64fcbb6158
If someone attempts to access YFS-related xattrs (e.g. afs.yfs.acl) on a
file on a non-YFS AFS server (such as OpenAFS), then the kernel will jump
to a NULL function pointer because the afs_fetch_acl_operation descriptor
doesn't point to a function for issuing an operation on a non-YFS
server[1].
Fix this by making afs_wait_for_operation() check that the issue_afs_rpc
method is set before jumping to it and setting -ENOTSUPP if not. This fix
also covers other potential operations that also only exist on YFS servers.
afs_xattr_get/set_yfs() then need to translate -ENOTSUPP to -ENODATA as the
former error is internal to the kernel.
The bug shows up as an oops like the following:
BUG: kernel NULL pointer dereference, address: 0000000000000000
[...]
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[...]
Call Trace:
afs_wait_for_operation+0x83/0x1b0 [kafs]
afs_xattr_get_yfs+0xe6/0x270 [kafs]
__vfs_getxattr+0x59/0x80
vfs_getxattr+0x11c/0x140
getxattr+0x181/0x250
? __check_object_size+0x13f/0x150
? __fput+0x16d/0x250
__x64_sys_fgetxattr+0x64/0xb0
do_syscall_64+0x49/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fb120a9defe
This was triggered with "cp -a" which attempts to copy xattrs, including
afs ones, but is easier to reproduce with getfattr, e.g.:
getfattr -d -m ".*" /afs/openafs.org/
Fixes: e49c7b2f6d
("afs: Build an abstraction around an "operation" concept")
Reported-by: Gaja Sophie Peters <gaja.peters@math.uni-hamburg.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Gaja Sophie Peters <gaja.peters@math.uni-hamburg.de>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
cc: linux-afs@lists.infradead.org
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003498.html [1]
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003566.html # v1
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003572.html # v2
387 lines
8.9 KiB
C
387 lines
8.9 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/* Extended attribute handling for AFS. We use xattrs to get and set metadata
|
|
* instead of providing pioctl().
|
|
*
|
|
* Copyright (C) 2017 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*/
|
|
|
|
#include <linux/slab.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/xattr.h>
|
|
#include "internal.h"
|
|
|
|
static const char afs_xattr_list[] =
|
|
"afs.acl\0"
|
|
"afs.cell\0"
|
|
"afs.fid\0"
|
|
"afs.volume\0"
|
|
"afs.yfs.acl\0"
|
|
"afs.yfs.acl_inherited\0"
|
|
"afs.yfs.acl_num_cleaned\0"
|
|
"afs.yfs.vol_acl";
|
|
|
|
/*
|
|
* Retrieve a list of the supported xattrs.
|
|
*/
|
|
ssize_t afs_listxattr(struct dentry *dentry, char *buffer, size_t size)
|
|
{
|
|
if (size == 0)
|
|
return sizeof(afs_xattr_list);
|
|
if (size < sizeof(afs_xattr_list))
|
|
return -ERANGE;
|
|
memcpy(buffer, afs_xattr_list, sizeof(afs_xattr_list));
|
|
return sizeof(afs_xattr_list);
|
|
}
|
|
|
|
/*
|
|
* Deal with the result of a successful fetch ACL operation.
|
|
*/
|
|
static void afs_acl_success(struct afs_operation *op)
|
|
{
|
|
afs_vnode_commit_status(op, &op->file[0]);
|
|
}
|
|
|
|
static void afs_acl_put(struct afs_operation *op)
|
|
{
|
|
kfree(op->acl);
|
|
}
|
|
|
|
static const struct afs_operation_ops afs_fetch_acl_operation = {
|
|
.issue_afs_rpc = afs_fs_fetch_acl,
|
|
.success = afs_acl_success,
|
|
.put = afs_acl_put,
|
|
};
|
|
|
|
/*
|
|
* Get a file's ACL.
