Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-02 00:51:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
A mirror of the official Linux kernel repository just in case
1,138,048 Commits 7 Branches 863 Tags 6.5 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
b138777786
Go to file
Dave Marchevsky b138777786 fuse: Rearrange fuse_allow_current_process checks 
This is a followup to a previous commit of mine [0], which added the
allow_sys_admin_access && capable(CAP_SYS_ADMIN) check.  This patch
rearranges the order of checks in fuse_allow_current_process without
changing functionality.

Commit 9ccf47b26b ("fuse: Add module param for CAP_SYS_ADMIN access
bypassing allow_other") added allow_sys_admin_access &&
capable(CAP_SYS_ADMIN) check to the beginning of the function, with the
reasoning that allow_sys_admin_access should be an 'escape hatch' for users
with CAP_SYS_ADMIN, allowing them to skip any subsequent checks.

However, placing this new check first results in many capable() calls when
allow_sys_admin_access is set, where another check would've also returned
1.  This can be problematic when a BPF program is tracing capable() calls.

At Meta we ran into such a scenario recently.  On a host where
allow_sys_admin_access is set but most of the FUSE access is from processes
which would pass other checks - i.e.  they don't need CAP_SYS_ADMIN 'escape
hatch' - this results in an unnecessary capable() call for each fs op.  We
also have a daemon tracing capable() with BPF and doing some data
collection, so tracing these extraneous capable() calls has the potential
to regress performance for an application doing many FUSE ops.

So rearrange the order of these checks such that CAP_SYS_ADMIN 'escape
hatch' is checked last.  Add a small helper, fuse_permissible_uidgid, to
make the logic easier to understand.  Previously, if allow_other is set on
the fuse_conn, uid/git checking doesn't happen as current_in_userns result
is returned.  These semantics are maintained here: fuse_permissible_uidgid
check only happens if allow_other is not set.

Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Suggested-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2022-11-23 09:10:50 +01:00
arch - Do not hold fpregs lock when inheriting FPU permissions because the 2022-11-20 10:47:39 -08:00
block block-6.1-2022-11-18 2022-11-18 13:59:45 -08:00
certs
crypto treewide: use get_random_bytes() when possible 2022-10-11 17:42:58 -06:00
Documentation Input updates for v6.1-rc5 2022-11-18 17:56:29 -08:00
drivers SCSI fixes on 20221119 2022-11-19 15:51:22 -08:00
fs fuse: Rearrange fuse_allow_current_process checks 2022-11-23 09:10:50 +01:00
include fuse: allow non-extending parallel direct writes on the same file 2022-11-23 09:10:50 +01:00
init init: Kconfig: fix spelling mistake "satify" -> "satisfy" 2022-10-20 21:27:22 -07:00
io_uring io_uring: disallow self-propelled ring polling 2022-11-18 09:29:31 -07:00
ipc ipc/msg.c: fix percpu_counter use after free 2022-10-28 13:37:22 -07:00
kernel tracing/probes: Fixes for v6.1 2022-11-20 15:31:20 -08:00
lib maple_tree: don't set a new maximum on the node when not reusing nodes 2022-11-08 15:57:25 -08:00
LICENSES
mm Networking fixes for 6.1-rc6, including fixes from bpf 2022-11-17 08:58:36 -08:00
net tcp: configurable source port perturb table size 2022-11-16 13:02:04 +00:00
rust Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
samples VFIO updates for v6.1-rc1 2022-10-12 14:46:48 -07:00
scripts kbuild: Restore .version auto-increment behaviour for Debian packages 2022-11-17 17:51:45 +09:00
security lsm/stable-6.1 PR 20221031 2022-10-31 12:09:42 -07:00
sound ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 2022-11-15 18:03:31 +01:00
tools Char/Misc driver fixes for 6.1-rc6 2022-11-18 10:29:25 -08:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt Merge tag 'kvmarm-fixes-6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD 2022-11-06 03:30:49 -05:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
.mailmap sound fixes for 6.1-rc6 2022-11-18 09:52:10 -08:00
.rustfmt.toml
COPYING
CREDITS MAINTAINERS: Remove Michal Marek from Kbuild maintainers 2022-11-16 14:53:00 +09:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS Kbuild fixes for v6.1 (3rd) 2022-11-19 09:03:20 -08:00
Makefile Linux 6.1-rc6 2022-11-20 16:02:16 -08:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.