Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fuse: Fail all requests with invalid uids or gids

Upon a cursory examinination the uid and gid of a fuse request are
necessary for correct operation.  Failing a fuse request where those
values are not reliable seems a straight forward and reliable means of
ensuring that fuse requests with bad data are not sent or processed.

In most cases the vfs will avoid actions it suspects will cause
an inode write back of an inode with an invalid uid or gid.  But that does
not map precisely to what fuse is doing, so test for this and solve
this at the fuse level as well.

Performing this work in fuse_req_init_context is cheap as the code is
already performing the translation here and only needs to check the
result of the translation to see if things are not representable in
a form the fuse server can handle.

[SzM] Don't zero the context for the nofail case, just keep using the
munging version (makes sense for debugging and doesn't hurt).

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Eric W. Biederman 7 years ago
parent
dbf107b2a7
commit
c9582eb0ff
1 changed files with 13 additions and 9 deletions
Split View Show Diff Stats
  1. 13 9
      fs/fuse/dev.c

+ 13 - 9
fs/fuse/dev.c
View File 

@@ -112,13 +112,6 @@ static void __fuse_put_request(struct fuse_req *req)
 
 	refcount_dec(&req->count);
 
 }
 
 
-static void fuse_req_init_context(struct fuse_conn *fc, struct fuse_req *req)
 
-{
 
-	req->in.h.uid = from_kuid_munged(&init_user_ns, current_fsuid());
 
-	req->in.h.gid = from_kgid_munged(&init_user_ns, current_fsgid());
 
-	req->in.h.pid = pid_nr_ns(task_pid(current), fc->pid_ns);
 
-}
 
-
 
 void fuse_set_initialized(struct fuse_conn *fc)
 
 {
 
 	/* Make sure stores before this are seen on another CPU */
 
@@ -163,11 +156,19 @@ static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages,
 
 		goto out;
 
 	}
 
 
-	fuse_req_init_context(fc, req);
 
+	req->in.h.uid = from_kuid(&init_user_ns, current_fsuid());
 
+	req->in.h.gid = from_kgid(&init_user_ns, current_fsgid());
 
+	req->in.h.pid = pid_nr_ns(task_pid(current), fc->pid_ns);
 
+
 
 	__set_bit(FR_WAITING, &req->flags);
 
 	if (for_background)
 
 		__set_bit(FR_BACKGROUND, &req->flags);
 
 
+	if (unlikely(req->in.h.uid == ((uid_t)-1) ||
 
+		     req->in.h.gid == ((gid_t)-1))) {
 
+		fuse_put_request(fc, req);
 
+		return ERR_PTR(-EOVERFLOW);
 
+	}
 
 	return req;
 
 
  out:
 
@@ -256,7 +257,10 @@ struct fuse_req *fuse_get_req_nofail_nopages(struct fuse_conn *fc,
 
 	if (!req)
 
 		req = get_reserved_req(fc, file);
 
 
-	fuse_req_init_context(fc, req);
 
+	req->in.h.uid = from_kuid_munged(&init_user_ns, current_fsuid());
 
+	req->in.h.gid = from_kgid_munged(&init_user_ns, current_fsgid());
 
+	req->in.h.pid = pid_nr_ns(task_pid(current), fc->pid_ns);
 
+
 
 	__set_bit(FR_WAITING, &req->flags);
 
 	__clear_bit(FR_BACKGROUND, &req->flags);
 
 	return req;