diff options
| author | Gao Xiang <hsiangkao@linux.alibaba.com> | 2026-03-30 05:29:29 +0300 |
|---|---|---|
| committer | Gao Xiang <hsiangkao@linux.alibaba.com> | 2026-04-02 11:08:43 +0300 |
| commit | 307210c262a29f41d7177851295ea1703bd04175 (patch) | |
| tree | 4b2bc86859c8a1bce73b9d84f4c08daa0d1a71de | |
| parent | 6a01f5478d208544c8ba5ddbd674ea660f1b7047 (diff) | |
| download | linux-307210c262a29f41d7177851295ea1703bd04175.tar.xz | |
erofs: verify metadata accesses for file-backed mounts
For file-backed mounts, metadata is fetched via the page cache of
backing inodes to avoid double caching and redundant copy ops out
of RO uptodate folios, which is used by Android APEXes, ComposeFS,
containerd. However, rw_verify_area() was missing prior to
metadata accesses.
Similar to vfs_iocb_iter_read(), fix this by:
- Enabling fanotify pre-content hooks on metadata accesses;
- security_file_permission() for security modules.
Verified that fanotify pre-content hooks now works correctly.
Fixes: fb176750266a ("erofs: add file-backed mount support")
Acked-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Chunhai Guo <guochunhai@vivo.com>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
| -rw-r--r-- | fs/erofs/data.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/fs/erofs/data.c b/fs/erofs/data.c index f79ee80627d9..132a27deb2f3 100644 --- a/fs/erofs/data.c +++ b/fs/erofs/data.c @@ -30,6 +30,20 @@ void *erofs_bread(struct erofs_buf *buf, erofs_off_t offset, bool need_kmap) { pgoff_t index = (buf->off + offset) >> PAGE_SHIFT; struct folio *folio = NULL; + loff_t fpos; + int err; + + /* + * Metadata access for file-backed mounts reuses page cache of backing + * fs inodes (only folio data will be needed) to prevent double caching. + * However, the data access range must be verified here in advance. + */ + if (buf->file) { + fpos = index << PAGE_SHIFT; + err = rw_verify_area(READ, buf->file, &fpos, PAGE_SIZE); + if (err < 0) + return ERR_PTR(err); + } if (buf->page) { folio = page_folio(buf->page); |