|
|
*/
|
|
static int afs_xattr_get_acl(const struct xattr_handler *handler,
|
|
struct dentry *dentry,
|
|
struct inode *inode, const char *name,
|
|
void *buffer, size_t size)
|
|
{
|
|
struct afs_operation *op;
|
|
struct afs_vnode *vnode = AFS_FS_I(inode);
|
|
struct afs_acl *acl = NULL;
|
|
int ret;
|
|
|
|
op = afs_alloc_operation(NULL, vnode->volume);
|
|
if (IS_ERR(op))
|
|
return -ENOMEM;
|
|
|
|
afs_op_set_vnode(op, 0, vnode);
|
|
op->ops = &afs_fetch_acl_operation;
|
|
|
|
afs_begin_vnode_operation(op);
|
|
afs_wait_for_operation(op);
|
|
acl = op->acl;
|
|
op->acl = NULL;
|
|
ret = afs_put_operation(op);
|
|
|
|
if (ret == 0) {
|
|
ret = acl->size;
|
|
if (size > 0) {
|
|
if (acl->size <= size)
|
|
memcpy(buffer, acl->data, acl->size);
|
|
else
|
|
ret = -ERANGE;
|
|
}
|
|
}
|
|
|
|
kfree(acl);
|
|
return ret;
|
|
}
|
|
|
|
static bool afs_make_acl(struct afs_operation *op,
|
|
const void *buffer, size_t size)
|
|
{
|
|
struct afs_acl *acl;
|
|
|
|
acl = kmalloc(sizeof(*acl) + size, GFP_KERNEL);
|
|
if (!acl) {
|
|
afs_op_nomem(op);
|
|
return false;
|
|
}
|
|
|
|
acl->size = size;
|
|
memcpy(acl->data, buffer, size);
|
|
op->acl = acl;
|
|
return true;
|
|
}
|
|
|
|
static const struct afs_operation_ops afs_store_acl_operation = {
|
|
.issue_afs_rpc = afs_fs_store_acl,
|
|
.success = afs_acl_success,
|
|
.put = afs_acl_put,
|
|
};
|
|
|
|
/*
|
|
* Set a file's AFS3 ACL.
|
|
*/
|
|
static int afs_xattr_set_acl(const struct xattr_handler *handler,
|
|
struct user_namespace *mnt_userns,
|
|
struct dentry *dentry,
|
|
struct inode *inode, const char *name,
|
|
const void *buffer, size_t size, int flags)
|
|
{
|
|
struct afs_operation *op;
|
|
struct afs_vnode *vnode = AFS_FS_I(inode);
|
|
|
|
if (flags == XATTR_CREATE)
|
|
return -EINVAL;
|
|
|
|
op = afs_alloc_operation(NULL, vnode->volume);
|
|
if (IS_ERR(op))
|
|
return -ENOMEM;
|
|
|
|
afs_op_set_vnode(op, 0, vnode);
|
|
if (!afs_make_acl(op, buffer, size))
|
|
return afs_put_operation(op);
|
|
|
|
op->ops = &afs_store_acl_operation;
|
|
return afs_do_sync_operation(op);
|
|
}
|
|
|
|
static const struct xattr_handler afs_xattr_afs_acl_handler = {
|
|
.name = "afs.acl",
|
|
.get = afs_xattr_get_acl,
|
|
.set = afs_xattr_set_acl,
|
|
};
|
|
|
|
static const struct afs_operation_ops yfs_fetch_opaque_acl_operation = {
|
|
.issue_yfs_rpc = yfs_fs_fetch_opaque_acl,
|
|
.success = afs_acl_success,
|
|
/* Don't free op->yacl in .put here */
|
|
};
|
|
|
|
/*
|
|
* Get a file's YFS ACL.
