com> (raw)
In-Reply-To: <20150330142310.GB6901@fieldses.org>

On Mon, Mar 30, 2015 at 10:23:10AM -0400, J. Bruce Fields wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
> 
> Subject: [PATCH] debugfs: debugfs_create_* shouldn't be checking permissions
> 
> Debugfs files and and directories are created by kernel subsystems not
> directly by users, so we shouldn't be using lookup_one_len, which checks
> permissions.
> 
> This was causing krb5 mounts to fail to Fedora servers using gss-proxy
> if selinux was enabled, on kernels since 388f0c776781 "sunrpc: add a
> debugfs rpc_xprt directory with an info file in it", which creates a new
> debugfs directory for each new rpc client.

No kernel code should care / fail if a debugfs function fails, so please
fix up the sunrpc code first.



> 
> Reported-by: Anthony Messina <amessina@messinet.com>
> Reported-by: Jason Tibbits <tibbs@math.uh.edu>
> Cc: Jeff Layton <jlayton@primarydata.com>
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> ---
>  fs/debugfs/inode.c | 17 +++++++++++++----
>  1 file changed, 13 insertions(+), 4 deletions(-)
> 
> I swiped this code fragment from net/sunrpc/rpc_pipe.c, and it's gotten
> only minimal testing.  (It does fix krb5 mounts, though.)
> 
> diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
> index 96400ab42d13..75e5daa6a63f 100644
> --- a/fs/debugfs/inode.c
> +++ b/fs/debugfs/inode.c
> @@ -251,6 +251,7 @@ static struct dentry *start_creating(const char *name, struct dentry *parent)
>  {
>  	struct dentry *dentry;
>  	int error;
> +	struct qstr q = QSTR_INIT(name, strlen(name));
>  
>  	pr_debug("debugfs: creating file '%s'\n",name);
>  
> @@ -268,11 +269,19 @@ static struct dentry *start_creating(const char *name, struct dentry *parent)
>  		parent = debugfs_mount->mnt_root;
>  
>  	mutex_lock(&parent->d_inode->i_mutex);
> -	dentry = lookup_one_len(name, parent, strlen(name));
> -	if (!IS_ERR(dentry) && dentry->d_inode) {
> +	dentry = d_hash_and_lookup(parent, &q);
> +	if (!dentry) {
> +		dentry = d_alloc(parent, &q);
> +		if (!dentry) {
> +			dentry = ERR_PTR(-ENOMEM);
> +			goto out;
> +		}
> +	}
> +	if (dentry->d_inode) {


No, I'd rather not "open code" lookup_one_len() if at all possible
please.

What exactly is the problem here that the sunrpc code is failing from?
Is it just interacting with selinux?  How is the debugfs code to blame
here?

thanks,

greg k-h

WARNING: multiple messages have this Message-ID (diff)

From: Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
To: "J. Bruce Fields" <bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH] debugfs: debugfs_create_* shouldn't be checking permissions
Date: Mon, 30 Mar 2015 16:38:23 +0200	[thread overview]
Message-ID: <20150330143823.GA10992@kroah.com> (raw)
In-Reply-To: <20150330142310.GB6901-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>

On Mon, Mar 30, 2015 at 10:23:10AM -0400, J. Bruce Fields wrote:
> From: "J. Bruce Fields" <bfields-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> 
> Subject: [PATCH] debugfs: debugfs_create_* shouldn't be checking permissions
> 
> Debugfs files and and directories are created by kernel subsystems not
> directly by users, so we shouldn't be using lookup_one_len, which checks
> permissions.
> 
> This was causing krb5 mounts to fail to Fedora servers using gss-proxy
> if selinux was enabled, on kernels since 388f0c776781 "sunrpc: add a
> debugfs rpc_xprt directory with an info file in it", which creates a new
> debugfs directory for each new rpc client.

No kernel code should care / fail if a debugfs function fails, so please
fix up the sunrpc code first.



> 
> Reported-by: Anthony Messina <amessina-jVqiHVlHlyFWk0Htik3J/w@public.gmane.org>
> Reported-by: Jason Tibbits <tibbs-6Fsk2Ie8wHGVc3sceRu5cw@public.gmane.org>
> Cc: Jeff Layton <jlayton-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org>
> Signed-off-by: J. Bruce Fields <bfields-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> ---
>  fs/debugfs/inode.c | 17 +++++++++++++----
>  1 file changed, 13 insertions(+), 4 deletions(-)
> 
> I swiped this code fragment from net/sunrpc/rpc_pipe.c, and it's gotten
> only minimal testing.  (It does fix krb5 mounts, though.)
> 
> diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
> index 96400ab42d13..75e5daa6a63f 100644
> --- a/fs/debugfs/inode.c
> +++ b/fs/debugfs/inode.c
> @@ -251,6 +251,7 @@ static struct dentry *start_creating(const char *name, struct dentry *parent)
>  {
>  	struct dentry *dentry;
>  	int error;
> +	struct qstr q = QSTR_INIT(name, strlen(name));
>  
>  	pr_debug("debugfs: creating file '%s'\n",name);
>  
> @@ -268,11 +269,19 @@ static struct dentry *start_creating(const char *name, struct dentry *parent)
>  		parent = debugfs_mount->mnt_root;
>  
>  	mutex_lock(&parent->d_inode->i_mutex);
> -	dentry = lookup_one_len(name, parent, strlen(name));
> -	if (!IS_ERR(dentry) && dentry->d_inode) {
> +	dentry = d_hash_and_lookup(parent, &q);
> +	if (!dentry) {
> +		dentry = d_alloc(parent, &q);
> +		if (!dentry) {
> +			dentry = ERR_PTR(-ENOMEM);
> +			goto out;
> +		}
> +	}
> +	if (dentry->d_inode) {


No, I'd rather not "open code" lookup_one_len() if at all possible
please.

What exactly is the problem here that the sunrpc code is failing from?
Is it just interacting with selinux?  How is the debugfs code to blame
here?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2015-03-30 14:38 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-30 14:23 [PATCH] debugfs: debugfs_create_* shouldn't be checking permissions J. Bruce Fields
2015-03-30 14:23 ` J. Bruce Fields
2015-03-30 14:38 ` Greg Kroah-Hartman [this message]
2015-03-30 14:38   ` Greg Kroah-Hartman
2015-03-30 15:27   ` J. Bruce Fields
2015-03-30 15:37     ` Jeff Layton
2015-03-30 15:37       ` Jeff Layton
2015-03-30 15:16 ` Greg Kroah-Hartman
2015-03-30 15:28   ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150330143823.GA10992@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=bfields@fieldses.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.