From patchwork Wed Apr 14 12:37:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12202725 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45C50C433B4 for ; Wed, 14 Apr 2021 12:38:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1894560FED for ; Wed, 14 Apr 2021 12:38:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233263AbhDNMjA (ORCPT ); Wed, 14 Apr 2021 08:39:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:33808 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231415AbhDNMi7 (ORCPT ); Wed, 14 Apr 2021 08:38:59 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id E852761158; Wed, 14 Apr 2021 12:38:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1618403917; bh=XhcJ6hhr3dEm4tbK7n/9JaZNYoF4yEz/sBw0pVLhavQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ryjltU1t50M1EJiBASTuYuaDqzLTpoOuOQH9TL/og6QAk5bYkiOBKJaeIBJPJRAKx tR3w4nUXmqibLILQMJqFR5BjlpRibSZZkBfGvIHbm1Wr0k9p1IXVLlgOquXhMwcImc Qx/qNAVTs5Blbj6ZwmyalhKacVGOPOe2i5c+Vpg6bzQf3M/RQBK2xYnid6hh0yhopc l+5RLeq9jM7kctH6gML8/WPhD0yQMK6moRD2o0GmZsOv8taBVsUq7ZQ1ZSKFDnsN0a 371eaC1TIoWaod6oazNOwdRwdryxhYySB5iB5h/rNAQm7EOoHjk9SCpQ74bplDs8T4 7hBOXK41AVIlA== From: Christian Brauner To: linux-fsdevel@vger.kernel.org Cc: Amir Goldstein , Christoph Hellwig , Tyler Hicks , David Howells , Miklos Szeredi , Al Viro , ecryptfs@vger.kernel.org, linux-cachefs@redhat.com, Christian Brauner Subject: [PATCH 1/7] namespace: fix clone_private_mount() kernel doc Date: Wed, 14 Apr 2021 14:37:45 +0200 Message-Id: <20210414123750.2110159-2-brauner@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210414123750.2110159-1-brauner@kernel.org> References: <20210414123750.2110159-1-brauner@kernel.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=Ug070dnCYtvoTTL9sM+KCsYvFzZzgfpQ1rAeZsa4E0c=; m=Nyy5JV6keYRz9DaoVlPSewQmP7/guf8xde0k24FEh8I=; p=Ez0P8VpCpQt2UopiUYXdmn61d6ikUXWbnh4YqIFsC/g=; g=e2958c68e45ab891ebc18d84945f46ea030fd186 X-Patch-Sig: m=pgp; i=christian.brauner@ubuntu.com; s=0x0x91C61BC06578DCA2; b=iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCYHbh3wAKCRCRxhvAZXjcoufWAP9xjcj 8M8rEHzBJtuKW2qoVv2jPFVwHN8aJICtFeGnOWQEAlTvTfEAfp8jjIc53K83adZs9p6OiZMZJhrA/ 5TLbaw4= Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Christian Brauner Extend the kernel documentation for clone_private_mount(). Add some more detailed info about its usage and convert it into proper kernel doc. Cc: Amir Goldstein Cc: Christoph Hellwig Cc: Miklos Szeredi Cc: Al Viro Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner --- fs/namespace.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 56bb5a5fdc0d..02f415061efe 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1939,12 +1939,21 @@ void drop_collected_mounts(struct vfsmount *mnt) /** * clone_private_mount - create a private clone of a path + * @path: path from which the mnt to clone will be taken * - * This creates a new vfsmount, which will be the clone of @path. The new will - * not be attached anywhere in the namespace and will be private (i.e. changes - * to the originating mount won't be propagated into this). + * This creates a new vfsmount, which will be a clone of @path's vfsmount. * - * Release with mntput(). + * In contrast to mnt_clone_internal() the new mount will not be marked + * MNT_INTERNAL but will have MNT_NS_INTERNAL attached as its mount namespace + * making it suitable for long-term mounts since mntput()ing it will always hit + * the fastpath as long as kern_unmount() hasn't been called. + * + * Since the mount is not reachable anwyhere mount properties and propagation + * properties remain stable, i.e. cannot change. + * + * Useable with mntget()/mntput() but needs to be released with kern_unmount(). + * + * Return: A clone of @path's vfsmount on success, an error pointer on failure. */ struct vfsmount *clone_private_mount(const struct path *path) { From patchwork Wed Apr 14 12:37:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12202727 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 81053C433ED for ; Wed, 14 Apr 2021 12:38:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4E984613B1 for ; Wed, 14 Apr 2021 12:38:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231415AbhDNMjT (ORCPT ); Wed, 14 Apr 2021 08:39:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:33850 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232883AbhDNMjC (ORCPT ); Wed, 14 Apr 2021 08:39:02 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4BA83611B0; Wed, 14 Apr 2021 12:38:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1618403921; bh=McPw3CpQkPn0LPU4NbjINIKS3JUko4oWL/Fgux77pnM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eM5p60YdcWgwuMo6Xo5LAPmv31aqq8xnsvIq4obDU/7w3T76Ae7YZo9MrJ/rqImGT