On 9/6/23 16:43, Christian Brauner wrote:
On Tue, Sep 05, 2023 at 08:02:59PM +0200, David Sterba wrote:
On Thu, Aug 31, 2023 at 01:24:29PM +0200, Bernd Schubert wrote:
While adding shared direct IO write locks to fuse Miklos noticed
that file_remove_privs() needs an exclusive lock. I then
noticed that btrfs actually has the same issue as I had in my patch,
it was calling into that function with a shared lock.
This series adds a new exported function file_needs_remove_privs(),
which used by the follow up btrfs patch and will be used by the
DIO code path in fuse as well. If that function returns any mask
the shared lock needs to be dropped and replaced by the exclusive
variant.
Note: Compilation tested only.
The fix makes sense, there should be no noticeable performance impact,
basically the same check is done in the newly exported helper for the
IS_NOSEC bit. I can give it a test locally for the default case, I'm
not sure if we have specific tests for the security layers in fstests.
Regarding merge, I can take the two patches via btrfs tree or can wait
until the export is present in Linus' tree in case FUSE needs it
independently.
Both fuse and btrfs need it afaict. We can grab it and provide a tag
post -rc1? Whatever works best.
fuse will need it for my direct IO patches - hopefully in 6.7.
For btrfs it is a bug fix, should go in asap?
Christoph has some objections for to use the new exported helper
(file_needs_remove_privs). Maybe I better send a version for btrfs
that only uses S_NOSEC? For fuse we cannot use it, unfortunately.
Thanks,
Bernd
