Re: Curious problem: btrfs device stats & unpriviliged access

Mon, 08 Oct 2018 08:30:02 -0700 

On 10/08/18 16:40, Hans van Kranenburg wrote:

Looking at the kernel side of things in fs/btrfs/ioctl.c I see both
BTRFS_IOC_TREE_SEARCH[_V2} unconditionally require CAP_SYS_ADMIN.


That's the tree search ioctl, for reading arbitrary metadata.

The device stats ioctl is IOC_GET_DEV_STATS...


Yeah..OK, that is clear and gave me the hint to ask: why is it
calling this in the first place? And as it turns out [1] is where
it seems to go wrong, as is_block_device() returns 0 (as it should),
fi_args.num_devices is never set (remains 0) and it proceeds to call
everything below, eventually calling the BTRFS_IOC_FS_INFO ioctl in
#1712. And that works fine:

1711 if (fi_args->num_devices != 1) {
(gdb) s
1712    ret = ioctl(fd, BTRFS_IOC_FS_INFO, fi_args);
(gdb) s
1713    if (ret < 0) {
(gdb) p ret
$28 = 0
(gdb) p *fi_args
$30 = {
  max_id = 1,
  num_devices = 1,
  fsid = "z%:\371\315\033A\203\267.\200\255;FH\221",
  nodesize = 16384,
  sectorsize = 4096,
  clone_alignment = 4096,
  reserved32 = 0,
  reserved = {0 <repeats 122 times>}
}

It's only when it goes into search_chunk_tree_for_fs_info()
where things fail due to CAP_SYS_ADMIN.

And all this explains the actual bug: when I call btrfs device stats
not on the mountpoint (as I've been trying all this time) but rather
on the device, it works properly right away as regular user:

(gdb) set args device stats /dev/loop0
(gdb) r
Breakpoint 1, get_fs_info (path=path@entry=0x7fffffffe527 "/dev/loop0", 
fi_args=fi_args@entry=0x7fffffffd400,
    di_ret=di_ret@entry=0x7fffffffd3f0) at utils.c:1652
1652    {
(gdb) c
Continuing.
[/dev/loop0].write_io_errs    0
[/dev/loop0].read_io_errs     0
[/dev/loop0].flush_io_errs    0
[/dev/loop0].corruption_errs  0
[/dev/loop0].generation_errs  0
[Inferior 1 (process 2805) exited normally]

So this is simply a discrepancy in handling a device vs. the device(s)
for a mountpoint.


I can do the device stats ioctl as normal user:

import btrfs
fs = btrfs.FileSystem('/')
btrfs.utils.pretty_print(fs.dev_stats(1))

<btrfs.ioctl.DevStats>
devid: 1
nr_items: 5
flags: 0
write_errs: 0
read_errs: 0
flush_errs: 0
generation_errs: 0
corruption_errs: 0


That works for me too, and that's actually the important part. \o/
Glad we talked about it. :}

-h

[1] 
https://github.com/kdave/btrfs-progs/blob/7faaca0d9f78f7162ae603231f693dd8e1af2a41/utils.c#L1666























					Reply via email to