Offering: hulk hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IB5UKT
--------------------------------
When an erofs filesystem is mounted with ondemand mode, if the cache root directory bound to cachefiles named rootdir, the resulting directory structure is seen as follows, where different directories corresponded to the objects of different levels:
rootdir ____|____ | | cache graveyard | domain_dir | back_data.img
In the current logic, if cull is executed on the cache directory, it first determines whether the inode corresponding to the directory has the S_KERNEL_FILE flag. In on-demand loading mode, when a cache directory or file is created, its corresponding inode will be set with this flag, indicating it is -inuse-. When the cache directory is put or the corresponding object is closed, the flag will be cleared, indicating it is no longer -inuse- and can be culled.
Currently cachefiles_daemon_cull() can execute on any directory or file which the corresponding inode does not has the S_KERNEL_FILE flag. We want to reduce the scope of this function. On the one hand, the user state needs to add relevant constraints; on the other hand, kernel mode can also modified. This patch adds the restriction of filesystem-level isolation.
Fixes: 8667d434b2a9 ("cachefiles: Register a miscdev and parse commands over it") Signed-off-by: Zizhi Wo wozizhi@huawei.com --- fs/cachefiles/daemon.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c index afec4032878c..81d12106ce7a 100644 --- a/fs/cachefiles/daemon.c +++ b/fs/cachefiles/daemon.c @@ -654,6 +654,12 @@ static int cachefiles_daemon_cull(struct cachefiles_cache *cache, char *args) if (!d_can_lookup(path.dentry)) goto notdir;
+ /* limit the scope of cull */ + if (cache->mnt != path.mnt) { + path_put(&path); + return -EOPNOTSUPP; + } + cachefiles_begin_secure(cache, &saved_cred); ret = cachefiles_cull(cache, path.dentry, args); cachefiles_end_secure(cache, saved_cred);