From: Amir Goldstein <amir73il@gmail.com>
To: Christian Brauner <brauner@kernel.org>
Cc: Jan Kara <jack@suse.cz>, Josef Bacik <josef@toxicpanda.com>,
David Howells <dhowells@redhat.com>, Jens Axboe <axboe@kernel.dk>,
Miklos Szeredi <miklos@szeredi.hu>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org
Subject: [PATCH v2 01/16] ovl: add permission hooks outside of do_splice_direct()
Date: Wed, 22 Nov 2023 14:27:00 +0200 [thread overview]
Message-ID: <20231122122715.2561213-2-amir73il@gmail.com> (raw)
In-Reply-To: <20231122122715.2561213-1-amir73il@gmail.com>
The main callers of do_splice_direct() also call rw_verify_area() for
the entire range that is being copied, e.g. by vfs_copy_file_range()
or do_sendfile() before calling do_splice_direct().
The only caller that does not have those checks for entire range is
ovl_copy_up_file(). In preparation for removing the checks inside
do_splice_direct(), add rw_verify_area() call in ovl_copy_up_file().
For extra safety, perform minimal sanity checks from rw_verify_area()
for non negative offsets also in the copy up do_splice_direct() loop
without calling the file permission hooks.
This is needed for fanotify "pre content" events.
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
fs/overlayfs/copy_up.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 4382881b0709..106f8643af3b 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -230,6 +230,19 @@ static int ovl_copy_fileattr(struct inode *inode, const struct path *old,
return ovl_real_fileattr_set(new, &newfa);
}
+static int ovl_verify_area(loff_t pos, loff_t pos2, loff_t len, loff_t totlen)
+{
+ loff_t tmp;
+
+ if (WARN_ON_ONCE(pos != pos2))
+ return -EIO;
+ if (WARN_ON_ONCE(pos < 0 || len < 0 || totlen < 0))
+ return -EIO;
+ if (WARN_ON_ONCE(check_add_overflow(pos, len, &tmp)))
+ return -EIO;
+ return 0;
+}
+
static int ovl_copy_up_file(struct ovl_fs *ofs, struct dentry *dentry,
struct file *new_file, loff_t len)
{
@@ -244,13 +257,20 @@ static int ovl_copy_up_file(struct ovl_fs *ofs, struct dentry *dentry,
int error = 0;
ovl_path_lowerdata(dentry, &datapath);
- if (WARN_ON(datapath.dentry == NULL))
+ if (WARN_ON_ONCE(datapath.dentry == NULL) ||
+ WARN_ON_ONCE(len < 0))
return -EIO;
old_file = ovl_path_open(&datapath, O_LARGEFILE | O_RDONLY);
if (IS_ERR(old_file))
return PTR_ERR(old_file);
+ error = rw_verify_area(READ, old_file, &old_pos, len);
+ if (!error)
+ error = rw_verify_area(WRITE, new_file, &new_pos, len);
+ if (error)
+ goto out_fput;
+
/* Try to use clone_file_range to clone up within the same fs */
ovl_start_write(dentry);
cloned = do_clone_file_range(old_file, 0, new_file, 0, len, 0);
@@ -309,6 +329,10 @@ static int ovl_copy_up_file(struct ovl_fs *ofs, struct dentry *dentry,
}
}
+ error = ovl_verify_area(old_pos, new_pos, this_len, len);
+ if (error)
+ break;
+
ovl_start_write(dentry);
bytes = do_splice_direct(old_file, &old_pos,
new_file, &new_pos,
--
2.34.1
next prev parent reply other threads:[~2023-11-22 12:27 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-22 12:26 [PATCH v2 00/16] Tidy up file permission hooks Amir Goldstein
2023-11-22 12:27 ` Amir Goldstein [this message]