pnsB9r4BqCTDWtGprfwoXvc4QY7HvRKf2M6I9zAp2yeUJnE5MTuNXLqHcTV0tpOzyw iUtan51RXRItvYkROTVYHQljEJLxr3I+Vt4Y5fwq5OMUh7vAcOJVMqil/GLM1bvhBS aBLSd0LMINXoTyP3mYR161Z7qOBD6prVhTz1FUhNc1Z5c829b2pTDkd1lWaU/pwkPW TSYU40A6ZsuPwMfkIh90ZML4LNWSRYAQRIJgfZggsamUnNBRgdndNVmLOdTHQebgtq Z5nCSImECMEuQ== From: Christian Brauner To: linux-fsdevel@vger.kernel.org Cc: Amir Goldstein , Christoph Hellwig , Tyler Hicks , David Howells , Miklos Szeredi , Al Viro , ecryptfs@vger.kernel.org, linux-cachefs@redhat.com, Christian Brauner Subject: [PATCH 2/7] namespace: add kernel doc for mnt_clone_internal() Date: Wed, 14 Apr 2021 14:37:46 +0200 Message-Id: <20210414123750.2110159-3-brauner@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210414123750.2110159-1-brauner@kernel.org> References: <20210414123750.2110159-1-brauner@kernel.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=jBO34yTxB8bcJDNJq5wyTUQeL0/1ZCfYS2ZDxiTmIdE=; m=IiCeUIXZorhQEWHc615NYZk6WrnbxHgrkwHPs6aKB6E=; p=yfLKT3q8PN5tBMAd2IiBeetSQMKvFza+4gNsKpOHu3w=; g=0fda3c9759267fe5b2a619ffc64ace4696480ec8 X-Patch-Sig: m=pgp; i=christian.brauner@ubuntu.com; s=0x0x91C61BC06578DCA2; b=iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCYHbh3wAKCRCRxhvAZXjcong/AP9hXfZ 8QGHNXycaEHAq1UnQs/HQfdCYLk9erfJSyRxvrQD/S2GXC1LEKEP2hVXyl55xNJjAtBVkvQ3CMI+N LuYwFAc= Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Christian Brauner Document mnt_clone_internal(). Cc: Amir Goldstein Cc: Christoph Hellwig Cc: Miklos Szeredi Cc: Al Viro Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner --- fs/namespace.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/fs/namespace.c b/fs/namespace.c index 02f415061efe..7ffefa8b3980 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1271,6 +1271,22 @@ bool path_is_mountpoint(const struct path *path) } EXPORT_SYMBOL(path_is_mountpoint); +/** + * mnt_clone_internal - create a private clone of a path + * @path: path from which the mnt to clone will be taken + * + * This creates a new vfsmount, which will be a clone of @path's vfsmount. + * + * In contrast to clone_private_mount() the new mount will be marked + * MNT_INTERNAL and will note have any mount namespace attached making it + * suitable for short-lived internal mounts since mntput()ing it will always + * hit the slowpath taking the mount lock. + * + * Since the mount is not reachable anwyhere mount properties and propagation + * properties remain stable, i.e. cannot change. + * + * Return: A clone of @path's vfsmount on success, an error pointer on failure. + */ struct vfsmount *mnt_clone_internal(const struct path *path) { struct mount *p; From patchwork Wed Apr 14 12:37:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12202729 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CEF18C43462 for ; Wed, 14 Apr 2021 12:38:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A5E4161249 for ; Wed, 14 Apr 2021 12:38:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347222AbhDNMjT (ORCPT ); Wed, 14 Apr 2021 08:39:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:33864 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245007AbhDNMjG (ORCPT ); Wed, 14 Apr 2021 08:39:06 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3D01960FED; Wed, 14 Apr 2021 12:38:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1618403925; bh=Q1tgq0bLCW1BwFD0GBk1hkaoX7xvFd/jY5QTGUnA8kU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=i/F64rVzbleGLCiMf6pD1vbcfsUEmIFZdvYsnZlLRX/D0f21O93J69Z1knW5XJi7A xK6NUt8xOyTW8puSn4KAOK9XE+bBRHe0MED2vKMkbw0H2AwafWGduo1RIzsceMi1uk dvv337WYKO/4rivyB+jsfIAqv5cBBO5scTjln5zSRBHVHkqlWWrQVHtR1K4KmNv1Py guxI2CPTf6PzIVsD1Lm5UyRKeRrAF81FQfXoO3yL2tCrqomi6Ml0igKnzeeJjN+gaY tPL0hESZycShEOlVz6dSiUYRM+ozkoHQVw50Uo+grFnAJnmKBMKUOy7CBfmt2R6OMh Rh/8mGFhcu05w== From: Christian Brauner To: linux-fsdevel@vger.kernel.org Cc: Amir Goldstein , Christoph Hellwig , Tyler Hicks , David Howells , Miklos Szeredi , Al Viro , ecryptfs@vger.kernel.org, linux-cachefs@redhat.com, Christian Brauner Subject: [PATCH 3/7] namespace: move unbindable check out of clone_private_mount() Date: Wed, 14 Apr 2021 14:37:47 +0200 Message-Id: <20210414123750.2110159-4-brauner@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210414123750.2110159-1-brauner@kernel.org> References: <20210414123750.2110159-1-brauner@kernel.