[PATCH 06/15] remap_range: move permission hooks out of do_clone_file_range()

public inbox for linux-unionfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Amir Goldstein <amir73il@gmail.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Christian Brauner <brauner@kernel.org>, linux-unionfs@vger.kernel.org
Subject: [PATCH 06/15] remap_range: move permission hooks out of do_clone_file_range()
Date: Tue, 14 Nov 2023 17:32:45 +0200	[thread overview]
Message-ID: <20231114153254.1715969-7-amir73il@gmail.com> (raw)
In-Reply-To: <20231114153254.1715969-1-amir73il@gmail.com>

In many of the vfs helpers, file permission hook is called before
taking sb_start_write(), making them "start-write-safe".
do_clone_file_range() is an exception to this rule.

do_clone_file_range() has two callers - vfs_clone_file_range() and
overlayfs. Move remap_verify_area() checks from do_clone_file_range()
out to vfs_clone_file_range() to make them "start-write-safe".

Overlayfs already has calls to rw_verify_area() with the same security
permission hooks as remap_verify_area() has.
The rest of the checks in remap_verify_area() are irrelevant for
overlayfs that calls do_clone_file_range() offset 0 and positive length.

This is needed for fanotify "pre content" events.

Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
 fs/remap_range.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/fs/remap_range.c b/fs/remap_range.c
index 87ae4f0dc3aa..42f79cb2b1b1 100644
--- a/fs/remap_range.c
+++ b/fs/remap_range.c
@@ -385,14 +385,6 @@ loff_t do_clone_file_range(struct file *file_in, loff_t pos_in,
 	if (!file_in->f_op->remap_file_range)
 		return -EOPNOTSUPP;

-	ret = remap_verify_area(file_in, pos_in, len, false);
-	if (ret)
-		return ret;
-
-	ret = remap_verify_area(file_out, pos_out, len, true);
-	if (ret)
-		return ret;
-
 	ret = file_in->f_op->remap_file_range(file_in, pos_in,
 			file_out, pos_out, len, remap_flags);
 	if (ret < 0)
@@ -410,6 +402,14 @@ loff_t vfs_clone_file_range(struct file *file_in, loff_t pos_in,
 {
 	loff_t ret;

+	ret = remap_verify_area(file_in, pos_in, len, false);
+	if (ret)
+		return ret;
+
+	ret = remap_verify_area(file_out, pos_out, len, true);
+	if (ret)
+		return ret;
+
 	file_start_write(file_out);
 	ret = do_clone_file_range(file_in, pos_in, file_out, pos_out, len,
 				  remap_flags);
-- 
2.34.1

next prev parent reply	other threads:[~2023-11-14 15:33 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-14 15:32 [PATCH 00/15] Tidy up file permission hooks Amir Goldstein
2023-11-14 15:32 ` [PATCH 01/15] ovl: add permission hooks outside of do_splice_direct() Amir Goldstein
2023-11-14 15:32 ` [PATCH 02/15] splice: remove permission hook from do_splice_direct() Amir Goldstein
2023-11-14 15:32 ` [PATCH 03/15] splice: move permission hook out of splice_direct_to_actor() Amir Goldstein
2023-11-14 16:08   ` Chuck Lever
2023-11-14 15:32 ` [PATCH 04/15] splice: move permission hook out of splice_file_to_pipe() Amir Goldstein
2023-11-14 15:32 ` [PATCH 05/15] splice: remove permission hook from iter_file_splice_write() Amir Goldstein
2023-11-14 15:32 ` Amir Goldstein [this message]
2023-11-14 15:32 ` [PATCH 07/15] remap_range: move file_start_write() to after permission hook Amir Goldstein
2023-11-14 15:32 ` [PATCH 08/15] btrfs: " Amir Goldstein
2023-11-14 15:32 ` [PATCH 09/15] fs: move file_start_write() into vfs_iter_write() Amir Goldstein
2023-11-14 23:42   ` Jan Harkes
2023-11-15  9:01     ` Amir Goldstein
2023-11-16  1:07       ` Jan Harkes
2023-11-14 15:32 ` [PATCH 10/15] fs: move permission hook out of do_iter_write() Amir Goldstein
2023-11-14 15:32 ` [PATCH 11/15] fs: move permission hook out of do_iter_read() Amir Goldstein
2023-11-14 15:32 ` [PATCH 12/15] fs: move kiocb_start_write() into vfs_iocb_iter_write() Amir Goldstein
2023-11-17 19:46   ` Josef Bacik
2023-11-18  9:08     ` Amir Goldstein
2023-11-14 15:35 ` [PATCH 00/15] Tidy up file permission hooks Amir Goldstein
2023-11-17 19:44 ` Josef Bacik
2023-11-18  6:59   ` Amir Goldstein
2023-11-21 11:07     ` Amir Goldstein
2023-11-21 15:41       ` Christian Brauner
2023-11-17 20:34 ` Josef Bacik

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:87ae4f0dc3a dfblob:42f79cb2b1b )
 OR (
bs:"[PATCH 06/15] remap_range: move permission hooks out of do_clone_file_range()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231114153254.1715969-7-amir73il@gmail.com \
    --to=amir73il@gmail.com \
    --cc=brauner@kernel.org \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=miklos@szeredi.hu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox