date:20181030

Re: [Devel] [PATCH 3/3] fuse: Switch unused engines off in Kconfig

2018-10-30 Thread Pavel Butsykin

On 30.10.2018 11:55, Kirill Tkhai wrote:
> We do not test and do not use these engines. They were
> needed on initial stage of development, but now their
> time is over.
> 
> It's not safe to distribute untested (and never used)
> debug modules in production, so this patch disables
> them by default. Some time later, if there is no at least
> a single using of them in any purpose, we'll completely
> drop them.
> 
> https://pmc.acronis.com/browse/VSTOR-16325
> 
> Signed-off-by: Kirill Tkhai 

Reviewed-by: Pavel Butsykin 

> ---
>   configs/kernel-3.10.0-x86_64-debug.config   |4 ++--
>   configs/kernel-3.10.0-x86_64-minimal.config |4 ++--
>   configs/kernel-3.10.0-x86_64.config |4 ++--
>   fs/fuse/Kconfig |2 ++
>   4 files changed, 8 insertions(+), 6 deletions(-)
> 
> diff --git a/configs/kernel-3.10.0-x86_64-debug.config 
> b/configs/kernel-3.10.0-x86_64-debug.config
> index 9ff450667838..758f7618abc1 100644
> --- a/configs/kernel-3.10.0-x86_64-debug.config
> +++ b/configs/kernel-3.10.0-x86_64-debug.config
> @@ -6430,8 +6430,8 @@ CONFIG_NETFILTER_XT_MATCH_WDOG_TMO=m
>   
>   CONFIG_VE_IP_NF_VZPRIVNET=m
>   
> -CONFIG_FUSE_KIO_NOOP=m
> -CONFIG_FUSE_KIO_NULLIO=m
> +# CONFIG_FUSE_KIO_NOOP is not set
> +# CONFIG_FUSE_KIO_NULLIO is not set
>   CONFIG_FUSE_KIO_PCS=m
>   
>   CONFIG_FUSE_KIO_DEBUG=y
> diff --git a/configs/kernel-3.10.0-x86_64-minimal.config 
> b/configs/kernel-3.10.0-x86_64-minimal.config
> index 4a5211f1dc47..037821b0dea5 100644
> --- a/configs/kernel-3.10.0-x86_64-minimal.config
> +++ b/configs/kernel-3.10.0-x86_64-minimal.config
> @@ -3682,8 +3682,8 @@ CONFIG_QUOTACTL_COMPAT=y
>   CONFIG_AUTOFS4_FS=y
>   CONFIG_FUSE_FS=y
>   # CONFIG_CUSE is not set
> -CONFIG_FUSE_KIO_NOOP=y
> -CONFIG_FUSE_KIO_NULLIO=y
> +# CONFIG_FUSE_KIO_NOOP is not set
> +# CONFIG_FUSE_KIO_NULLIO is not set
>   CONFIG_FUSE_KIO_PCS=y
>   # CONFIG_FUSE_KIO_DEBUG is not set
>   CONFIG_OVERLAY_FS=y
> diff --git a/configs/kernel-3.10.0-x86_64.config 
> b/configs/kernel-3.10.0-x86_64.config
> index bdc91d414de6..8b5e2ade38f3 100644
> --- a/configs/kernel-3.10.0-x86_64.config
> +++ b/configs/kernel-3.10.0-x86_64.config
> @@ -6401,8 +6401,8 @@ CONFIG_NETFILTER_XT_MATCH_WDOG_TMO=m
>   
>   CONFIG_VE_IP_NF_VZPRIVNET=m
>   
> -CONFIG_FUSE_KIO_NOOP=m
> -CONFIG_FUSE_KIO_NULLIO=m
> +# CONFIG_FUSE_KIO_NOOP is not set
> +# CONFIG_FUSE_KIO_NULLIO is not set
>   CONFIG_FUSE_KIO_PCS=m
>   
>   # CONFIG_FUSE_KIO_DEBUG is not set
> diff --git a/fs/fuse/Kconfig b/fs/fuse/Kconfig
> index b7fc9e8be4a2..8ecc12182e6a 100644
> --- a/fs/fuse/Kconfig
> +++ b/fs/fuse/Kconfig
> @@ -29,6 +29,7 @@ config CUSE
>   config FUSE_KIO_NOOP
>   tristate "Enable kdirect noop io engine"
>   depends on FUSE_FS
> + default n
>   help
> This FUSE extension allows to handle io requests directly inside 
> kernel
>   
> @@ -37,6 +38,7 @@ config FUSE_KIO_NOOP
>   config FUSE_KIO_NULLIO
>   tristate "Enable kdirect null io io engine"
>   depends on FUSE_FS
> + default n
>   help
> This FUSE extension allows to handle io requests directly inside 
> kernel
>   
> 

___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Re: [Devel] [PATCH 1/3] fuse: Fix parse_fuse_opt() return values wrong interpretation

2018-10-30 Thread Pavel Butsykin

On 30.10.2018 11:55, Kirill Tkhai wrote:
> This function returns not 0 in case of success, and 0 in case
> of failure. So, error values like -EPERM are interpreted as
> success, which is wrong. Fix that.
> Note, that fuse has generic EINVAL return value for all types
> of unacceptable parameters.
> 
> Signed-off-by: Kirill Tkhai 

Reviewed-by: Pavel Butsykin 

> ---
>   fs/fuse/inode.c |8 
>   1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index ca9a146d39fa..0695b79c4c50 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -688,19 +688,19 @@ static int parse_fuse_opt(char *opt, struct 
> fuse_mount_data *d, int is_bdev)
>   
>   case OPT_WBCACHE:
>   if (!ve_is_super(get_exec_env()) && !fuse_ve_odirect)
> - return -EPERM;
> + return 0;
>   d->writeback_cache = 1;
>   break;
>   
>   case OPT_ODIRECT:
>   if (!ve_is_super(get_exec_env()) && !fuse_ve_odirect)
> - return -EPERM;
> + return 0;
>   d->flags |= FUSE_ODIRECT;
>   break;
>   
>   case OPT_UMOUNT_WAIT:
>   if (!ve_is_super(get_exec_env()) && !fuse_ve_odirect)
> - return -EPERM;
> + return 0;
>   d->flags |= FUSE_UMOUNT_WAIT;
>   break;
>   
> @@ -711,7 +711,7 @@ static int parse_fuse_opt(char *opt, struct 
> fuse_mount_data *d, int is_bdev)
>   char *name;
>   name = match_strdup([0]);
>   if (!name)
> - return 1;
> + return 0;
>   
>   strncpy(d->kio_name, name, FUSE_KIO_NAME);
>   d->flags |= FUSE_KDIRECT_IO;
> 

___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Re: [Devel] [PATCH 2/3] fuse: Prohibit kio engine from containers

2018-10-30 Thread Pavel Butsykin

On 30.10.2018 11:55, Kirill Tkhai wrote:
> Currently we have several BUG_ON() ported from userspace,
> and they may fire in case of it's used malicious daemon
> instead of original vstorage-mount. So, just prohibit
> mounting with kio from inside container.
> 
> https://pmc.acronis.com/browse/VSTOR-16325
> 
> Signed-off-by: Kirill Tkhai 

Reviewed-by: Pavel Butsykin 

> ---
>   fs/fuse/inode.c |2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 0695b79c4c50..34e52262d37e 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -709,6 +709,8 @@ static int parse_fuse_opt(char *opt, struct 
> fuse_mount_data *d, int is_bdev)
>   break;
>   case OPT_KIO_NAME: {
>   char *name;
> + if (!ve_is_super(get_exec_env()))
> + return 0;
>   name = match_strdup([0]);
>   if (!name)
>   return 0;
> 

___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH 2/3] fuse: Prohibit kio engine from containers

2018-10-30 Thread Kirill Tkhai

Currently we have several BUG_ON() ported from userspace,
and they may fire in case of it's used malicious daemon
instead of original vstorage-mount. So, just prohibit
mounting with kio from inside container.

https://pmc.acronis.com/browse/VSTOR-16325

Signed-off-by: Kirill Tkhai 
---
 fs/fuse/inode.c |2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 0695b79c4c50..34e52262d37e 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -709,6 +709,8 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data 
*d, int is_bdev)
break;
case OPT_KIO_NAME: {
char *name;
+   if (!ve_is_super(get_exec_env()))
+   return 0;
name = match_strdup([0]);
if (!name)
return 0;

___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH 3/3] fuse: Switch unused engines off in Kconfig

2018-10-30 Thread Kirill Tkhai

We do not test and do not use these engines. They were
needed on initial stage of development, but now their
time is over.

It's not safe to distribute untested (and never used)
debug modules in production, so this patch disables
them by default. Some time later, if there is no at least
a single using of them in any purpose, we'll completely
drop them.

https://pmc.acronis.com/browse/VSTOR-16325

Signed-off-by: Kirill Tkhai 
---
 configs/kernel-3.10.0-x86_64-debug.config   |4 ++--
 configs/kernel-3.10.0-x86_64-minimal.config |4 ++--
 configs/kernel-3.10.0-x86_64.config |4 ++--
 fs/fuse/Kconfig |2 ++
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/configs/kernel-3.10.0-x86_64-debug.config 
b/configs/kernel-3.10.0-x86_64-debug.config
index 9ff450667838..758f7618abc1 100644
--- a/configs/kernel-3.10.0-x86_64-debug.config
+++ b/configs/kernel-3.10.0-x86_64-debug.config
@@ -6430,8 +6430,8 @@ CONFIG_NETFILTER_XT_MATCH_WDOG_TMO=m
 
 CONFIG_VE_IP_NF_VZPRIVNET=m
 
-CONFIG_FUSE_KIO_NOOP=m
-CONFIG_FUSE_KIO_NULLIO=m
+# CONFIG_FUSE_KIO_NOOP is not set
+# CONFIG_FUSE_KIO_NULLIO is not set
 CONFIG_FUSE_KIO_PCS=m
 
 CONFIG_FUSE_KIO_DEBUG=y
diff --git a/configs/kernel-3.10.0-x86_64-minimal.config 
b/configs/kernel-3.10.0-x86_64-minimal.config
index 4a5211f1dc47..037821b0dea5 100644
--- a/configs/kernel-3.10.0-x86_64-minimal.config
+++ b/configs/kernel-3.10.0-x86_64-minimal.config
@@ -3682,8 +3682,8 @@ CONFIG_QUOTACTL_COMPAT=y
 CONFIG_AUTOFS4_FS=y
 CONFIG_FUSE_FS=y
 # CONFIG_CUSE is not set
-CONFIG_FUSE_KIO_NOOP=y
-CONFIG_FUSE_KIO_NULLIO=y
+# CONFIG_FUSE_KIO_NOOP is not set
+# CONFIG_FUSE_KIO_NULLIO is not set
 CONFIG_FUSE_KIO_PCS=y
 # CONFIG_FUSE_KIO_DEBUG is not set
 CONFIG_OVERLAY_FS=y
diff --git a/configs/kernel-3.10.0-x86_64.config 
b/configs/kernel-3.10.0-x86_64.config
index bdc91d414de6..8b5e2ade38f3 100644
--- a/configs/kernel-3.10.0-x86_64.config
+++ b/configs/kernel-3.10.0-x86_64.config
@@ -6401,8 +6401,8 @@ CONFIG_NETFILTER_XT_MATCH_WDOG_TMO=m
 
 CONFIG_VE_IP_NF_VZPRIVNET=m
 
-CONFIG_FUSE_KIO_NOOP=m
-CONFIG_FUSE_KIO_NULLIO=m
+# CONFIG_FUSE_KIO_NOOP is not set
+# CONFIG_FUSE_KIO_NULLIO is not set
 CONFIG_FUSE_KIO_PCS=m
 
 # CONFIG_FUSE_KIO_DEBUG is not set
diff --git a/fs/fuse/Kconfig b/fs/fuse/Kconfig
index b7fc9e8be4a2..8ecc12182e6a 100644
--- a/fs/fuse/Kconfig
+++ b/fs/fuse/Kconfig
@@ -29,6 +29,7 @@ config CUSE
 config FUSE_KIO_NOOP
tristate "Enable kdirect noop io engine"
depends on FUSE_FS
+   default n
help
  This FUSE extension allows to handle io requests directly inside 
kernel
 
@@ -37,6 +38,7 @@ config FUSE_KIO_NOOP
 config FUSE_KIO_NULLIO
tristate "Enable kdirect null io io engine"
depends on FUSE_FS
+   default n
help
  This FUSE extension allows to handle io requests directly inside 
kernel
 

___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH 1/3] fuse: Fix parse_fuse_opt() return values wrong interpretation

2018-10-30 Thread Kirill Tkhai

This function returns not 0 in case of success, and 0 in case
of failure. So, error values like -EPERM are interpreted as
success, which is wrong. Fix that.
Note, that fuse has generic EINVAL return value for all types
of unacceptable parameters.

Signed-off-by: Kirill Tkhai 
---
 fs/fuse/inode.c |8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index ca9a146d39fa..0695b79c4c50 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -688,19 +688,19 @@ static int parse_fuse_opt(char *opt, struct 
fuse_mount_data *d, int is_bdev)
 
case OPT_WBCACHE:
if (!ve_is_super(get_exec_env()) && !fuse_ve_odirect)
-   return -EPERM;
+   return 0;
d->writeback_cache = 1;
break;
 
case OPT_ODIRECT:
if (!ve_is_super(get_exec_env()) && !fuse_ve_odirect)
-   return -EPERM;
+   return 0;
d->flags |= FUSE_ODIRECT;
break;
 
case OPT_UMOUNT_WAIT:
if (!ve_is_super(get_exec_env()) && !fuse_ve_odirect)
-   return -EPERM;
+   return 0;
d->flags |= FUSE_UMOUNT_WAIT;
break;
 
@@ -711,7 +711,7 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data 
*d, int is_bdev)
char *name;
name = match_strdup([0]);
if (!name)
-   return 1;
+   return 0;
 
strncpy(d->kio_name, name, FUSE_KIO_NAME);
d->flags |= FUSE_KDIRECT_IO;

___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Re: [Devel] [PATCH 3/3] fuse: Switch unused engines off in Kconfig

Re: [Devel] [PATCH 1/3] fuse: Fix parse_fuse_opt() return values wrong interpretation

Re: [Devel] [PATCH 2/3] fuse: Prohibit kio engine from containers

[Devel] [PATCH 2/3] fuse: Prohibit kio engine from containers

[Devel] [PATCH 3/3] fuse: Switch unused engines off in Kconfig

[Devel] [PATCH 1/3] fuse: Fix parse_fuse_opt() return values wrong interpretation

6 matches

Site Navigation

Mail list logo

Footer information