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=QhpZF+pXGA2C35UZEcASpoPOekySoXvzF+VucE2h6UQ=; m=nUiY/Hyk9O3NEoy5nBMQg8mS6mXzVIt1wOdmvUcTRF8=; p=qKMfjPFs6+zUvX3s+RUCVFdWmJzx6xWhQ/tbOsngNSM=; g=6136b4f118bef21a7753d80f6c1d7b9bfbceb86a X-Patch-Sig: m=pgp; i=christian.brauner@ubuntu.com; s=0x0x91C61BC06578DCA2; b=iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCYHbh3wAKCRCRxhvAZXjcorREAQD9J6K JHiA/HQfrmEEyPA6l+rDET5u0b/PHbnIdB6gYFwEAjdbYoTfRQMkHc57c+Ps4V0mXtYStC3s/ygfS 6zj+ags= Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Christian Brauner We're about to switch all filesystems that stack on top or otherwise use a struct path of another filesystem to use clone_private_mount() in the following commits. Most of these filesystems like ecryptfs and cachefiles don't need the MS_UNBDINDABLE check that overlayfs currently wants. So move the check out of clone_private_mount() and into overlayfs itself. Note that overlayfs can probably be switched to not rely on the MS_UNBDINDABLE check too but for now keep it. [1]: df820f8de4e4 ("ovl: make private mounts longterm") Cc: Amir Goldstein Cc: Christoph Hellwig Cc: Miklos Szeredi Cc: Al Viro Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner --- fs/namespace.c | 3 --- fs/overlayfs/super.c | 13 +++++++++++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 7ffefa8b3980..f6efe1272b9d 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1976,9 +1976,6 @@ struct vfsmount *clone_private_mount(const struct path *path) struct mount *old_mnt = real_mount(path->mnt); struct mount *new_mnt; - if (IS_MNT_UNBINDABLE(old_mnt)) - return ERR_PTR(-EINVAL); - new_mnt = clone_mnt(old_mnt, path->dentry, CL_PRIVATE); if (IS_ERR(new_mnt)) return ERR_CAST(new_mnt); diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index fdd72f1a9c5e..c942bb1073f6 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -15,6 +15,7 @@ #include #include #include +#include "../pnode.h" #include "overlayfs.h" MODULE_AUTHOR("Miklos Szeredi "); @@ -1175,6 +1176,14 @@ static int ovl_report_in_use(struct ovl_fs *ofs, const char *name) } } +static inline struct vfsmount *ovl_clone_private_mount(const struct path *path) +{ + if (IS_MNT_UNBINDABLE(real_mount(path->mnt))) + return ERR_PTR(-EINVAL); + + return clone_private_mount(path); +} + static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs, struct ovl_layer *upper_layer, struct path *upperpath) { @@ -1201,7 +1210,7 @@ static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs, if (err) goto out; - upper_mnt = clone_private_mount(upperpath); + upper_mnt = ovl_clone_private_mount(upperpath); err = PTR_ERR(upper_mnt); if (IS_ERR(upper_mnt)) { pr_err("failed to clone upperpath\n"); @@ -1700,7 +1709,7 @@ static int ovl_get_layers(struct super_block *sb, struct ovl_fs *ofs, } } - mnt = clone_private_mount(&stack[i]); + mnt = ovl_clone_private_mount(&stack[i]); err = PTR_ERR(mnt); if (IS_ERR(mnt)) { pr_err("failed to clone lowerpath\n"); From patchwork Wed Apr 14 12:37:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12202731 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 74507C433ED for ; Wed, 14 Apr 2021 12:39:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4095C6124B for ; Wed, 14 Apr 2021 12:39:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347307AbhDNMjU (ORCPT ); Wed, 14 Apr 2021 08:39:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:33882 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347245AbhDNMjK (ORCPT ); Wed, 14 Apr 2021 08:39:10 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id F1E306120E; Wed, 14 Apr 2021 12:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1618403928; bh=IZI+OSslCaIWFEk2NoXBygcF3OFFNuy5fzwoNm+dsZA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TCbE6SQ5uwUBpXZ1RzP3iEGX80CUPIwZpcffam6h0dXXLrSjY4wIQy9c68rnrXrNI Q4C2GpRngJhYYfh2Dvv0bQZG2F2wVCOzSIUdGC2we0X36kC1NC0cLmgBzzwbdaAM5g QemtoLY98MzCIF90JDW/h6U8Cl4MWln131O7EcxkLNt3F/b65G4yIOaN55AnNjUe2k KEq7dm8O3XrhT89NQgMwnTBWQn6eEAct/hreP/qNPSXXYuMqbHeKcK7bVkJp91LHJg m6R6p8h2zzfDmiv9QjQ0a5ioxtUwtIeDlFaqpqN7NdcaDmL+4FwsNw4FffiKCu5i/J oOS5kNFykdD6Q== From: Christian Brauner To: linux-fsdevel@vger.kernel.org Cc: Amir Goldstein , Christoph Hellwig , Tyler Hicks , David Howells , Miklos Szeredi , Al Viro , ecryptfs@vger.kernel.org, linux-cachefs@redhat.com, Christian Brauner Subject: [PATCH 4/7] cachefiles: switch to using a private mount Date: Wed, 14 Apr 2021 14:37:48 +0200 Message-Id: <20210414123750.2110159-5-brauner@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210414123750.2110159-1-brauner@kernel.org> References: <20210414123750.2110159-1-brauner@kernel.