fuse: Fail all requests with invalid uids or gids

Upon a cursory examinination the uid and gid of a fuse request are necessary for correct operation. Failing a fuse request where those values are not reliable seems a straight forward and reliable means of ensuring that fuse requests with bad data are not sent or processed. In most cases the vfs will avoid actions it suspects will cause an inode write back of an inode with an invalid uid or gid. But that does not map precisely to what fuse is doing, so test for this and solve this at the fuse level as well. Performing this work in fuse_req_init_context is cheap as the code is already performing the translation here and only needs to check the result of the translation to see if things are not representable in a form the fuse server can handle. [SzM] Don't zero the context for the nofail case, just keep using the munging version (makes sense for debugging and doesn't hurt). Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2018-02-21 11:52:06 -0500
committer: Miklos Szeredi <mszeredi@redhat.com> 2018-03-20 12:11:44 -0400
commit: c9582eb0ff7d2b560be60eafab29183882cdc82b (patch)
tree: 2622564e341542e5e23140deb6194f23d4eabec2
parent: dbf107b2a7f36fa635b40e0b554514f599c75b33 (diff)
1 files changed, 13 insertions, 9 deletions
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index 6e005da03aed..4852f8803156 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -112,13 +112,6 @@ static void __fuse_put_request(struct fuse_req *req)
        refcount_dec(&req->count);
 }
-static void fuse_req_init_context(struct fuse_conn *fc, struct fuse_req *req)
-{
-        req->in.h.uid = from_kuid_munged(&init_user_ns, current_fsuid());
-        req->in.h.gid = from_kgid_munged(&init_user_ns, current_fsgid());
-        req->in.h.pid = pid_nr_ns(task_pid(current), fc->pid_ns);
-}
 void fuse_set_initialized(struct fuse_conn *fc)
 {
        /* Make sure stores before this are seen on another CPU */
@@ -163,11 +156,19 @@ static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages,
                goto out;
        }
-        fuse_req_init_context(fc, req);
+        req->in.h.uid = from_kuid(&init_user_ns, current_fsuid());
+        req->in.h.gid = from_kgid(&init_user_ns, current_fsgid());
+        req->in.h.pid = pid_nr_ns(task_pid(current), fc->pid_ns);
        __set_bit(FR_WAITING, &req->flags);
        if (for_background)
                __set_bit(FR_BACKGROUND, &req->flags);
+        if (unlikely(req->in.h.uid == ((uid_t)-1) ||
+                     req->in.h.gid == ((gid_t)-1))) {
+                fuse_put_request(fc, req);
+                return ERR_PTR(-EOVERFLOW);
+        }
        return req;
 out:
@@ -256,7 +257,10 @@ struct fuse_req *fuse_get_req_nofail_nopages(struct fuse_conn *fc,
        if (!req)
                req = get_reserved_req(fc, file);
-        fuse_req_init_context(fc, req);
+        req->in.h.uid = from_kuid_munged(&init_user_ns, current_fsuid());
+        req->in.h.gid = from_kgid_munged(&init_user_ns, current_fsgid());
+        req->in.h.pid = pid_nr_ns(task_pid(current), fc->pid_ns);
        __set_bit(FR_WAITING, &req->flags);
        __clear_bit(FR_BACKGROUND, &req->flags);
        return req;
author	Eric W. Biederman <ebiederm@xmission.com>	2018-02-21 11:52:06 -0500
committer	Miklos Szeredi <mszeredi@redhat.com>	2018-03-20 12:11:44 -0400
commit	c9582eb0ff7d2b560be60eafab29183882cdc82b (patch)
tree	2622564e341542e5e23140deb6194f23d4eabec2
parent	dbf107b2a7f36fa635b40e0b554514f599c75b33 (diff)