2023-11-23 7:35 ` [PATCH v2 01/16] ovl: add permission hooks outside of do_splice_direct() Christoph Hellwig
2023-11-23 16:28 ` Jan Kara
2023-11-22 12:27 ` [PATCH v2 02/16] splice: remove permission hook from do_splice_direct() Amir Goldstein
2023-11-23 7:36 ` Christoph Hellwig
2023-11-23 16:28 ` Jan Kara
2023-11-22 12:27 ` [PATCH v2 03/16] splice: move permission hook out of splice_direct_to_actor() Amir Goldstein
2023-11-23 7:36 ` Christoph Hellwig
2023-11-23 16:35 ` Jan Kara
2023-11-22 12:27 ` [PATCH v2 04/16] splice: move permission hook out of splice_file_to_pipe() Amir Goldstein
2023-11-23 7:38 ` Christoph Hellwig
2023-11-23 16:37 ` Jan Kara
2023-11-22 12:27 ` [PATCH v2 05/16] splice: remove permission hook from iter_file_splice_write() Amir Goldstein
2023-11-23 7:47 ` Christoph Hellwig
2023-11-23 11:20 ` Amir Goldstein
2023-11-23 15:14 ` Christoph Hellwig
2023-11-23 15:41 ` Amir Goldstein
2023-11-23 15:45 ` Christoph Hellwig
2023-11-23 16:22 ` Christian Brauner
2023-11-23 16:53 ` Amir Goldstein
2023-11-23 17:56 ` Christian Brauner
2023-11-22 12:27 ` [PATCH v2 06/16] remap_range: move permission hooks out of do_clone_file_range() Amir Goldstein
2023-11-23 7:47 ` Christoph Hellwig
2023-11-23 16:52 ` Jan Kara
2023-11-22 12:27 ` [PATCH v2 07/16] remap_range: move file_start_write() to after permission hook Amir Goldstein
2023-11-23 7:48 ` Christoph Hellwig
2023-11-23 16:53 ` Jan Kara
2023-11-22 12:27 ` [PATCH v2 08/16] btrfs: " Amir Goldstein
2023-11-23 7:48 ` Christoph Hellwig
2023-11-23 16:54 ` Jan Kara
2023-11-22 12:27 ` [PATCH v2 09/16] coda: change locking order in coda_file_write_iter() Amir Goldstein
2023-11-22 12:27 ` [PATCH v2 10/16] fs: move file_start_write() into vfs_iter_write() Amir Goldstein
2023-11-23 7:50 ` Christoph Hellwig
2023-11-23 8:04 ` Amir Goldstein
2023-11-22 12:27 ` [PATCH v2 11/16] fs: move permission hook out of do_iter_write() Amir Goldstein
2023-11-22 14:33 ` Christian Brauner
2023-11-22 15:25 ` Amir Goldstein
2023-11-23 17:08 ` Jan Kara
2023-11-24 8:45 ` Amir Goldstein
2023-11-22 12:27 ` [PATCH v2 12/16] fs: move permission hook out of do_iter_read() Amir Goldstein
2023-11-23 17:13 ` Jan Kara
2023-11-24 8:48 ` Amir Goldstein
2023-11-22 12:27 ` [PATCH v2 13/16] fs: move kiocb_start_write() into vfs_iocb_iter_write() Amir Goldstein
2023-11-23 17:30 ` Jan Kara
2023-11-22 12:27 ` [PATCH v2 14/16] fs: create __sb_write_started() helper Amir Goldstein
2023-11-23 17:31 ` Jan Kara
2023-11-24 9:14 ` Amir Goldstein
2023-11-22 12:27 ` [PATCH v2 15/16] fs: create file_write_started() helper Amir Goldstein
2023-11-22 12:27 ` [PATCH v2 16/16] fs: create {sb,file}_write_not_started() helpers Amir Goldstein
2023-11-23 17:35 ` Jan Kara
2023-11-24 8:20 ` Amir Goldstein
2023-12-01 10:11 ` Jan Kara
2023-11-22 14:06 ` [PATCH v2 00/16] Tidy up file permission hooks Josef Bacik
2023-11-22 15:04 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231122122715.2561213-2-amir73il@gmail.com \
--to=amir73il@gmail.com \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=jack@suse.cz \
--cc=josef@toxicpanda.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).