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=hwgEpKcxUilZoaiqT+JyzcfGZMf0soWkM4bdQYDkDvg=; m=a96r3v8RwrL4g/1sNPrC4UOIIAEXCc3CS0b2sRZc7RU=; p=XSHAjaTFwV7pvjIGkKhBUdgpl7JgMk4Nu6tl4Wc2ihs=; g=a078b6b4a1967b5b7c037666db37f7e1bb3fbf08 X-Patch-Sig: m=pgp; i=christian.brauner@ubuntu.com; s=0x0x91C61BC06578DCA2; b=iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCYHbh3wAKCRCRxhvAZXjcovMtAP0fOOS sfiJHpJFidXGpKFaz7TF3d0dQVdFZeNLrC7XQ3wD/Ucs2xBHxI30BSsyuxfTXI6WrzKNW4uv7hMiW 2ksOCAk= Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Christian Brauner Since [1] we support creating private mounts from a given path's vfsmount. This makes them very suitable for any filesystem or filesystem functionality that piggybacks on paths of another filesystem. Overlayfs and ecryptfs (which I'll port next) are just two such examples. Without trying to imply to many similarities cachefiles have one thing in common with stacking filesystems namely that they also stack on top of existing paths. These paths are then used as caches for a netfs. Since private mounts aren't attached in the filesystem the aren't affected by mount property changes after cachefiles makes use of them. This seems a rather desirable property as the underlying path can't e.g. suddenly go from read-write to read-only and in general it means that cachefiles is always in full control of the underlying mount after the user has allowed it to be used as a cache (apart from operations that affect the superblock of course). Besides that - and probably irrelevant from the perspective of a cachefiles developer - it also makes things simpler for a variety of other vfs features. One concrete example is fanotify. When the path->mnt of the path that is used as a cache has been marked with FAN_MARK_MOUNT the semantics get tricky as it isn't clear whether the watchers of path->mnt should get notified about fsnotify events when files are created by cachefilesd via path->mnt. Using a private mount let's us elegantly handle this case too and aligns the behavior of stacks created by overlayfs. Reading through the codebase cachefiles currently takes path->mnt and stashes it in cache->mnt. Everytime a cache object needs to be created, looked-up, or in some other form interacted with cachefiles will create a custom path comprised of cache->mnt and the relevant dentry it is interested in: struct path cachefiles_path = { .mnt = cache->mnt, .dentry = dentry, }; So cachefiles already passes the cache->mnt through everywhere so supporting private mounts with cachefiles is pretty simply. Instead of recording path->mnt in cache->mnt we simply record a new private mount we created as a copy of path->mnt via clone_private_mount() in cache->mnt. The rest is cleanly handled by cachefiles already. I have tested this patch with afs: systemctl stop cachefilesd sudo mount --bind /var/cache/fscache /var/cache/fscache systemctl start cachefilesd sudo apt install kafs-client systemctl start afs.mount ls -al /afs ls -al /afs/grand.central.org/software/openafs/1.9.0 md5sum /afs/grand.central.org/software/openafs/1.9.0/openafs-1.9.0-doc.tar.bz2 cat /proc/fs/fscache/stats | grep [1-9] Cookies: idx=148 dat=35 spc=0 Objects: alc=41 nal=0 avl=41 ded=0 Pages : mrk=934 unc=0 Acquire: n=183 nul=0 noc=0 ok=183 nbf=0 oom=0 Lookups: n=41 neg=41 pos=0 crt=41 tmo=0 Retrvls: n=19 ok=0 wt=1 nod=19 nbf=0 int=0 oom=0 Retrvls: ops=19 owt=0 abt=0 Stores : n=934 ok=934 agn=0 nbf=0 oom=0 Stores : ops=62 run=996 pgs=934 rxd=934 olm=0 Ops : pend=0 run=81 enq=996 can=0 rej=0 Ops : ini=953 dfr=0 rel=953 gc=0 umount /afs/grand.central.org md5sum /afs/grand.central.org/software/openafs/1.9.0/openafs-1.9.0-doc.tar.bz2 cat /proc/fs/fscache/stats | grep [1-9] Cookies: idx=152 dat=60 spc=0 Objects: alc=70 nal=0 avl=70 ded=39 ChkAux : non=0 ok=25 upd=0 obs=0 Pages : mrk=1868 unc=934 Acquire: n=212 nul=0 noc=0 ok=212 nbf=0 oom=0 Lookups: n=70 neg=41 pos=29 crt=41 tmo=0 Relinqs: n=39 nul=0 wcr=0 rtr=0 Retrvls: n=38 ok=19 wt=2 nod=19 nbf=0 int=0 oom=0 Retrvls: ops=38 owt=0 abt=0 Stores : n=934 ok=934 agn=0 nbf=0 oom=0 Stores : ops=62 run=996 pgs=934 rxd=934 olm=0 Ops : pend=0 run=100 enq=996 can=0 rej=0 Ops : ini=972 dfr=0 rel=972 gc=0 [1]: c771d683a62e ("vfs: introduce clone_private_mount()") Cc: Amir Goldstein Cc: David Howells Cc: linux-cachefs@redhat.com Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner --- fs/cachefiles/bind.c | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 38bb7764b454..7ef572d698f0 100644 --- a/fs/cachefiles/bind.c +++ b/fs/cachefiles/bind.c @@ -81,7 +81,7 @@ int cachefiles_daemon_bind(struct cachefiles_cache *cache, char *args) static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) { struct cachefiles_object *fsdef; - struct path path; + struct path path, cache_path; struct kstatfs stats; struct dentry *graveyard, *cachedir, *root; const struct cred *saved_cred; @@ -115,16 +115,23 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) if (ret < 0) goto error_open_root; - cache->mnt = path.mnt; - root = path.dentry; - - ret = -EINVAL; if (mnt_user_ns(path.mnt) != &init_user_ns) { + ret = -EINVAL; + cache->mnt = NULL; pr_warn("File cache on idmapped mounts not supported"); goto error_unsupported; } + cache->mnt = clone_private_mount(&path); + if (IS_ERR(cache->mnt)) { + ret = PTR_ERR(cache->mnt); + cache->mnt = NULL; + pr_warn("Failed to create private mount for file cache\n"); + goto error_unsupported; + } + /* check parameters */ + root = path.dentry; ret = -EOPNOTSUPP; if (d_is_negative(root) || !d_backing_inode(root)->i_op->lookup || @@ -144,8 +151,10 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) if (ret < 0) goto error_unsupported; + cache_path.dentry = path.dentry; + cache_path.mnt = cache->mnt; /* get the cache size and blocksize */ - ret = vfs_statfs(&path, &stats); + ret = vfs_statfs(&cache_path, &stats); if (ret < 0) goto error_unsupported; @@ -229,7 +238,12 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) /* done */ set_bit(CACHEFILES_READY, &cache->flags); - dput(root); + + /* + * We've created a private mount and we've stashed our "cache" and + * "graveyard" dentries so we don't need the path anymore. + */ + path_put(&path); pr_info("File cache on %s registered\n", cache->cache.identifier); @@ -242,11 +256,11 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) dput(cache->graveyard); cache->graveyard = NULL; error_unsupported: - mntput(cache->mnt); + path_put(&path); + kern_unmount(cache->mnt); cache->mnt = NULL; dput(fsdef->dentry); fsdef->dentry = NULL; - dput(root); error_open_root: kmem_cache_free(cachefiles_object_jar, fsdef); error_root_object: @@ -270,7 +284,7 @@ void cachefiles_daemon_unbind(struct cachefiles_cache *cache) } dput(cache->graveyard); - mntput(cache->mnt); + kern_unmount(cache->mnt); kfree(cache->rootdirname); kfree(cache->secctx); From patchwork Wed Apr 14 12:37:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12202733 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DAB9EC433ED for ; Wed, 14 Apr 2021 12:39:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BF6E76128E for ; Wed, 14 Apr 2021 12:39:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351039AbhDNMjX (ORCPT ); Wed, 14 Apr 2021 08:39:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:33902 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347293AbhDNMjO (ORCPT ); Wed, 14 Apr 2021 08:39:14 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6EBBE6121E; Wed, 14 Apr 2021 12:38:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1618403932; bh=sCIu140N2M8X8njvAIJD2q5fWwQPwFhqqe2kamzPCtw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=o0sENLoUuxP27Jit3VIRQ7Kak18cSwvm6Z3XaiHYdFZmS3oUI0TIBwms2QKYaSBQU R5nCu1stPKdcVljp/4wXhB/K3zu1U/7lnD5DW/Ct30x+NaeSw6uZkZPNpHpG4qX7SC HWzudJk85K7KWwRwokNM2Q6ATiXrXZqHpifgjWpO1SqUcbmpX9cJ53DRRtcWuewOhf 9e1BI/SKOFCqyvYWMlHQLVtYWIJeMT57xRfEGBeTZPV4VYQEm4WR93Dts75EK+AvkS KkcsTlkRo9xujfbX+hn3u1HHG1ucEBJNsT2beM75vHWNSXUNY4Fky0b7ap+5ZIh9k7 s4UceYGZsd13Q== From: Christian Brauner To: linux-fsdevel@vger.kernel.org Cc: Amir Goldstein , Christoph Hellwig , Tyler Hicks , David Howells , Miklos Szeredi , Al Viro , ecryptfs@vger.kernel.org, linux-cachefs@redhat.com, Christian Brauner Subject: [PATCH 5/7] cachefiles: extend ro check to private mount Date: Wed, 14 Apr 2021 14:37:49 +0200 Message-Id: <20210414123750.2110159-6-brauner@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210414123750.2110159-1-brauner@kernel.org> References: <20210414123750.2110159-1-brauner@kernel.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=sq3ZzJvntlYHpVF9DUkagn5nQ3VlfP9ykb05/pqtBDE=; m=pMjwapyIHPZh2/jZFihhcFe5DK1wUmIATDV/mlaE9cQ=; p=kPx7pu4bz6rCME+mwYTdOpwBCcQFbCJKRgNcEqqGPKo=; g=32bd3995c45960364db8a408beff14ea96e10a5d X-Patch-Sig: m=pgp; i=christian.brauner@ubuntu.com; s=0x0x91C61BC06578DCA2; b=iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCYHbh3wAKCRCRxhvAZXjcoqmsAP9WTRL HhgjsPj1vt/opz4ujzq/rvgDD88VfrmOjH9S5PwEAwVoUUC1QG5rJugyGy51+fWaZql9taVGW7gR4 6svLOwA= Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Christian Brauner So far cachefiles only verified that the superblock wasn't read-only but didn't check whether the mount was. This made sense when we did not use a private mount because the read-only state could change at any point. Now that we have a private mount and mount properties can't change behind our back extend the read-only check to include the vfsmount. The __mnt_is_readonly() helper will check both the mount and the superblock. Note that before we checked root->d_sb and now we check mnt->mnt_sb but since we have a matching pair here this is only syntactical change, not a semantic one. Here's how this works: mount -o ro --bind /var/cache/fscache/ /var/cache/fscache/ systemctl start cachefilesd Job for cachefilesd.service failed because the control process exited with error code. See "systemctl status cachefilesd.service" and "journalctl -xe" for details. dmesg | grep CacheFiles [ 2.922514] CacheFiles: Loaded [ 272.206907] CacheFiles: Failed to register: -30 errno 30 EROFS 30 Read-only file system Cc: David Howells Cc: linux-cachefs@redhat.com Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner --- fs/cachefiles/bind.