Orangefs cleanups and enablement of O_DIRECT in open.

Cleanups:
  - remove some unused defines, and also some obfuscatory ones.
  - remove a redundant xattr handler.
  - Remove useless xattr prefix arguments.
  - Be more picky about uid and gid handling WRT namespaces.
    Our use of current_user_ns() instead of init_user_ns left
    open the possibility that users could spoof their uids
    or gids when the server was running in a different namespace
    in "default security" mode.
  - Allow open(2) to succeed with O_DIRECT.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXllqWAAoJEM9EDqnrzg2+Hk0P/3CWdOzUa59zhDn63SD+/SIg
 VMP3xjVLD8FMvIQKQB+wS+WQgeJln7DJET2dxqDLCmcqpC31EjJOSbswALdYH/tC
 Gbm9Sx2hJF07Efr1H6IxwDO38ZW6UTcMpeDBa/I2V1v8Q9quMaViE3wxcK6RqNTe
 sPhGKjnpqG/b2zia7/tFiP0qem2KbjQguNT9vZIo5OYbFUzmh5AzQL/pyqd/5lz6
 +pKxRl6dfEiAmvo0GsPF8ZZgrITs6oW7/Ul2cPu4Zs+YhcTQP7KEotuYdb3c8QLj
 py6NPjCjDJtAKg2yJ0b695sCe4dzOTwaV9hAalxOoOmUUGpGl8tKYCPDSNd3Ugs4
 s13DlEwSsFMtt4FpkKT5m5yjr83pMom+uWkrzsQ+uypgNvgDMtCSmaC9uJ2531jp
 VMpfc2EW8NhuQj1cn36dXKQRyWFC7+cQ3BHG10UVw93y0X18lOUIysKYW/NiQ7C/
 fYUz5TXPCIrN8kvso2PHF3wFL9mf+8pLEEEocg7KKb5lgwhQ/FvBlhKOkQBZPNAB
 Z2y+GukvM8OtTka5/I5wsW1a2xqziy0Z3nW79LtUJ1MOgEFsyXCRaxNIMfg4QXty
 yn524bbY7XBWr8pPqG4jb1FqSQ+qTgILfimEZ0+8rbj2bfoSqfi9yaYHyZ1YJejv
 YCnss1TvZ9Uf7/juLh2e
 =tW7d
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.8-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux

Pull orangefs updates from Mike Mashall:
 "Orangefs cleanups and enablement of O_DIRECT in open.

  Cleanups:

   - remove some unused defines, and also some obfuscatory ones.

   - remove a redundant xattr handler.

   - Remove useless xattr prefix arguments.

   - Be more picky about uid and gid handling WRT namespaces.

     Our use of current_user_ns() instead of init_user_ns left open the
     possibility that users could spoof their uids or gids when the
     server was running in a different namespace in "default security"
     mode.

   - Allow open(2) to succeed with O_DIRECT"

* tag 'for-linus-4.8-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
  orangefs: fix namespace handling
  Orangefs: allow O_DIRECT in open
  orangefs: Remove useless xattr prefix arguments
  orangefs: Remove redundant "trusted." xattr handler
  orangefs: Remove useless defines
This commit is contained in:
Linus Torvalds 2016-07-26 18:42:18 -07:00
commit d31dcd9247
8 changed files with 61 additions and 146 deletions

