Message ID | 20221103170210.464155-1-peter.griffin@linaro.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp655442wru; Thu, 3 Nov 2022 10:07:29 -0700 (PDT) X-Google-Smtp-Source: AMsMyM41UJDcdhKcXePSGESowUXoR69fhwDPrT6LhnzIFT6V+zK4DUDf+cbldBqMwovQfMpAKWfo X-Received: by 2002:a05:6a00:1947:b0:565:c337:c53b with SMTP id s7-20020a056a00194700b00565c337c53bmr31400689pfk.10.1667495248878; Thu, 03 Nov 2022 10:07:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667495248; cv=none; d=google.com; s=arc-20160816; b=uEWqvkQ6G8qOUB1871UrPRszSuSnOj9Yl+g+qWnWiqpPLb7+A6sHjc/+eul76tpaUN 3b3HkIT0+RHqRlbl9VvrMy7ryyDzUC/7rl9xcbZ3/WscxGK7CTP2S8AA5FIW72z8ey1D 7DqaEcxhjIQ7+MpP5/ysd1BOy2UixnbEkKrANNI9nkwCRcy7dDQnmJILlh0r75oGxsC9 icLtiDb9/KeRl2Y55ZGRzz97ebW9YQHsH6tpx2bxg+/m7TkFg9cGGbP/Ta0rOC2hBdP/ 6/+ilalVNDEEloGFbh99VyNzWekj/2TEL6ElSwbhKS9H/hfXoIMeYDw1IoJrlmsiie0q F/cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:content-transfer-encoding:mime-version :message-id:date:subject:cc:from:dkim-signature; bh=F2qRvwVUVIRjIeHt35WXksU2jyggEsNFCmKZPYDREH0=; b=jde+k5mB8CTgl8vOFcjKYfB95z4rde9v47svMhK2TbeQKiIIEpUenmEqtmiIQh6KWG j6AEtgVLcGu+WJOUNFfwoywyP1thWWri+uq/8oFfv7NRUjX25fpFL+UJVbXCDWBAYudh ClCFBdZq18bv0LNVGnWL68+6KZW+F4/zUKN3+eFLQLQpcVx7cBbLB9Et3VCLRhujg3a+ bfVMjxCK8ZTj+R1tjsVNpZdyOh26vrdw5j+O8wLKa0B8KXs3TO0jJ6T9QbzUcTAE49ni 3BQ27DHHWiAOzJE09hKECh51OG3fSwznWmziCE8Im/i8QGm0mT/DXPktvttojUlLU2+H FAOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=Pmd1ZWzY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x203-20020a6331d4000000b00422c003b4c9si1850191pgx.46.2022.11.03.10.07.14; Thu, 03 Nov 2022 10:07:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=Pmd1ZWzY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231682AbiKCRC6 (ORCPT <rfc822;yves.mi.zy@gmail.com> + 99 others); Thu, 3 Nov 2022 13:02:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231732AbiKCRCV (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 3 Nov 2022 13:02:21 -0400 Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5671910B64 for <linux-kernel@vger.kernel.org>; Thu, 3 Nov 2022 10:02:19 -0700 (PDT) Received: by mail-wm1-x334.google.com with SMTP id m29-20020a05600c3b1d00b003c6bf423c71so3833330wms.0 for <linux-kernel@vger.kernel.org>; Thu, 03 Nov 2022 10:02:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=F2qRvwVUVIRjIeHt35WXksU2jyggEsNFCmKZPYDREH0=; b=Pmd1ZWzYe+9SBpCupib/Vm+0gUhLu8QSGX/WqY3HSwPPcz/YftVTkl2CwTIsYVb2Hx iRxgZBzpaLdzKE/udwF49ml/0ZOmV8GOKe5cRb3RCVRE301p8jITcfGm9WjywIF2g8Xe MS6trBTW1PmNZdD0n+5BgFXLdJi4vJOhUJewZepcExh858lg/tAnC5mZ/FzGESnoAx39 SJc5IQEC3TBkHm8T93+qRVKTEUQfZyr2TcS0Afxpukqt78dlah6VmkALLMAJ724Whi8k