remap_range: move permission hooks out of do_clone_file_range()

In many of the vfs helpers, file permission hook is called before taking sb_start_write(), making them "start-write-safe". do_clone_file_range() is an exception to this rule. do_clone_file_range() has two callers - vfs_clone_file_range() and overlayfs. Move remap_verify_area() checks from do_clone_file_range() out to vfs_clone_file_range() to make them "start-write-safe". Overlayfs already has calls to rw_verify_area() with the same security permission hooks as remap_verify_area() has. The rest of the checks in remap_verify_area() are irrelevant for overlayfs that calls do_clone_file_range() offset 0 and positive length. This is needed for fanotify "pre content" events. Reviewed-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Link: https://lore.kernel.org/r/20231122122715.2561213-7-amir73il@gmail.comReviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org>

remap_range: move permission hooks out of do_clone_file_range()
In many of the vfs helpers, file permission hook is called before taking sb_start_write(), making them "start-write-safe". do_clone_file_range() is an exception to this rule. do_clone_file_range() has two callers - vfs_clone_file_range() and overlayfs. Move remap_verify_area() checks from do_clone_file_range() out to vfs_clone_file_range() to make them "start-write-safe". Overlayfs already has calls to rw_verify_area() with the same security permission hooks as remap_verify_area() has. The rest of the checks in remap_verify_area() are irrelevant for overlayfs that calls do_clone_file_range() offset 0 and positive length. This is needed for fanotify "pre content" events. Reviewed-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Link: https://lore.kernel.org/r/20231122122715.2561213-7-amir73il@gmail.comReviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org>
dfad3705 · Amir Goldstein · Christian Brauner · d53471ba · dfad3705
Commit dfad3705 authored Nov 22, 2023 by Amir Goldstein Committed by Christian Brauner Nov 24, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 8 deletions

fs/remap_range.c fs/remap_range.c +8 -8

No files found.
--- a/fs/remap_range.c
+++ b/fs/remap_range.c
@@ -385,14 +385,6 @@ loff_t do_clone_file_range(struct file *file_in, loff_t pos_in,
 	if (!file_in->f_op->remap_file_range)
 		return -EOPNOTSUPP;
-	ret = remap_verify_area(file_in, pos_in, len, false);
-	if (ret)
-		return ret;
-	ret = remap_verify_area(file_out, pos_out, len, true);
-	if (ret)
-		return ret;
 	ret = file_in->f_op->remap_file_range(file_in, pos_in,
 			file_out, pos_out, len, remap_flags);
 	if (ret < 0)
@@ -410,6 +402,14 @@ loff_t vfs_clone_file_range(struct file *file_in, loff_t pos_in,
 {
 	loff_t ret;
+	ret = remap_verify_area(file_in, pos_in, len, false);
+	if (ret)
+		return ret;
+	ret = remap_verify_area(file_out, pos_out, len, true);
+	if (ret)
+		return ret;
 	file_start_write(file_out);
 	ret = do_clone_file_range(file_in, pos_in, file_out, pos_out, len,
 				  remap_flags);