[v3,12/13] nfs: copy_file_range needs to strip setuid bits and update timestamps
diff mbox series

Message ID 20190529174318.22424-13-amir73il@gmail.com
State New
Headers show
Series
  • Fixes for major copy_file_range() issues
Related show

Commit Message

Amir Goldstein May 29, 2019, 5:43 p.m. UTC
Like ->write_iter(), we update mtime and strip setuid of dst file before
copy and like ->read_iter(), we update atime of src file after copy.

Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
 fs/nfs/nfs42proc.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Comments

Amir Goldstein May 29, 2019, 7:34 p.m. UTC | #1
Hi Olga,Anna,Trond

Could we get an ACK on this patch.
It is a prerequisite for merging the cross-device copy_file_range work.

It depends on a new helper introduced here:
https://lore.kernel.org/linux-fsdevel/CAOQ4uxjbcSWX1hUcuXbn8hFH3QYB+5bAC9Z1yCwJdR=T-GGtCg@mail.gmail.com/T/#m1569878c41f39fac3aadb3832a30659c323b582a

Thanks,
Amir,

On Wed, May 29, 2019 at 8:43 PM Amir Goldstein <amir73il@gmail.com> wrote:
>
> Like ->write_iter(), we update mtime and strip setuid of dst file before
> copy and like ->read_iter(), we update atime of src file after copy.
>
> Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> ---
>  fs/nfs/nfs42proc.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/fs/nfs/nfs42proc.c b/fs/nfs/nfs42proc.c
> index 5196bfa7894d..c37a8e5116c6 100644
> --- a/fs/nfs/nfs42proc.c
> +++ b/fs/nfs/nfs42proc.c
> @@ -345,10 +345,13 @@ ssize_t nfs42_proc_copy(struct file *src, loff_t pos_src,
>
>         do {
>                 inode_lock(file_inode(dst));
> -               err = _nfs42_proc_copy(src, src_lock,
> -                               dst, dst_lock,
> -                               &args, &res);
> +               err = file_modified(dst);
> +               if (!err)
> +                       err = _nfs42_proc_copy(src, src_lock,
> +                                              dst, dst_lock,
> +                                              &args, &res);
>                 inode_unlock(file_inode(dst));
> +               file_accessed(src);
>
>                 if (err >= 0)
>                         break;
> --
> 2.17.1
>
Trond Myklebust May 29, 2019, 8:02 p.m. UTC | #2
On Wed, 2019-05-29 at 22:34 +0300, Amir Goldstein wrote:
> Hi Olga,Anna,Trond
> 
> Could we get an ACK on this patch.
> It is a prerequisite for merging the cross-device copy_file_range
> work.
> 
> It depends on a new helper introduced here:
> https://lore.kernel.org/linux-fsdevel/CAOQ4uxjbcSWX1hUcuXbn8hFH3QYB+5bAC9Z1yCwJdR=T-GGtCg@mail.gmail.com/T/#m1569878c41f39fac3aadb3832a30659c323b582a
> 
> Thanks,
> Amir,
> 
> On Wed, May 29, 2019 at 8:43 PM Amir Goldstein <amir73il@gmail.com>
> wrote:
> > Like ->write_iter(), we update mtime and strip setuid of dst file
> > before
> > copy and like ->read_iter(), we update atime of src file after
> > copy.
> > 
> > Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> > ---
> >  fs/nfs/nfs42proc.c | 9 ++++++---
> >  1 file changed, 6 insertions(+), 3 deletions(-)
> > 
> > diff --git a/fs/nfs/nfs42proc.c b/fs/nfs/nfs42proc.c
> > index 5196bfa7894d..c37a8e5116c6 100644
> > --- a/fs/nfs/nfs42proc.c
> > +++ b/fs/nfs/nfs42proc.c
> > @@ -345,10 +345,13 @@ ssize_t nfs42_proc_copy(struct file *src,
> > loff_t pos_src,
> > 
> >         do {
> >                 inode_lock(file_inode(dst));
> > -               err = _nfs42_proc_copy(src, src_lock,
> > -                               dst, dst_lock,
> > -                               &args, &res);
> > +               err = file_modified(dst);
> > +               if (!err)
> > +                       err = _nfs42_proc_copy(src, src_lock,
> > +                                              dst, dst_lock,
> > +                                              &args, &res);
> >                 inode_unlock(file_inode(dst));
> > +               file_accessed(src);
> > 
> >                 if (err >= 0)
> >                         break;
> > --
> > 2.17.1
> > 

Please drop this patch. In the NFS protocol, the client is not expected
to mess with atime or mtime other than when the user explicitly sets it
through a call to utimensat() or similar. The server takes care of any
a/mtime updates as and when the file is read/written to. 