View File

@ -18,10 +18,10 @@ struct posix_acl *orangefs_get_acl(struct inode *inode, int type)
switch (type) {
case ACL_TYPE_ACCESS:
key = ORANGEFS_XATTR_NAME_ACL_ACCESS;
key = XATTR_NAME_POSIX_ACL_ACCESS;
break;
case ACL_TYPE_DEFAULT:
key = ORANGEFS_XATTR_NAME_ACL_DEFAULT;
key = XATTR_NAME_POSIX_ACL_DEFAULT;
break;
default:
gossip_err("orangefs_get_acl: bogus value of type %d\n", type);
@ -43,11 +43,8 @@ struct posix_acl *orangefs_get_acl(struct inode *inode, int type)
get_khandle_from_ino(inode),
key,
type);
ret = orangefs_inode_getxattr(inode,
"",
key,
value,
ORANGEFS_MAX_XATTR_VALUELEN);
ret = orangefs_inode_getxattr(inode, key, value,
ORANGEFS_MAX_XATTR_VALUELEN);
/* if the key exists, convert it to an in-memory rep */
if (ret > 0) {
acl = posix_acl_from_xattr(&init_user_ns, value, ret);
@ -74,7 +71,7 @@ int orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
switch (type) {
case ACL_TYPE_ACCESS:
name = ORANGEFS_XATTR_NAME_ACL_ACCESS;
name = XATTR_NAME_POSIX_ACL_ACCESS;
if (acl) {
umode_t mode = inode->i_mode;
/*
@ -98,7 +95,7 @@ int orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
}
break;
case ACL_TYPE_DEFAULT:
name = ORANGEFS_XATTR_NAME_ACL_DEFAULT;
name = XATTR_NAME_POSIX_ACL_DEFAULT;
break;
default:
gossip_err("%s: invalid type %d!\n", __func__, type);
@ -131,7 +128,7 @@ int orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
* will xlate to a removexattr. However, we don't want removexattr
* complain if attributes does not exist.
*/
error = orangefs_inode_setxattr(inode, "", name, value, size, 0);
error = orangefs_inode_setxattr(inode, name, value, size, 0);
out:
kfree(value);

View File

@ -116,6 +116,13 @@ static int orangefs_devreq_open(struct inode *inode, struct file *file)
{
int ret = -EINVAL;
/* in order to ensure that the filesystem driver sees correct UIDs */
if (file->f_cred->user_ns != &init_user_ns) {
gossip_err("%s: device cannot be opened outside init_user_ns\n",
__func__);
goto out;
}
if (!(file->f_flags & O_NONBLOCK)) {
gossip_err("%s: device cannot be opened in blocking mode\n",
__func__);

View File

@ -516,7 +516,6 @@ static long orangefs_ioctl(struct file *file, unsigned int cmd, unsigned long ar
if (cmd == FS_IOC_GETFLAGS) {
val = 0;
ret = orangefs_inode_getxattr(file_inode(file),
ORANGEFS_XATTR_NAME_DEFAULT_PREFIX,
"user.pvfs2.meta_hint",
&val, sizeof(val));
if (ret < 0 && ret != -ENODATA)
@ -549,7 +548,6 @@ static long orangefs_ioctl(struct file *file, unsigned int cmd, unsigned long ar
"orangefs_ioctl: FS_IOC_SETFLAGS: %llu\n",
(unsigned long long)val);
ret = orangefs_inode_setxattr(file_inode(file),
ORANGEFS_XATTR_NAME_DEFAULT_PREFIX,
"user.pvfs2.meta_hint",
&val, sizeof(val), 0);
}

View File

@ -124,19 +124,16 @@ static int orangefs_releasepage(struct page *page, gfp_t foo)
* will need to be able to use O_DIRECT on open in order to support
* AIO. Modeled after NFS, they do this too.
*/
/*
* static ssize_t orangefs_direct_IO(int rw,
* struct kiocb *iocb,
* struct iov_iter *iter,
* loff_t offset)
*{
* gossip_debug(GOSSIP_INODE_DEBUG,
* "orangefs_direct_IO: %s\n",
* iocb->ki_filp->f_path.dentry->d_name.name);
*
* return -EINVAL;
*}
*/
static ssize_t orangefs_direct_IO(struct kiocb *iocb,
struct iov_iter *iter)
{
gossip_debug(GOSSIP_INODE_DEBUG,
"orangefs_direct_IO: %s\n",
iocb->ki_filp->f_path.dentry->d_name.name);
return -EINVAL;
}
struct backing_dev_info orangefs_backing_dev_info = {
.name = "orangefs",
@ -150,7 +147,7 @@ const struct address_space_operations orangefs_address_operations = {
.readpages = orangefs_readpages,
.invalidatepage = orangefs_invalidatepage,
.releasepage = orangefs_releasepage,
/* .direct_IO = orangefs_direct_IO */
.direct_IO = orangefs_direct_IO,
};
static int orangefs_setattr_size(struct inode *inode, struct iattr *iattr)

View File

@ -136,10 +136,10 @@ struct orangefs_kernel_op_s *op_alloc(__s32 type)
llu(new_op->tag),
get_opname_string(new_op));
new_op->upcall.uid = from_kuid(current_user_ns(),
new_op->upcall.uid = from_kuid(&init_user_ns,
current_fsuid());
new_op->upcall.gid = from_kgid(current_user_ns(),
new_op->upcall.gid = from_kgid(&init_user_ns,
current_fsgid());
} else {
gossip_err("op_alloc: kmem_cache_zalloc failed!\n");