|
|
*/
|
|
static int afs_xattr_get_yfs(const struct xattr_handler *handler,
|
|
struct dentry *dentry,
|
|
struct inode *inode, const char *name,
|
|
void *buffer, size_t size)
|
|
{
|
|
struct afs_operation *op;
|
|
struct afs_vnode *vnode = AFS_FS_I(inode);
|
|
struct yfs_acl *yacl = NULL;
|
|
char buf[16], *data;
|
|
int which = 0, dsize, ret = -ENOMEM;
|
|
|
|
if (strcmp(name, "acl") == 0)
|
|
which = 0;
|
|
else if (strcmp(name, "acl_inherited") == 0)
|
|
which = 1;
|
|
else if (strcmp(name, "acl_num_cleaned") == 0)
|
|
which = 2;
|
|
else if (strcmp(name, "vol_acl") == 0)
|
|
which = 3;
|
|
else
|
|
return -EOPNOTSUPP;
|
|
|
|
yacl = kzalloc(sizeof(struct yfs_acl), GFP_KERNEL);
|
|
if (!yacl)
|
|
goto error;
|
|
|
|
if (which == 0)
|
|
yacl->flags |= YFS_ACL_WANT_ACL;
|
|
else if (which == 3)
|
|
yacl->flags |= YFS_ACL_WANT_VOL_ACL;
|
|
|
|
op = afs_alloc_operation(NULL, vnode->volume);
|
|
if (IS_ERR(op))
|
|
goto error_yacl;
|
|
|
|
afs_op_set_vnode(op, 0, vnode);
|
|
op->yacl = yacl;
|
|
op->ops = &yfs_fetch_opaque_acl_operation;
|
|
|
|
afs_begin_vnode_operation(op);
|
|
afs_wait_for_operation(op);
|
|
ret = afs_put_operation(op);
|
|
|
|
if (ret == 0) {
|
|
switch (which) {
|
|
case 0:
|
|
data = yacl->acl->data;
|
|
dsize = yacl->acl->size;
|
|
break;
|
|
case 1:
|
|
data = buf;
|
|
dsize = scnprintf(buf, sizeof(buf), "%u", yacl->inherit_flag);
|
|
break;
|
|
case 2:
|
|
data = buf;
|
|
dsize = scnprintf(buf, sizeof(buf), "%u", yacl->num_cleaned);
|
|
break;
|
|
case 3:
|
|
data = yacl->vol_acl->data;
|
|
dsize = yacl->vol_acl->size;
|
|
break;
|
|
default:
|
|
ret = -EOPNOTSUPP;
|
|
goto error_yacl;
|
|
}
|
|
|
|
ret = dsize;
|
|
if (size > 0) {
|
|
if (dsize <= size)
|
|
memcpy(buffer, data, dsize);
|
|
else
|
|
ret = -ERANGE;
|
|
}
|
|
} else if (ret == -ENOTSUPP) {
|
|
ret = -ENODATA;
|
|
}
|
|
|
|
error_yacl:
|
|
yfs_free_opaque_acl(yacl);
|
|
error:
|
|
return ret;
|
|
}
|
|
|
|
static const struct afs_operation_ops yfs_store_opaque_acl2_operation = {
|
|
.issue_yfs_rpc = yfs_fs_store_opaque_acl2,
|
|
.success = afs_acl_success,
|
|
.put = afs_acl_put,
|
|
};
|
|
|
|
/*
|
|
* Set a file's YFS ACL.
|
|
*/
|
|
static int afs_xattr_set_yfs(const struct xattr_handler *handler,
|
|
struct user_namespace *mnt_userns,
|
|
struct dentry *dentry,
|
|
struct inode *inode, const char *name,
|
|
const void *buffer, size_t size, int flags)
|
|
{
|
|
struct afs_operation *op;
|
|
struct afs_vnode *vnode = AFS_FS_I(inode);
|
|
int ret;
|
|
|
|
if (flags == XATTR_CREATE ||
|
|
strcmp(name, "acl") != 0)
|
|
return -EINVAL;
|
|
|
|
op = afs_alloc_operation(NULL, vnode->volume);
|
|
if (IS_ERR(op))
|
|
return -ENOMEM;
|
|
|
|
afs_op_set_vnode(op, 0, vnode);
|
|
if (!afs_make_acl(op, buffer, size))
|
|
return afs_put_operation(op);
|
|
|
|
op->ops = &yfs_store_opaque_acl2_operation;
|
|
ret = afs_do_sync_operation(op);
|
|
if (ret == -ENOTSUPP)
|
|
ret = -ENODATA;
|
|
return ret;
|
|
}
|
|
|
|
static const struct xattr_handler afs_xattr_yfs_handler = {
|
|
.prefix = "afs.yfs.",
|
|
.get = afs_xattr_get_yfs,
|
|
.set = afs_xattr_set_yfs,
|
|
};
|
|
|
|
/*
|
|
* Get the name of the cell on which a file resides.