z9gRB5ylFALOFIvbVwditPZkNd+WnVAr9vAP+gQP40+vcngbYtGlIDsrQz2dI7qnkGTw A4FA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=F2qRvwVUVIRjIeHt35WXksU2jyggEsNFCmKZPYDREH0=; b=5yX40MX8eMBBh5baYjVgOJNmm1+85H8AXcg76QdtCDqV7EoyDJSQZK2/OgmdPcnizG Cq0E4qDDQ78bd0T67+SpjbJYH0YQhyguY3+jGYG9aeqbYBhLEPRJte3SK7YjqodiXf3Y 5h6f7FEU0OFTCMKPySuXbgR56DTQgI0v4QfQTZWX/ZC+PwXui7E3kSh0DKYWlOG9K4O9 LuFlwItLDZu8/ETUi/Y7hToM9IPzYdNN4suy7wWp2PcWUiKK64MB4u8pj03rayDE9o1F ViUkBhD6cIllkNHmOZ7OQN7BkP/58123QGEjOmLU3+OfZJtDq9AXuLZKWp1RQC5F5ZHd 7oxg== X-Gm-Message-State: ACrzQf0+itQSReFhtxd0bDiuuOKaqWpA0vzZ4drOICOsa8oUJf5ZEcI2 HTbIKlEzNklUrmUUJ4aCshNDfw== X-Received: by 2002:a1c:440b:0:b0:3cf:4db1:d741 with SMTP id r11-20020a1c440b000000b003cf4db1d741mr20754947wma.197.1667494934967; Thu, 03 Nov 2022 10:02:14 -0700 (PDT) Received: from ryzen.lan (79-73-69-252.dynamic.dsl.as9105.com. [79.73.69.252]) by smtp.gmail.com with ESMTPSA id i15-20020adfa50f000000b002366c3eefccsm1286342wrb.109.2022.11.03.10.02.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Nov 2022 10:02:14 -0700 (PDT) From: Peter Griffin <peter.griffin@linaro.org> Cc: Peter Griffin <peter.griffin@linaro.org>, Alexander Viro <viro@zeniv.linux.org.uk>, Miklos Szeredi <mszeredi@redhat.com>, stable@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Will McVicker <willmcvicker@google.com>, Peter Griffin <gpeter@google.com> Subject: [PATCH] vfs: vfs_tmpfile: ensure O_EXCL flag is enforced Date: Thu, 3 Nov 2022 17:02:10 +0000 Message-Id: <20221103170210.464155-1-peter.griffin@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net To: unlisted-recipients:; (no To-header on input) Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748495497860300363?= X-GMAIL-MSGID: =?utf-8?q?1748495497860300363?= |
Series |
vfs: vfs_tmpfile: ensure O_EXCL flag is enforced
|
|
Commit Message
Peter Griffin
Nov. 3, 2022, 5:02 p.m. UTC
If O_EXCL is *not* specified, then linkat() can be
used to link the temporary file into the filesystem.
If O_EXCL is specified then linkat() should fail (-1).
After commit 863f144f12ad ("vfs: open inside ->tmpfile()")
the O_EXCL flag is no longer honored by the vfs layer for
tmpfile, which means the file can be linked even if O_EXCL
flag is specified, which is a change in behaviour for
userspace!
The open flags was previously passed as a parameter, so it
was uneffected by the changes to file->f_flags caused by
finish_open(). This patch fixes the issue by storing
file->f_flags in a local variable so the O_EXCL test
logic is restored.
This regression was detected by Android CTS Bionic fcntl()
tests running on android-mainline [1].