Ditto for suid/sgid clearing.

Motto: "No file_accessed() or file_remove_privs() calls, please. We're
NFS."
Amir Goldstein May 29, 2019, 9 p.m. UTC | #3
On Wed, May 29, 2019 at 11:02 PM Trond Myklebust
<trondmy@hammerspace.com> wrote:
>
> On Wed, 2019-05-29 at 22:34 +0300, Amir Goldstein wrote:
> > Hi Olga,Anna,Trond
> >
> > Could we get an ACK on this patch.
> > It is a prerequisite for merging the cross-device copy_file_range
> > work.
> >
> > It depends on a new helper introduced here:
> > https://lore.kernel.org/linux-fsdevel/CAOQ4uxjbcSWX1hUcuXbn8hFH3QYB+5bAC9Z1yCwJdR=T-GGtCg@mail.gmail.com/T/#m1569878c41f39fac3aadb3832a30659c323b582a
> >
> > Thanks,
> > Amir,
> >
> > On Wed, May 29, 2019 at 8:43 PM Amir Goldstein <amir73il@gmail.com>
> > wrote:
> > > Like ->write_iter(), we update mtime and strip setuid of dst file
> > > before
> > > copy and like ->read_iter(), we update atime of src file after
> > > copy.
> > >
> > > Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> > > ---
> > >  fs/nfs/nfs42proc.c | 9 ++++++---
> > >  1 file changed, 6 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/fs/nfs/nfs42proc.c b/fs/nfs/nfs42proc.c
> > > index 5196bfa7894d..c37a8e5116c6 100644
> > > --- a/fs/nfs/nfs42proc.c
> > > +++ b/fs/nfs/nfs42proc.c
> > > @@ -345,10 +345,13 @@ ssize_t nfs42_proc_copy(struct file *src,
> > > loff_t pos_src,
> > >
> > >         do {
> > >                 inode_lock(file_inode(dst));
> > > -               err = _nfs42_proc_copy(src, src_lock,
> > > -                               dst, dst_lock,
> > > -                               &args, &res);
> > > +               err = file_modified(dst);
> > > +               if (!err)
> > > +                       err = _nfs42_proc_copy(src, src_lock,
> > > +                                              dst, dst_lock,
> > > +                                              &args, &res);
> > >                 inode_unlock(file_inode(dst));
> > > +               file_accessed(src);
> > >
> > >                 if (err >= 0)
> > >                         break;
> > > --
> > > 2.17.1
> > >
>
> Please drop this patch. In the NFS protocol, the client is not expected
> to mess with atime or mtime other than when the user explicitly sets it
> through a call to utimensat() or similar. The server takes care of any
> a/mtime updates as and when the file is read/written to.
>
> Ditto for suid/sgid clearing.
>
> Motto: "No file_accessed() or file_remove_privs() calls, please. We're
> NFS."

OK.

Thanks,
Amir.

Patch
diff mbox series

diff --git a/fs/nfs/nfs42proc.c b/fs/nfs/nfs42proc.c
index 5196bfa7894d..c37a8e5116c6 100644
--- a/fs/nfs/nfs42proc.c
+++ b/fs/nfs/nfs42proc.c
@@ -345,10 +345,13 @@  ssize_t nfs42_proc_copy(struct file *src, loff_t pos_src,
 
 	do {
 		inode_lock(file_inode(dst));
-		err = _nfs42_proc_copy(src, src_lock,
-				dst, dst_lock,
-				&args, &res);
+		err = file_modified(dst);
+		if (!err)
+			err = _nfs42_proc_copy(src, src_lock,
+					       dst, dst_lock,
+					       &args, &res);
 		inode_unlock(file_inode(dst));
+		file_accessed(src);
 
 		if (err >= 0)
 			break;