|
|
*/
|
|
static int afs_xattr_get_cell(const struct xattr_handler *handler,
|
|
struct dentry *dentry,
|
|
struct inode *inode, const char *name,
|
|
void *buffer, size_t size)
|
|
{
|
|
struct afs_vnode *vnode = AFS_FS_I(inode);
|
|
struct afs_cell *cell = vnode->volume->cell;
|
|
size_t namelen;
|
|
|
|
namelen = cell->name_len;
|
|
if (size == 0)
|
|
return namelen;
|
|
if (namelen > size)
|
|
return -ERANGE;
|
|
memcpy(buffer, cell->name, namelen);
|
|
return namelen;
|
|
}
|
|
|
|
static const struct xattr_handler afs_xattr_afs_cell_handler = {
|
|
.name = "afs.cell",
|
|
.get = afs_xattr_get_cell,
|
|
};
|
|
|
|
/*
|
|
* Get the volume ID, vnode ID and vnode uniquifier of a file as a sequence of
|
|
* hex numbers separated by colons.
|
|
*/
|
|
static int afs_xattr_get_fid(const struct xattr_handler *handler,
|
|
struct dentry *dentry,
|
|
struct inode *inode, const char *name,
|
|
void *buffer, size_t size)
|
|
{
|
|
struct afs_vnode *vnode = AFS_FS_I(inode);
|
|
char text[16 + 1 + 24 + 1 + 8 + 1];
|
|
size_t len;
|
|
|
|
/* The volume ID is 64-bit, the vnode ID is 96-bit and the
|
|
* uniquifier is 32-bit.
|
|
*/
|
|
len = scnprintf(text, sizeof(text), "%llx:", vnode->fid.vid);
|
|
if (vnode->fid.vnode_hi)
|
|
len += scnprintf(text + len, sizeof(text) - len, "%x%016llx",
|
|
vnode->fid.vnode_hi, vnode->fid.vnode);
|
|
else
|
|
len += scnprintf(text + len, sizeof(text) - len, "%llx",
|
|
vnode->fid.vnode);
|
|
len += scnprintf(text + len, sizeof(text) - len, ":%x",
|
|
vnode->fid.unique);
|
|
|
|
if (size == 0)
|
|
return len;
|
|
if (len > size)
|
|
return -ERANGE;
|
|
memcpy(buffer, text, len);
|
|
return len;
|
|
}
|
|
|
|
static const struct xattr_handler afs_xattr_afs_fid_handler = {
|
|
.name = "afs.fid",
|
|
.get = afs_xattr_get_fid,
|
|
};
|
|
|
|
/*
|
|
* Get the name of the volume on which a file resides.
|
|
*/
|
|
static int afs_xattr_get_volume(const struct xattr_handler *handler,
|
|
struct dentry *dentry,
|
|
struct inode *inode, const char *name,
|
|
void *buffer, size_t size)
|
|
{
|
|
struct afs_vnode *vnode = AFS_FS_I(inode);
|
|
const char *volname = vnode->volume->name;
|
|
size_t namelen;
|
|
|
|
namelen = strlen(volname);
|
|
if (size == 0)
|
|
return namelen;
|
|
if (namelen > size)
|
|
return -ERANGE;
|
|
memcpy(buffer, volname, namelen);
|
|
return namelen;
|
|
}
|
|
|
|
static const struct xattr_handler afs_xattr_afs_volume_handler = {
|
|
.name = "afs.volume",
|
|
.get = afs_xattr_get_volume,
|
|
};
|
|
|
|
const struct xattr_handler *afs_xattr_handlers[] = {
|
|
&afs_xattr_afs_acl_handler,
|
|
&afs_xattr_afs_cell_handler,
|
|
&afs_xattr_afs_fid_handler,
|
|
&afs_xattr_afs_volume_handler,
|
|
&afs_xattr_yfs_handler, /* afs.yfs. prefix */
|
|
NULL
|
|
};
|