From: Christian Brauner <brauner@kernel.org>
To: Bernd Schubert <bernd.schubert@fastmail.fm>
Cc: Bernd Schubert <bschubert@ddn.com>,
linux-fsdevel@vger.kernel.org, miklos@szeredi.hu, dsingh@ddn.com,
Josef Bacik <josef@toxicpanda.com>,
linux-btrfs@vger.kernel.org,
Alexander Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH 1/2] fs: Add and export file_needs_remove_privs
Date: Fri, 1 Sep 2023 14:50:33 +0200 [thread overview]
Message-ID: <20230901-briefe-amtieren-0c8b555219cb@brauner> (raw)
In-Reply-To: <99bc64c2-44e2-5000-45b7-d9343bcc8fb8@fastmail.fm>
On Thu, Aug 31, 2023 at 04:17:01PM +0200, Bernd Schubert wrote:
>
>
> On 8/31/23 15:40, Christian Brauner wrote:
> > On Thu, Aug 31, 2023 at 01:24:30PM +0200, Bernd Schubert wrote:
> > > File systems want to hold a shared lock for DIO writes,
> > > but may need to drop file priveliges - that a requires an
> > > exclusive lock. The new export function file_needs_remove_privs()
> > > is added in order to first check if that is needed.
> > >
> > > Cc: Miklos Szeredi <miklos@szeredi.hu>
> > > Cc: Dharmendra Singh <dsingh@ddn.com>
> > > Cc: Josef Bacik <josef@toxicpanda.com>
> > > Cc: linux-btrfs@vger.kernel.org
> > > Cc: Alexander Viro <viro@zeniv.linux.org.uk>
> > > Cc: Christian Brauner <brauner@kernel.org>
> > > Cc: linux-fsdevel@vger.kernel.org
> > > Signed-off-by: Bernd Schubert <bschubert@ddn.com>
> > > ---
> > > fs/inode.c | 8 ++++++++
> > > include/linux/fs.h | 1 +
> > > 2 files changed, 9 insertions(+)
> > >
> > > diff --git a/fs/inode.c b/fs/inode.c
> > > index 67611a360031..9b05db602e41 100644
> > > --- a/fs/inode.c
> > > +++ b/fs/inode.c
> > > @@ -2013,6 +2013,14 @@ int dentry_needs_remove_privs(struct mnt_idmap *idmap,
> > > return mask;
> > > }
> > > +int file_needs_remove_privs(struct file *file)
> > > +{
> > > + struct dentry *dentry = file_dentry(file);
> > > +
> > > + return dentry_needs_remove_privs(file_mnt_idmap(file), dentry);
> >
> > Ugh, I wanted to propose to get rid of this dentry dance but I propsed
> > that before and remembered it's because of __vfs_getxattr() which is
> > called from the capability security hook that we need it...
>
> Is there anything specific you are suggesting?
No, it's not actionable for you here. It would require adding inode
methods to set and get filesystem capabilities and then converting it in
such a way that we don't need to rely on passing dentries around. That's
a separate larger patchset that we would need with surgery across a
bunch of filesystems and the vfs - Seth (Forshee) has been working on this.
The callchains are just pointless which I remembered when I saw the
patchset:
file_needs_remove_privs(file)
-> dentry_needs_remove_privs(dentry)
-> inode = d_inode(dentry)
// do inode stuff
// security_needs_*(dentry)
point is ideally we shouldn't need the dentry in *remove_privs() at all.
next prev parent reply other threads:[~2023-09-01 12:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-31 11:24 [PATCH v2 0/2] Use exclusive lock for file_remove_privs Bernd Schubert
2023-08-31 11:24 ` [PATCH 1/2] fs: Add and export file_needs_remove_privs Bernd Schubert
2023-08-31 13:16 ` Christian Brauner
2023-08-31 13:40 ` Christian Brauner
2023-08-31 14:17 ` Bernd Schubert
2023-09-01 12:50 ` Christian Brauner [this message]
2023-08-31 11:24 ` [PATCH 2/2] btrfs: file_remove_privs needs an exclusive lock Bernd Schubert
2023-09-05 18:02 ` [PATCH v2 0/2] Use exclusive lock for file_remove_privs David Sterba
2023-09-06 14:43 ` Christian Brauner
2023-09-06 14:51 ` Bernd Schubert
2023-09-06 15:07 ` Christian Brauner
2023-09-07 14:00 ` David Sterba
-- strict thread matches above, loose matches on Subject: below --
2023-08-30 18:15 [PATCH " Bernd Schubert
2023-08-30 18:15 ` [PATCH 1/2] fs: Add and export file_needs_remove_privs Bernd Schubert
2023-09-01 6:48 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230901-briefe-amtieren-0c8b555219cb@brauner \
--to=brauner@kernel.org \
--cc=bernd.schubert@fastmail.fm \
--cc=bschubert@ddn.com \
--cc=dsingh@ddn.com \
--cc=josef@toxicpanda.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).