View File

@ -119,17 +119,6 @@ struct client_debug_mask {
#define ORANGEFS_CACHE_CREATE_FLAGS 0
#endif /* ((defined ORANGEFS_KERNEL_DEBUG) && (defined CONFIG_DEBUG_SLAB)) */
/* orangefs xattr and acl related defines */
#define ORANGEFS_XATTR_INDEX_POSIX_ACL_ACCESS 1
#define ORANGEFS_XATTR_INDEX_POSIX_ACL_DEFAULT 2
#define ORANGEFS_XATTR_INDEX_TRUSTED 3
#define ORANGEFS_XATTR_INDEX_DEFAULT 4
#define ORANGEFS_XATTR_NAME_ACL_ACCESS XATTR_NAME_POSIX_ACL_ACCESS
#define ORANGEFS_XATTR_NAME_ACL_DEFAULT XATTR_NAME_POSIX_ACL_DEFAULT
#define ORANGEFS_XATTR_NAME_TRUSTED_PREFIX "trusted."
#define ORANGEFS_XATTR_NAME_DEFAULT_PREFIX ""
/* these functions are defined in orangefs-utils.c */
int orangefs_prepare_cdm_array(char *debug_array_string);
int orangefs_prepare_debugfs_help_string(int);
@ -528,13 +517,11 @@ __s32 fsid_of_op(struct orangefs_kernel_op_s *op);
int orangefs_flush_inode(struct inode *inode);
ssize_t orangefs_inode_getxattr(struct inode *inode,
const char *prefix,
const char *name,
void *buffer,
size_t size);
int orangefs_inode_setxattr(struct inode *inode,
const char *prefix,
const char *name,
const void *value,
size_t size,
@ -600,8 +587,8 @@ int service_operation(struct orangefs_kernel_op_s *op,
#define fill_default_sys_attrs(sys_attr, type, mode) \
do { \
sys_attr.owner = from_kuid(current_user_ns(), current_fsuid()); \
sys_attr.group = from_kgid(current_user_ns(), current_fsgid()); \
sys_attr.owner = from_kuid(&init_user_ns, current_fsuid()); \
sys_attr.group = from_kgid(&init_user_ns, current_fsgid()); \
sys_attr.perms = ORANGEFS_util_translate_mode(mode); \
sys_attr.mtime = 0; \
sys_attr.atime = 0; \

View File

@ -153,12 +153,12 @@ static inline int copy_attributes_from_inode(struct inode *inode,
*/
attrs->mask = 0;
if (iattr->ia_valid & ATTR_UID) {
attrs->owner = from_kuid(current_user_ns(), iattr->ia_uid);
attrs->owner = from_kuid(&init_user_ns, iattr->ia_uid);
attrs->mask |= ORANGEFS_ATTR_SYS_UID;
gossip_debug(GOSSIP_UTILS_DEBUG, "(UID) %d\n", attrs->owner);
}
if (iattr->ia_valid & ATTR_GID) {
attrs->group = from_kgid(current_user_ns(), iattr->ia_gid);
attrs->group = from_kgid(&init_user_ns, iattr->ia_gid);
attrs->mask |= ORANGEFS_ATTR_SYS_GID;
gossip_debug(GOSSIP_UTILS_DEBUG, "(GID) %d\n", attrs->group);
}

