25 Jan, 2021
1 commit
-
Change-Id: I173bc0325c93daaf82bb894f77ba35fa827864de
09 Jan, 2021
1 commit
-
[ Upstream commit 5d069dbe8aaf2a197142558b6fb2978189ba3454 ]
Jan Kara's analysis of the syzbot report (edited):
The reproducer opens a directory on FUSE filesystem, it then attaches
dnotify mark to the open directory. After that a fuse_do_getattr() call
finds that attributes returned by the server are inconsistent, and calls
make_bad_inode() which, among other things does:inode->i_mode = S_IFREG;
This then confuses dnotify which doesn't tear down its structures
properly and eventually crashes.Avoid calling make_bad_inode() on a live inode: switch to a private flag on
the fuse inode. Also add the test to ops which the bad_inode_ops would
have caught.This bug goes back to the initial merge of fuse in 2.6.14...
Reported-by: syzbot+f427adf9324b92652ccc@syzkaller.appspotmail.com
Signed-off-by: Miklos Szeredi
Tested-by: Jan Kara
Cc:
Signed-off-by: Sasha Levin
26 Oct, 2020
1 commit
-
…m/linux/kernel/git/mszeredi/fuse") into android-mainline
Steps on the way to 5.10-rc1
Resolves conflicts in:
fs/fuse/fuse_i.hSigned-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ifa200ce8fae0e3b38c86351006824c62328c00f7
18 Sep, 2020
1 commit
-
We want to allow submounts for the same fuse_conn, but with different
superblocks so that each of the submounts has its own device ID. To do
so, we need to split all mount-specific information off of fuse_conn
into a new fuse_mount structure, so that multiple mounts can share a
single fuse_conn.We need to take care only to perform connection-level actions once (i.e.
when the fuse_conn and thus the first fuse_mount are established, or
when the last fuse_mount and thus the fuse_conn are destroyed). For
example, fuse_sb_destroy() must invoke fuse_send_destroy() until the
last superblock is released.To do so, we keep track of which fuse_mount is the root mount and
perform all fuse_conn-level actions only when this fuse_mount is
involved.Signed-off-by: Max Reitz
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Miklos Szeredi
06 Nov, 2019
1 commit
-
Add a flag option to get xattr method that could have a bit flag of
XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
set in the __vfs_getxattr path when called by security
infrastructure.This handles the case of a union filesystem driver that is being
requested by the security layer to report back the xattr data.For the use case where access is to be blocked by the security layer.
The path then could be security(dentry) ->
__vfs_getxattr(dentry...XATTR_NOSECURITY) ->
handler->get(dentry...XATTR_NOSECURITY) ->
__vfs_getxattr(lower_dentry...XATTR_NOSECURITY) ->
lower_handler->get(lower_dentry...XATTR_NOSECURITY)
which would report back through the chain data and success as
expected, the logging security layer at the top would have the
data to determine the access permissions and report back the target
context that was blocked.Without the get handler flag, the path on a union filesystem would be
the errant security(dentry) -> __vfs_getxattr(dentry) ->
handler->get(dentry) -> vfs_getxattr(lower_dentry) -> nested ->
security(lower_dentry, log off) -> lower_handler->get(lower_dentry)
which would report back through the chain no data, and -EACCES.For selinux for both cases, this would translate to a correctly
determined blocked access. In the first case with this change a correct avc
log would be reported, in the second legacy case an incorrect avc log
would be reported against an uninitialized u:object_r:unlabeled:s0
context making the logs cosmetically useless for audit2allow.This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Acked-by: Jan Kara
Acked-by: Jeff Layton
Acked-by: David Sterba
Acked-by: Darrick J. Wong
Acked-by: Mike Marshall
Cc: Stephen Smalley
Cc: linux-kernel@vger.kernel.org
Cc: kernel-team@android.com
Cc: linux-security-module@vger.kernel.org(cherry picked from (rejected from archive because of too many recipients))
Signed-off-by: Mark Salyzyn
Bug: 133515582
Bug: 136124883
Bug: 129319403
Change-Id: Iabbb8771939d5f66667a26bb23ddf4c562c349a1
10 Sep, 2019
2 commits
-
This makes the structure better packed.
Signed-off-by: Miklos Szeredi
-
...to make future expansion simpler. The hiearachical structure is a
historical thing that does not serve any practical purpose.The generated code is excatly the same before and after the patch.
Signed-off-by: Miklos Szeredi
31 May, 2018
1 commit
-
Ensure the translation happens by failing to read or write
posix acls when the filesystem has not indicated it supports
posix acls.This ensures that modern cached posix acl support is available
and used when dealing with posix acls. This is important
because only that path has the code to convernt the uids and
gids in posix acls into the user namespace of a fuse filesystem.Signed-off-by: "Eric W. Biederman"
Signed-off-by: Miklos Szeredi
03 Oct, 2016
1 commit
-
Don't let userspace filesystem give bogus values for the size of xattr and
xattr list.Signed-off-by: Miklos Szeredi
01 Oct, 2016
2 commits
-
Add a new INIT flag, FUSE_POSIX_ACL, for negotiating ACL support with
userspace. When it is set in the INIT response, ACL support will be
enabled. ACL support also implies "default_permissions".When ACL support is enabled, the kernel will cache and have responsibility
for enforcing ACLs. ACL xattrs will be passed to userspace, which is
responsible for updating the ACLs in the filesystem, keeping the file mode
in sync, and inheritance of default ACLs when new filesystem nodes are
created.Signed-off-by: Seth Forshee
Signed-off-by: Miklos Szeredi -
In preparation for posix acl support, rework fuse to use xattr handlers and
the generic setxattr/getxattr/listxattr callbacks. Split the xattr code
out into it's own file, and promote symbols to module-global scope as
needed.Functionally these changes have no impact, as fuse still uses a single
handler for all xattrs which uses the old callbacks.Signed-off-by: Seth Forshee
Signed-off-by: Miklos Szeredi