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 7ef572d698f0..8cf283de4e14 100644 --- a/fs/cachefiles/bind.c +++ b/fs/cachefiles/bind.c @@ -141,8 +141,13 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) !root->d_sb->s_op->sync_fs) goto error_unsupported; + /* + * Verify our mount and superblock aren't read-only. + * Note, while our private mount is guaranteed to not change anymore + * the superblock may still go read-only later. + */ ret = -EROFS; - if (sb_rdonly(root->d_sb)) + if (__mnt_is_readonly(cache->mnt)) goto error_unsupported; /* determine the security of the on-disk cache as this governs From patchwork Wed Apr 14 12:37:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12202735 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A30BFC433B4 for ; Wed, 14 Apr 2021 12:39:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 74EB6613B1 for ; Wed, 14 Apr 2021 12:39:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347395AbhDNMj0 (ORCPT ); Wed, 14 Apr 2021 08:39:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:33920 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351027AbhDNMjR (ORCPT ); Wed, 14 Apr 2021 08:39:17 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id E447961222; Wed, 14 Apr 2021 12:38:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1618403936; bh=6LbUpDRHeKVFywmre5wsdT5O9oGHYiiTeHftrNHF+ZY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=q9Z1a4V11r+Xv6XWFOMxLmjhoTxPr3VbN/BSzvW/hrhem5EOxyVt/dcyD0NsJoy53 /+Y+rIid1t+1EvGjIkt3YNOLiqLbpOSD6mtcUZyQeBvoR9otfsyOIm7Zp2KYOVCO7d xsylazi/VACIgzkae5S6Q99whiIDipC76FaJ6moPJSBLRxtuCnxJ1KJBnMSPmLhKzd 9eAGSzFV8CbturMoBWCLEUbe7FI2nN0sezknQBEUBYzuqdCTRE2Oog3i39Ts5JY5Oh 4lzortHKlwV8zHRTQOwRgng2VQBMcKUmUC7igWv5bw2munEoE7FQwzRxAknLQqOXLy m03rKsgttr4wQ== From: Christian Brauner To: linux-fsdevel@vger.kernel.org Cc: Amir Goldstein , Christoph Hellwig , Tyler Hicks , David Howells , Miklos Szeredi , Al Viro , ecryptfs@vger.kernel.org, linux-cachefs@redhat.com, Christian Brauner Subject: [PATCH 6/7] ecryptfs: switch to using a private mount Date: Wed, 14 Apr 2021 14:37:50 +0200 Message-Id: <20210414123750.2110159-7-brauner@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210414123750.2110159-1-brauner@kernel.org> References: <20210414123750.2110159-1-brauner@kernel.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=i5quYyun8czxLRZDdxT24V6D/9GbgPuJDPP9COSpA2g=; m=+2d+ocNPdMCe8GC9GnGjlv0wWqrqX3vSwHbWLBXFwSI=; p=Py3KZeGpAEWh2+GxH6M/MTccIrFuJBbFGSxvJl8Og24=; g=4087f9cc29878418c1f6c9bd42db7c7e798cbe0f X-Patch-Sig: m=pgp; i=christian.brauner@ubuntu.com; s=0x0x91C61BC06578DCA2; b=iHQEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCYHbh3wAKCRCRxhvAZXjcomN4AQDUz7P ixmxUMLJ57EBcy8VFI7HrqGjYQezz6S9wgCKmxQD2NhcyfJOAWwE9uK4ncOC9SATknjSdFgtJCTKp kT6TBg== Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Christian Brauner Since [1] we support creating private mounts from a given path's vfsmount. This makes them very suitable for any filesystem or filesystem functionality that piggybacks on paths of another filesystem. Overlayfs, cachefiles, and ecryptfs are three prime examples. Since private mounts aren't attached in the filesystem they aren't affected by mount property changes after ecryptfs makes use of them. This seems a rather desirable property as the underlying path can't e.g. suddenly go from read-write to read-only and in general it means that ecryptfs is always in full control of the underlying mount after the user has allowed it to be used (apart from operations that affect the superblock of course). Besides that it also makes things simpler for a variety of other vfs features. One concrete example is fanotify. When the path->mnt of the path that is used as a cache has been marked with FAN_MARK_MOUNT the semantics get tricky as it isn't clear whether the watchers of path->mnt should get notified about fsnotify events when files are created by ecryptfs via path->mnt. Using a private mount let's us elegantly handle this case too and aligns the behavior of stacks created by overlayfs and cachefiles. This change comes with a proper simplification in how ecryptfs