View File

@ -59,8 +59,8 @@ static inline int convert_to_internal_xattr_flags(int setxattr_flags)
* unless the key does not exist for the file and/or if
* there were errors in fetching the attribute value.
*/
ssize_t orangefs_inode_getxattr(struct inode *inode, const char *prefix,
const char *name, void *buffer, size_t size)
ssize_t orangefs_inode_getxattr(struct inode *inode, const char *name,
void *buffer, size_t size)
{
struct orangefs_inode_s *orangefs_inode = ORANGEFS_I(inode);
struct orangefs_kernel_op_s *new_op = NULL;
@ -70,17 +70,17 @@ ssize_t orangefs_inode_getxattr(struct inode *inode, const char *prefix,
int fsgid;
gossip_debug(GOSSIP_XATTR_DEBUG,
"%s: prefix %s name %s, buffer_size %zd\n",
__func__, prefix, name, size);
"%s: name %s, buffer_size %zd\n",
__func__, name, size);
if ((strlen(name) + strlen(prefix)) >= ORANGEFS_MAX_XATTR_NAMELEN) {
if (strlen(name) >= ORANGEFS_MAX_XATTR_NAMELEN) {
gossip_err("Invalid key length (%d)\n",
(int)(strlen(name) + strlen(prefix)));
(int)strlen(name));
return -EINVAL;
}
fsuid = from_kuid(current_user_ns(), current_fsuid());
fsgid = from_kgid(current_user_ns(), current_fsgid());
fsuid = from_kuid(&init_user_ns, current_fsuid());
fsgid = from_kgid(&init_user_ns, current_fsgid());
gossip_debug(GOSSIP_XATTR_DEBUG,
"getxattr on inode %pU, name %s "
@ -97,15 +97,14 @@ ssize_t orangefs_inode_getxattr(struct inode *inode, const char *prefix,
goto out_unlock;
new_op->upcall.req.getxattr.refn = orangefs_inode->refn;
ret = snprintf((char *)new_op->upcall.req.getxattr.key,
ORANGEFS_MAX_XATTR_NAMELEN, "%s%s", prefix, name);
strcpy(new_op->upcall.req.getxattr.key, name);
/*
* NOTE: Although keys are meant to be NULL terminated textual
* strings, I am going to explicitly pass the length just in case
* we change this later on...
*/
new_op->upcall.req.getxattr.key_sz = ret + 1;
new_op->upcall.req.getxattr.key_sz = strlen(name) + 1;
ret = service_operation(new_op, "orangefs_inode_getxattr",
get_interruptible_flag(inode));
@ -163,10 +162,8 @@ out_unlock:
return ret;
}
static int orangefs_inode_removexattr(struct inode *inode,
const char *prefix,
const char *name,
int flags)
static int orangefs_inode_removexattr(struct inode *inode, const char *name,
int flags)
{
struct orangefs_inode_s *orangefs_inode = ORANGEFS_I(inode);
struct orangefs_kernel_op_s *new_op = NULL;
@ -183,12 +180,8 @@ static int orangefs_inode_removexattr(struct inode *inode,
* textual strings, I am going to explicitly pass the
* length just in case we change this later on...
*/
ret = snprintf((char *)new_op->upcall.req.removexattr.key,
ORANGEFS_MAX_XATTR_NAMELEN,
"%s%s",
(prefix ? prefix : ""),
name);
new_op->upcall.req.removexattr.key_sz = ret + 1;
strcpy(new_op->upcall.req.removexattr.key, name);
new_op->upcall.req.removexattr.key_sz = strlen(name) + 1;
gossip_debug(GOSSIP_XATTR_DEBUG,
"orangefs_inode_removexattr: key %s, key_sz %d\n",
@ -223,8 +216,8 @@ out_unlock:
* Returns a -ve number on error and 0 on success. Key is text, but value
* can be binary!
*/
int orangefs_inode_setxattr(struct inode *inode, const char *prefix,
const char *name, const void *value, size_t size, int flags)
int orangefs_inode_setxattr(struct inode *inode, const char *name,
const void *value, size_t size, int flags)
{
struct orangefs_inode_s *orangefs_inode = ORANGEFS_I(inode);
struct orangefs_kernel_op_s *new_op;
@ -232,8 +225,8 @@ int orangefs_inode_setxattr(struct inode *inode, const char *prefix,
int ret = -ENOMEM;
gossip_debug(GOSSIP_XATTR_DEBUG,
"%s: prefix %s, name %s, buffer_size %zd\n",
__func__, prefix, name, size);
"%s: name %s, buffer_size %zd\n",
