From 5de4480ae7f8f1969065aa88be98111e36075bb0 Mon Sep 17 00:00:00 2001 From: Mark Fasheh Date: Mon, 10 Sep 2018 16:21:17 -0700 Subject: vfs: allow dedupe of user owned read-only files The permission check in vfs_dedupe_file_range_one() is too coarse - We only allow dedupe of the destination file if the user is root, or they have the file open for write. This effectively limits a non-root user from deduping their own read-only files. In addition, the write file descriptor that the user is forced to hold open can prevent execution of files. As file data during a dedupe does not change, the behavior is unexpected and this has caused a number of issue reports. For an example, see: https://github.com/markfasheh/duperemove/issues/129 So change the check so we allow dedupe on the target if: - the root or admin is asking for it - the process has write access - the owner of the file is asking for the dedupe - the process could get write access That way users can open read-only and still get dedupe. Signed-off-by: Mark Fasheh Signed-off-by: Al Viro --- fs/read_write.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'fs/read_write.c') diff --git a/fs/read_write.c b/fs/read_write.c index 39b4a21dd933..be0e8723a049 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -1964,6 +1964,20 @@ out_error: } EXPORT_SYMBOL(vfs_dedupe_file_range_compare); +/* Check whether we are allowed to dedupe the destination file */ +static bool allow_file_dedupe(struct file *file) +{ + if (capable(CAP_SYS_ADMIN)) + return true; + if (file->f_mode & FMODE_WRITE) + return true; + if (uid_eq(current_fsuid(), file_inode(file)->i_uid)) + return true; + if (!inode_permission(file_inode(file), MAY_WRITE)) + return true; + return false; +} + int vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos, struct file *dst_file, loff_t dst_pos, u64 len) { @@ -1978,7 +1992,7 @@ int vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos, goto out_drop_write; ret = -EINVAL; - if (!(capable(CAP_SYS_ADMIN) || (dst_file->f_mode & FMODE_WRITE))) + if (!allow_file_dedupe(dst_file)) goto out_drop_write; ret = -EXDEV; -- cgit v1.2.3 From 85c95f208f481ab3c34c4622f508272cd4803afd Mon Sep 17 00:00:00 2001 From: Mark Fasheh Date: Mon, 10 Sep 2018 16:21:18 -0700 Subject: vfs: dedupe should return EPERM if permission is not granted Right now we return EINVAL if a process does not have permission to dedupe a file. This was an oversight on my part. EPERM gives a true description of the nature of our error, and EINVAL is already used for the case that the filesystem does not support dedupe. Signed-off-by: Mark Fasheh Reviewed-by: Darrick J. Wong Acked-by: David Sterba Signed-off-by: Al Viro --- fs/read_write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs/read_write.c') diff --git a/fs/read_write.c b/fs/read_write.c index be0e8723a049..c734bc2880a5 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -1991,7 +1991,7 @@ int vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos, if (ret < 0) goto out_drop_write; - ret = -EINVAL; + ret = -EPERM; if (!allow_file_dedupe(dst_file)) goto out_drop_write; -- cgit v1.2.3 From 55338ac2a9839557516b00661e6a05daf996fda0 Mon Sep 17 00:00:00 2001 From: nixiaoming Date: Sun, 22 Jul 2018 16:37:08 +0800 Subject: Delete invalid assignment statements in do_sendfile Assigning value -EINVAL to "retval" here, but that stored value is overwritten before it can be used. retval = -EINVAL; .... retval = rw_verify_area(WRITE, out.file, &out_pos, count); value_overwrite: Overwriting previous write to "retval" with value from rw_verify_area delete invalid assignment statements Signed-off-by: n00202754 Signed-off-by: Al Viro --- fs/read_write.c | 1 - 1 file changed, 1 deletion(-) (limited to 'fs/read_write.c') diff --git a/fs/read_write.c b/fs/read_write.c index c734bc2880a5..7f79b1fc490e 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -1407,7 +1407,6 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, goto fput_in; if (!(out.file->f_mode & FMODE_WRITE)) goto fput_out; - retval = -EINVAL; in_inode = file_inode(in.file); out_inode = file_inode(out.file); out_pos = out.file->f_pos; -- cgit v1.2.3