currently handles the lower_path it stashes as private information in its dentries. Currently it always does: ecryptfs_set_dentry_private(dentry, dentry_info); dentry_info->lower_path.mnt = mntget(path->mnt); dentry_info->lower_path.dentry = lower_dentry; and then during .d_relase() in ecryptfs_d_release(): path_put(&p->lower_path); which is odd since afaict path->mnt is guaranteed to be the mnt stashed during ecryptfs_mount(): ecryptfs_set_dentry_private(s->s_root, root_info); root_info->lower_path = path; So that mntget() seems somewhat pointless but there might be reasons that I'm missing in how the interpose logic for ecryptfs works. While switching to a long-term private mount via clone_private_mount() let's get rid of the gratuitous mntget() and mntput()/path_put(). Instead, stash away the private mount in ecryptfs' s_fs_info and call kern_unmount() in .kill_sb() so we only take the mntput() hit once. I've added a WARN_ON_ONCE() into ecryptfs_lookup_interpose() triggering if the stashed private mount and the path's mount don't match. I think that would be a proper bug even without that clone_private_mount() change in this patch. [1]: c771d683a62e ("vfs: introduce clone_private_mount()") Cc: Amir Goldstein Cc: Tyler Hicks Cc: Miklos Szeredi Cc: ecryptfs@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner --- fs/ecryptfs/dentry.c | 6 +++++- fs/ecryptfs/ecryptfs_kernel.h | 9 +++++++++ fs/ecryptfs/inode.c | 5 ++++- fs/ecryptfs/main.c | 29 ++++++++++++++++++++++++----- 4 files changed, 42 insertions(+), 7 deletions(-) diff --git a/fs/ecryptfs/dentry.c b/fs/ecryptfs/dentry.c index 44606f079efb..e5edafa165d4 100644 --- a/fs/ecryptfs/dentry.c +++ b/fs/ecryptfs/dentry.c @@ -67,7 +67,11 @@ static void ecryptfs_d_release(struct dentry *dentry) { struct ecryptfs_dentry_info *p = dentry->d_fsdata; if (p) { - path_put(&p->lower_path); + /* + * p->lower_path.mnt is a private mount which will be released + * when the superblock shuts down so we only need to dput here. + */ + dput(p->lower_path.dentry); call_rcu(&p->rcu, ecryptfs_dentry_free_rcu); } } diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index e6ac78c62ca4..f89d0f7bb3fe 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h @@ -352,6 +352,7 @@ struct ecryptfs_mount_crypt_stat { struct ecryptfs_sb_info { struct super_block *wsi_sb; struct ecryptfs_mount_crypt_stat mount_crypt_stat; + struct vfsmount *mnt; }; /* file private data. */ @@ -496,6 +497,14 @@ ecryptfs_set_superblock_lower(struct super_block *sb, ((struct ecryptfs_sb_info *)sb->s_fs_info)->wsi_sb = lower_sb; } +static inline void +ecryptfs_set_superblock_lower_mnt(struct super_block *sb, + struct vfsmount *mnt) +{ + struct ecryptfs_sb_info *sbi = sb->s_fs_info; + sbi->mnt = mnt; +} + static inline struct ecryptfs_dentry_info * ecryptfs_dentry_to_private(struct dentry *dentry) { diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 18e9285fbb4c..204df4bf476d 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -324,6 +324,7 @@ static struct dentry *ecryptfs_lookup_interpose(struct dentry *dentry, struct dentry *lower_dentry) { struct path *path = ecryptfs_dentry_to_lower_path(dentry->d_parent); + struct ecryptfs_sb_info *sb_info = ecryptfs_superblock_to_private(dentry->d_sb); struct inode *inode, *lower_inode; struct ecryptfs_dentry_info *dentry_info; int rc = 0; @@ -339,7 +340,9 @@ static struct dentry *ecryptfs_lookup_interpose(struct dentry *dentry, BUG_ON(!d_count(lower_dentry)); ecryptfs_set_dentry_private(dentry, dentry_info); - dentry_info->lower_path.mnt = mntget(path->mnt); + /* Warn if we somehow ended up with an unexpected path. */ + WARN_ON_ONCE(path->mnt != sb_info->mnt); + dentry_info->lower_path.mnt = path->mnt; dentry_info->lower_path.dentry = lower_dentry; /* diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index cdf40a54a35d..3ba2c0f349a3 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -476,6 +476,7 @@ static struct file_system_type ecryptfs_fs_type; static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *raw_data) { + struct vfsmount *mnt; struct super_block *s; struct ecryptfs_sb_info *sbi; struct ecryptfs_mount_crypt_stat *mount_crypt_stat; @@ -537,6 +538,16 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags goto out_free; } + mnt = clone_private_mount(&path); + if (IS_ERR(mnt)) { + rc = PTR_ERR(mnt); + pr_warn("Failed to create private mount for ecryptfs\n"); + goto out_free; + } + + /* Record our long-term lower mount. */ + ecryptfs_set_superblock_lower_mnt(s, mnt); + if (check_ruid && !uid_eq(d_inode(path.dentry)->i_uid, current_uid())) { rc = -EPERM; printk(KERN_ERR "Mount of device (uid: %d) not owned by " @@ -590,9 +601,15 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags if (!root_info) goto out_free; + /* Use our private mount from now on. */ + root_info->lower_path.mnt = mnt; + root_info->lower_path.dentry = dget(path.dentry); + + /* We created a private clone of this mount above so drop the path. */ + path_put(&path); + /* ->kill_sb() will take care of root_info */ ecryptfs_set_dentry_private(s->s_root, root_info); - root_info->lower_path = path; s->s_flags |= SB_ACTIVE; return dget(s->s_root); @@ -619,11 +636,13 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags static void ecryptfs_kill_block_super(struct super_block *sb) { struct ecryptfs_sb_info *sb_info = ecryptfs_superblock_to_private(sb); + kill_anon_super(sb); - if (!sb_info) - return; - ecryptfs_destroy_mount_crypt_stat(&sb_info->mount_crypt_stat); - kmem_cache_free(ecryptfs_sb_info_cache, sb_info); + if (sb_info) { + kern_unmount(sb_info->mnt); + ecryptfs_destroy_mount_crypt_stat(&sb_info->mount_crypt_stat); + kmem_cache_free(ecryptfs_sb_info_cache, sb_info); + } } static struct file_system_type ecryptfs_fs_type = { From patchwork Wed Apr 14 12:37:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12202737 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26624C43460 for ; Wed, 14 Apr 2021 12:39:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 07F36613B3 for ; Wed, 14 Apr 2021 12:39:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351027AbhDNMj1 (ORCPT ); Wed, 14 Apr 2021 08:39:27 -0400 Received: from mail.kernel.org ([198.145.29.99]:34008 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347336AbhDNMjV (ORCPT ); Wed, 14 Apr 2021 08:39:21 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 05A6961242; Wed, 14 Apr 2021 12:38:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1618403939; bh=trjYxEgalZgxYJrHZB3dPQb397DtdefL3Lsm4LvCJWY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=j5cA7MvJ8u/PxHz/mTf+LlXfEt3LqMQBsmvb29ek09df6dQDeGtD3iUnc3ADbsBJc ryketa8FV75N3FodGyTBY0KSmGrhMSXM2aYceXyVZ1RvA1lKAhDIUwoWFLozEZDFgq aPGq76CSmzC64HUf/0H64P6YYpk8NlDxA1Hu9dMGu3qH07Y9JhmJbCsU5liuaUQB/8 mlFQ44XsnlaaI96OFOESbCp7p7O9VAYkaD7ZncBUzHJ0qxegMUl1BdHsCTiHVhSNX6 OPDQ80yn+0jZ0H4ViTZ2MdmDl7dQ7yxLUjWzvDba55xMTT6T4wml5BPDZF1lpxVQDu AdZ5/6ipoOFjg== From: Christian Brauner To: linux-fsdevel@vger.kernel.org Cc: Amir Goldstein , Christoph Hellwig , Tyler Hicks , David Howells , Miklos Szeredi , Al Viro , ecryptfs@vger.kernel.org, linux-cachefs@redhat.com, Christian Brauner Subject: [PATCH 7/7] ecryptfs: extend ro check to private mount Date: Wed, 14 Apr 2021 14:37:51 +0200 Message-Id: <20210414123750.2110159-8-brauner@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210414123750.2110159-1-brauner@kernel.org> References: <20210414123750.2110159-1-brauner@kernel.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=TJq3ADscBRuq3vVMRrZQ25nFLYThkfCmWR4OfInmRrw=; m=1ciTf4lEciTeOTFMYE8Ti/zNFh88dj9ns8fWVydD8Es=; p=z+y7HlsQCE+Knq6tGOyffFIPiZjVOof3onzoRF6Hb6E=; g=0d107768135058226d796803890d0dee0a0e7ec6 X-Patch-Sig: m=pgp; i=christian.brauner@ubuntu.com; s=0x0x91C61BC06578DCA2; b=iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCYHbh4AAKCRCRxhvAZXjcotLBAQDn6l9 aXkwGRy7SXgg32N2NRCvBm3ku22g55ZuZqsqPhwD/TYrdUDq3t7xICbXuJj/8/Y+oSbZh1gRpQ2li RXJyZgI= Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Christian Brauner So far ecryptfs only verified that the superblock wasn't read-only but didn't check whether the mount was. This made sense when we did not use a private mount because the read-only state could change at any point. Now that we have a private mount and mount properties can't change behind our back extend the read-only check to include the vfsmount. The __mnt_is_readonly() helper will check both the mount and the superblock. Note that before we checked root->d_sb and now we check mnt->mnt_sb but since we have a matching pair here this is only syntactical change, not a semantic one. Overlayfs and cachefiles have been changed to check this as well. Cc: Amir Goldstein Cc: Tyler Hicks Cc: ecryptfs@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner --- fs/ecryptfs/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 3ba2c0f349a3..4e5aeec91e95 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -571,7 +571,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags * 1) The lower mount is ro * 2) The ecryptfs_encrypted_view mount option is specified */ - if (sb_rdonly(path.dentry->d_sb) || mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) + if (__mnt_is_readonly(mnt) || mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) s->s_flags |= SB_RDONLY; s->s_maxbytes = path.dentry->d_sb->s_maxbytes;