kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   a99b602ac2b8c237ced40a4769f19ed10f16288a
  2.   patches.suse
  3.   fuse-Remove-the-buggy-retranslation-of-pids-in-fuse_.patch
Blob Blame History Raw 
From dbf107b2a7f36fa635b40e0b554514f599c75b33 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 20 Feb 2018 20:25:20 -0600
Subject: [PATCH] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read
Git-commit: dbf107b2a7f36fa635b40e0b554514f599c75b33
Patch-mainline: v4.18-rc1
References: bsc#1051510

At the point of fuse_dev_do_read the user space process that initiated the
action on the fuse filesystem may no longer exist.  The process have been
killed or may have fired an asynchronous request and exited.

If the initial process has exited, the code "pid_vnr(find_pid_ns(in->h.pid,
fc->pid_ns)" will either return a pid of 0, or in the unlikely event that
the pid has been reallocated it can return practically any pid.  Any pid is
possible as the pid allocator allocates pid numbers in different pid
namespaces independently.

The only way to make translation in fuse_dev_do_read reliable is to call
get_pid in fuse_req_init_context, and pid_vnr followed by put_pid in
fuse_dev_do_read.  That reference counting in other contexts has been shown
to bounce cache lines between processors and in general be slow.  So that
is not desirable.

The only known user of running the fuse server in a different pid namespace
from the filesystem does not care what the pids are in the fuse messages so
removing this code should not matter.

Getting the translation to a server running outside of the pid namespace of
a container can still be achieved by playing setns games at mount time.  It
is also possible to add an option to pass a pid namespace into the fuse
filesystem at mount time.

Fixes: 5d6d3a301c4e ("fuse: allow server to run in different pid_ns")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Acked-by: Takashi Iwai <tiwai@suse.de>

---
 fs/fuse/dev.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index 78b6293bd04d..6e005da03aed 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1261,12 +1261,6 @@ static ssize_t fuse_dev_do_read(struct fuse_dev *fud, struct file *file,
 	in = &req->in;
 	reqsize = in->h.len;
 
-	if (task_active_pid_ns(current) != fc->pid_ns) {
-		rcu_read_lock();
-		in->h.pid = pid_vnr(find_pid_ns(in->h.pid, fc->pid_ns));
-		rcu_read_unlock();
-	}
-
 	/* If request is too large, reply with an error and restart the read */
 	if (nbytes < reqsize) {
 		req->out.h.error = -EIO;
-- 
2.18.0
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.