__func__, name, size);
if (size >= ORANGEFS_MAX_XATTR_VALUELEN ||
flags < 0) {
@ -245,29 +238,19 @@ int orangefs_inode_setxattr(struct inode *inode, const char *prefix,
internal_flag = convert_to_internal_xattr_flags(flags);
if (prefix) {
if (strlen(name) + strlen(prefix) >= ORANGEFS_MAX_XATTR_NAMELEN) {
gossip_err
("orangefs_inode_setxattr: bogus key size (%d)\n",
(int)(strlen(name) + strlen(prefix)));
return -EINVAL;
}
} else {
if (strlen(name) >= ORANGEFS_MAX_XATTR_NAMELEN) {
gossip_err
("orangefs_inode_setxattr: bogus key size (%d)\n",
(int)(strlen(name)));
return -EINVAL;
}
if (strlen(name) >= ORANGEFS_MAX_XATTR_NAMELEN) {
gossip_err
("orangefs_inode_setxattr: bogus key size (%d)\n",
(int)(strlen(name)));
return -EINVAL;
}
/* This is equivalent to a removexattr */
if (size == 0 && value == NULL) {
gossip_debug(GOSSIP_XATTR_DEBUG,
"removing xattr (%s%s)\n",
prefix,
"removing xattr (%s)\n",
name);
return orangefs_inode_removexattr(inode, prefix, name, flags);
return orangefs_inode_removexattr(inode, name, flags);
}
gossip_debug(GOSSIP_XATTR_DEBUG,
@ -288,11 +271,8 @@ int orangefs_inode_setxattr(struct inode *inode, const char *prefix,
* strings, I am going to explicitly pass the length just in
* case we change this later on...
*/
ret = snprintf((char *)new_op->upcall.req.setxattr.keyval.key,
ORANGEFS_MAX_XATTR_NAMELEN,
"%s%s",
prefix, name);
new_op->upcall.req.setxattr.keyval.key_sz = ret + 1;
strcpy(new_op->upcall.req.setxattr.keyval.key, name);
new_op->upcall.req.setxattr.keyval.key_sz = strlen(name) + 1;
memcpy(new_op->upcall.req.setxattr.keyval.val, value, size);
new_op->upcall.req.setxattr.keyval.val_sz = size;
@ -455,12 +435,7 @@ static int orangefs_xattr_set_default(const struct xattr_handler *handler,
size_t size,
int flags)
{
return orangefs_inode_setxattr(inode,
ORANGEFS_XATTR_NAME_DEFAULT_PREFIX,
name,
buffer,
size,
flags);
return orangefs_inode_setxattr(inode, name, buffer, size, flags);
}
static int orangefs_xattr_get_default(const struct xattr_handler *handler,
@ -470,57 +445,12 @@ static int orangefs_xattr_get_default(const struct xattr_handler *handler,
void *buffer,
size_t size)
{
return orangefs_inode_getxattr(inode,
ORANGEFS_XATTR_NAME_DEFAULT_PREFIX,
name,
buffer,
size);
return orangefs_inode_getxattr(inode, name, buffer, size);
}
static int orangefs_xattr_set_trusted(const struct xattr_handler *handler,
struct dentry *unused,
struct inode *inode,
const char *name,
const void *buffer,
size_t size,
int flags)
{
return orangefs_inode_setxattr(inode,
ORANGEFS_XATTR_NAME_TRUSTED_PREFIX,
name,
buffer,
size,
flags);
}
static int orangefs_xattr_get_trusted(const struct xattr_handler *handler,
struct dentry *unused,
struct inode *inode,
const char *name,
void *buffer,
size_t size)
{
return orangefs_inode_getxattr(inode,
ORANGEFS_XATTR_NAME_TRUSTED_PREFIX,
name,
buffer,
size);
}
static struct xattr_handler orangefs_xattr_trusted_handler = {
.prefix = ORANGEFS_XATTR_NAME_TRUSTED_PREFIX,
.get = orangefs_xattr_get_trusted,
.set = orangefs_xattr_set_trusted,
};
static struct xattr_handler orangefs_xattr_default_handler = {
/*
* NOTE: this is set to be the empty string.
* so that all un-prefixed xattrs keys get caught
* here!
*/
.prefix = ORANGEFS_XATTR_NAME_DEFAULT_PREFIX,
.prefix = "", /* match any name => handlers called with full name */
.get = orangefs_xattr_get_default,
.set = orangefs_xattr_set_default,
};
@ -528,7 +458,6 @@ static struct xattr_handler orangefs_xattr_default_handler = {
const struct xattr_handler *orangefs_xattr_handlers[] = {
&posix_acl_access_xattr_handler,
&posix_acl_default_xattr_handler,
&orangefs_xattr_trusted_handler,
&orangefs_xattr_default_handler,
NULL
};