From nobody Thu Apr 2 09:12:33 2026 Received: from out30-101.freemail.mail.aliyun.com (out30-101.freemail.mail.aliyun.com [115.124.30.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A240F390984 for ; Mon, 30 Mar 2026 02:20:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.101 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774837250; cv=none; b=I53UovII4lykAEGF6pydugsFpnXHBEvdHYrifN3aR/j/jYS336R4YkqndvDyPT9WhCn/PZjyc5P+NtKzsJRaa5hgHeFJ8GFTweD58diuDAne2X5/obBhfqkDcgH25cY6cNryRD13S8jds+QQtXfOaUTZkjviYPNur49gfvUfgrY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774837250; c=relaxed/simple; bh=/gfOJR7PlEU5YoAyQcwf4Xu++CB+cjOiZN8j5JOWT2I=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=B9JFPfBfTICQNg/tuPWWSnH21QVznJxk/wtIHlc889LKElAast4MtbxwhhAGoJ3Km6iZjAUk6hYgKS1/SefI7bVKAcPxNWpxlse2g5J3B/LQpWdEVfna0/n+GM+SjY24BqorpcFYYfhd5iN4LH3pi76zyq+vPXyiH3EhgmN1zvk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=Q3vs4gRT; arc=none smtp.client-ip=115.124.30.101 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="Q3vs4gRT" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1774837238; h=From:To:Subject:Date:Message-ID:MIME-Version; bh=KIITCaTj5UlOKpXNQWHZKk1QN9M4wLF+SwTlo4rXyDo=; b=Q3vs4gRTYMpapb19pK8M7CqsrQEYVJO6HyJT3LeY1tfWXR0ouzlsXb3mcZt2UZZEM/fS2hqpIxPsZtiDpJ2T51fRGtNyCT7Jf/0h1Uyn/gRjEun8zhlT4upJk3SSNEHNbPT2F1QH4EeIOrO71jMCHWVw67MR6Ht/2WORbvzLH+w= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R121e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033045133197;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=6;SR=0;TI=SMTPD_---0X.u.bHb_1774837233; Received: from x31i01179.sqa.na131.tbsite.net(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0X.u.bHb_1774837233 cluster:ay36) by smtp.aliyun-inc.com; Mon, 30 Mar 2026 10:20:38 +0800 From: Gao Xiang To: linux-erofs@lists.ozlabs.org Cc: LKML , Jan Kara , Christian Brauner , Gao Xiang , Amir Goldstein Subject: [PATCH] erofs: verify metadata accesses for file-backed mounts Date: Mon, 30 Mar 2026 10:20:31 +0800 Message-ID: <20260330022031.2107239-1-hsiangkao@linux.alibaba.com> X-Mailer: git-send-email 2.43.5 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For file-backed mounts, metadata is fetched via the page cache of backing inodes to avoid double caching and redundant copy ops, which is currently used by Android APEXes, ComposeFS and containerd for example. However, rw_verify_area() was missing prior to metadata accesses. Similar to vfs_iocb_iter_read(), fix this by: - Enabling fanotify pre-content hooks on metadata accesses; - security_file_permission() for security modules. Verified that fanotify pre-content hooks now works correctly. Fixes: fb176750266a ("erofs: add file-backed mount support") Acked-by: Amir Goldstein Signed-off-by: Gao Xiang Reviewed-by: Chunhai Guo --- fs/erofs/data.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/fs/erofs/data.c b/fs/erofs/data.c index f79ee80627d9..cf27b8fbaaa1 100644 --- a/fs/erofs/data.c +++ b/fs/erofs/data.c @@ -30,6 +30,20 @@ void *erofs_bread(struct erofs_buf *buf, erofs_off_t off= set, bool need_kmap) { pgoff_t index =3D (buf->off + offset) >> PAGE_SHIFT; struct folio *folio =3D NULL; + loff_t fpos; + int err; + + /* + * Metadata access for file-backed mounts reuses page cache of backing + * fs inodes only folio data will be needed) to prevent double caching. + * However, the data access range must be verified here in advance. + */ + if (buf->file) { + fpos =3D index << PAGE_SHIFT; + err =3D rw_verify_area(READ, buf->file, &fpos, PAGE_SIZE); + if (err) + return ERR_PTR(err); + } =20 if (buf->page) { folio =3D page_folio(buf->page); --=20 2.43.5