Skip to content

Commit

Permalink
open: handle idmapped mounts in do_truncate()
Browse files Browse the repository at this point in the history
When truncating files the vfs will verify that the caller is privileged
over the inode. Extend it to handle idmapped mounts. If the inode is
accessed through an idmapped mount it is mapped according to the mount's
user namespace. Afterwards the permissions checks are identical to
non-idmapped mounts. If the initial user namespace is passed nothing
changes so non-idmapped mounts will see identical behavior as before.

Link: https://lore.kernel.org/r/[email protected]
Cc: Christoph Hellwig <[email protected]>
Cc: David Howells <[email protected]>
Cc: Al Viro <[email protected]>
Cc: [email protected]
Reviewed-by: Christoph Hellwig <[email protected]>
Signed-off-by: Christian Brauner <[email protected]>
  • Loading branch information
Christian Brauner committed Jan 24, 2021
1 parent 6521f89 commit 643fe55
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 16 deletions.
10 changes: 7 additions & 3 deletions fs/coredump.c
Original file line number Diff line number Diff line change
Expand Up @@ -703,6 +703,7 @@ void do_coredump(const kernel_siginfo_t *siginfo)
goto close_fail;
}
} else {
struct user_namespace *mnt_userns;
struct inode *inode;
int open_flags = O_CREAT | O_RDWR | O_NOFOLLOW |
O_LARGEFILE | O_EXCL;
Expand Down Expand Up @@ -780,13 +781,15 @@ void do_coredump(const kernel_siginfo_t *siginfo)
* a process dumps core while its cwd is e.g. on a vfat
* filesystem.
*/
if (!uid_eq(inode->i_uid, current_fsuid()))
mnt_userns = file_mnt_user_ns(cprm.file);
if (!uid_eq(i_uid_into_mnt(mnt_userns, inode), current_fsuid()))
goto close_fail;
if ((inode->i_mode & 0677) != 0600)
goto close_fail;
if (!(cprm.file->f_mode & FMODE_CAN_WRITE))
goto close_fail;
if (do_truncate(cprm.file->f_path.dentry, 0, 0, cprm.file))
if (do_truncate(mnt_userns, cprm.file->f_path.dentry,
0, 0, cprm.file))
goto close_fail;
}

Expand Down Expand Up @@ -931,7 +934,8 @@ void dump_truncate(struct coredump_params *cprm)
if (file->f_op->llseek && file->f_op->llseek != no_llseek) {
offset = file->f_op->llseek(file, 0, SEEK_CUR);
if (i_size_read(file->f_mapping->host) < offset)
do_truncate(file->f_path.dentry, offset, 0, file);
do_truncate(file_mnt_user_ns(file), file->f_path.dentry,
offset, 0, file);
}
}
EXPORT_SYMBOL(dump_truncate);
Expand Down
7 changes: 4 additions & 3 deletions fs/inode.c
Original file line number Diff line number Diff line change
Expand Up @@ -1903,7 +1903,8 @@ int dentry_needs_remove_privs(struct dentry *dentry)
return mask;
}

static int __remove_privs(struct dentry *dentry, int kill)
static int __remove_privs(struct user_namespace *mnt_userns,
struct dentry *dentry, int kill)
{
struct iattr newattrs;

Expand All @@ -1912,7 +1913,7 @@ static int __remove_privs(struct dentry *dentry, int kill)
* Note we call this on write, so notify_change will not
* encounter any conflicting delegations:
*/
return notify_change(&init_user_ns, dentry, &newattrs, NULL);
return notify_change(mnt_userns, dentry, &newattrs, NULL);
}

/*
Expand All @@ -1939,7 +1940,7 @@ int file_remove_privs(struct file *file)
if (kill < 0)
return kill;
if (kill)
error = __remove_privs(dentry, kill);
error = __remove_privs(file_mnt_user_ns(file), dentry, kill);
if (!error)
inode_has_no_xattr(inode);

Expand Down
2 changes: 1 addition & 1 deletion fs/namei.c
Original file line number Diff line number Diff line change
Expand Up @@ -3009,7 +3009,7 @@ static int handle_truncate(struct file *filp)
if (!error)
error = security_path_truncate(path);
if (!error) {
error = do_truncate(path->dentry, 0,
error = do_truncate(&init_user_ns, path->dentry, 0,
ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
filp);
}
Expand Down
16 changes: 9 additions & 7 deletions fs/open.c
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@

#include "internal.h"

int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
struct file *filp)
int do_truncate(struct user_namespace *mnt_userns, struct dentry *dentry,
loff_t length, unsigned int time_attrs, struct file *filp)
{
int ret;
struct iattr newattrs;
Expand All @@ -61,13 +61,14 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,

inode_lock(dentry->d_inode);
/* Note any delegations or leases have already been broken: */
ret = notify_change(&init_user_ns, dentry, &newattrs, NULL);
ret = notify_change(mnt_userns, dentry, &newattrs, NULL);
inode_unlock(dentry->d_inode);
return ret;
}

long vfs_truncate(const struct path *path, loff_t length)
{
struct user_namespace *mnt_userns;
struct inode *inode;
long error;

Expand All @@ -83,7 +84,8 @@ long vfs_truncate(const struct path *path, loff_t length)
if (error)
goto out;

error = inode_permission(&init_user_ns, inode, MAY_WRITE);
mnt_userns = mnt_user_ns(path->mnt);
error = inode_permission(mnt_userns, inode, MAY_WRITE);
if (error)
goto mnt_drop_write_and_out;

Expand All @@ -107,7 +109,7 @@ long vfs_truncate(const struct path *path, loff_t length)
if (!error)
error = security_path_truncate(path);
if (!error)
error = do_truncate(path->dentry, length, 0, NULL);
error = do_truncate(mnt_userns, path->dentry, length, 0, NULL);

put_write_and_out:
put_write_access(inode);
Expand Down Expand Up @@ -186,13 +188,13 @@ long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
/* Check IS_APPEND on real upper inode */
if (IS_APPEND(file_inode(f.file)))
goto out_putf;

sb_start_write(inode->i_sb);
error = locks_verify_truncate(inode, f.file, length);
if (!error)
error = security_path_truncate(&f.file->f_path);
if (!error)
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file);
error = do_truncate(file_mnt_user_ns(f.file), dentry, length,
ATTR_MTIME | ATTR_CTIME, f.file);
sb_end_write(inode->i_sb);
out_putf:
fdput(f);
Expand Down
4 changes: 2 additions & 2 deletions include/linux/fs.h
Original file line number Diff line number Diff line change
Expand Up @@ -2593,8 +2593,8 @@ static inline struct user_namespace *file_mnt_user_ns(struct file *file)
return mnt_user_ns(file->f_path.mnt);
}
extern long vfs_truncate(const struct path *, loff_t);
extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs,
struct file *filp);
int do_truncate(struct user_namespace *, struct dentry *, loff_t start,
unsigned int time_attrs, struct file *filp);
extern int vfs_fallocate(struct file *file, int mode, loff_t offset,
loff_t len);
extern long do_sys_open(int dfd, const char __user *filename, int flags,
Expand Down

0 comments on commit 643fe55

Please sign in to comment.