[1] https://android.googlesource.com/platform/bionic/+/
refs/heads/master/tests/fcntl_test.cpp#352
Fixes: 863f144f12ad ("vfs: open inside ->tmpfile()")
To: lkml <linux-kernel@vger.kernel.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Miklos Szeredi <mszeredi@redhat.com>
Cc: stable@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Will McVicker <willmcvicker@google.com>
Cc: Peter Griffin <gpeter@google.com>
Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
---
fs/namei.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
On Thu, 3 Nov 2022 at 18:04, Peter Griffin <peter.griffin@linaro.org> wrote: > > If O_EXCL is *not* specified, then linkat() can be > used to link the temporary file into the filesystem. > If O_EXCL is specified then linkat() should fail (-1). > > After commit 863f144f12ad ("vfs: open inside ->tmpfile()") > the O_EXCL flag is no longer honored by the vfs layer for > tmpfile, which means the file can be linked even if O_EXCL > flag is specified, which is a change in behaviour for > userspace! > > The open flags was previously passed as a parameter, so it > was uneffected by the changes to file->f_flags caused by > finish_open(). This patch fixes the issue by storing > file->f_flags in a local variable so the O_EXCL test > logic is restored. > > This regression was detected by Android CTS Bionic fcntl() > tests running on android-mainline [1]. > > [1] https://android.googlesource.com/platform/bionic/+/ > refs/heads/master/tests/fcntl_test.cpp#352 Looks good. Acked-by: Miklos Szeredi <mszeredi@redhat.com> Thanks, Miklos >
On 11/03/2022, Miklos Szeredi wrote: > On Thu, 3 Nov 2022 at 18:04, Peter Griffin <peter.griffin@linaro.org> wrote: > > > > If O_EXCL is *not* specified, then linkat() can be > > used to link the temporary file into the filesystem. > > If O_EXCL is specified then linkat() should fail (-1). > > > > After commit 863f144f12ad ("vfs: open inside ->tmpfile()") > > the O_EXCL flag is no longer honored by the vfs layer for > > tmpfile, which means the file can be linked even if O_EXCL > > flag is specified, which is a change in behaviour for > > userspace! > > > > The open flags was previously passed as a parameter, so it > > was uneffected by the changes to file->f_flags caused by > > finish_open(). This patch fixes the issue by storing > > file->f_flags in a local variable so the O_EXCL test > > logic is restored. > > > > This regression was detected by Android CTS Bionic fcntl() > > tests running on android-mainline [1]. > > > > [1] https://android.googlesource.com/platform/bionic/+/ > > refs/heads/master/tests/fcntl_test.cpp#352 > > Looks good. > > Acked-by: Miklos Szeredi <mszeredi@redhat.com> > > Thanks, > Miklos > > Thanks Peter for tracking this down! I tested this on the android-mainline version of 6.1-rc3 on a Pixel 6 device. Tested-by: Will McVicker <willmcvicker@google.com> Regards, Will
Hi Alexander, On Thu, 3 Nov 2022 at 19:12, Miklos Szeredi <miklos@szeredi.hu> wrote: > > On Thu, 3 Nov 2022 at 18:04, Peter Griffin <peter.griffin@linaro.org> wrote: > > > > If O_EXCL is *not* specified, then linkat() can be > > used to link the temporary file into the filesystem. > > If O_EXCL is specified then linkat() should fail (-1). > > > > After commit 863f144f12ad ("vfs: open inside ->tmpfile()") > > the O_EXCL flag is no longer honored by the vfs layer for > > tmpfile, which means the file can be linked even if O_EXCL > > flag is specified, which is a change in behaviour for > > userspace! > > > > The open flags was previously passed as a parameter, so it > > was uneffected by the changes to file->f_flags caused by > > finish_open(). This patch fixes the issue by storing > > file->f_flags in a local variable so the O_EXCL test > > logic is restored. > > > > This regression was detected by Android CTS Bionic fcntl() > > tests running on android-mainline [1]. > > > > [1] https://android.googlesource.com/platform/bionic/+/ > > refs/heads/master/tests/fcntl_test.cpp#352 > > Looks good. > > Acked-by: Miklos Szeredi <mszeredi@redhat.com> As this patch now has an Acked-by the original author of the commit that reworked the tmpfile vfs logic and introduced the regression. Can you pick up this commit and send it onto Linus for inclusion into the next v6.1-rc release? Note, it fixes a regression for userspace introduced in this merge window so I was hoping to get the fix into the next -rc so that the v6.1 release does not contain this bug. Many thanks, Peter
On Mon, Nov 14, 2022 at 02:38:15PM +0000, Peter Griffin wrote: > commit that reworked the tmpfile vfs logic and introduced the > regression. Can you pick up this commit and send it onto Linus > for inclusion into the next v6.1-rc release? > > Note, it fixes a regression for userspace introduced in this merge > window so I was hoping to get the fix into the next -rc so that the > v6.1 release does not contain this bug. Applied to #fixes and pushed out; will send a pull request to Linus tomorrow...
diff --git a/fs/namei.c b/fs/namei.c index 578c2110df02..9155ecb547ce 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3591,6 +3591,7 @@ static int vfs_tmpfile(struct user_namespace *mnt_userns, struct inode *dir = d_inode(parentpath->dentry); struct inode *inode; int error; + int open_flag = file->f_flags; /* we want directory to be writable */ error = inode_permission(mnt_userns, dir, MAY_WRITE | MAY_EXEC); @@ -3613,7 +3614,7 @@ static int vfs_tmpfile(struct user_namespace *mnt_userns, if (error) return error; inode = file_inode(file); - if (!(file->f_flags & O_EXCL)) { + if (!(open_flag & O_EXCL)) { spin_lock(&inode->i_lock); inode->i_state |= I_LINKABLE; spin_unlock(&inode->i_lock);