From patchwork Tue Nov 28 16:03:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 13471421 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="X9NeJgOg" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E1A55DA for ; Tue, 28 Nov 2023 08:03:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1701187427; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=y0zwWzL4LnouvSC6RVe208OxiX7Lwfh27TloREnRbLc=; b=X9NeJgOgSAE+NbUXq+CGDkAd9Ao9G5sjdSEFBRDXPRyzTsShhtgw9mBRCwYuVGR7vPQy9a n2hSJnWvRR/4WwDp3Cx9DdNWKmR5e3yoruISJmN2V2ZdL7yei83d54rHQgMOzWW2eNa3mP mYX78b+WN2IuAMXNyY1he6Rk4SSk8jU= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-562-HOEAWJ7oPmWmupf6NCgUTA-1; Tue, 28 Nov 2023 11:03:46 -0500 X-MC-Unique: HOEAWJ7oPmWmupf6NCgUTA-1 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-40b23aef363so36108975e9.1 for ; Tue, 28 Nov 2023 08:03:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701187425; x=1701792225; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y0zwWzL4LnouvSC6RVe208OxiX7Lwfh27TloREnRbLc=; b=qSxSGVUk3xRRyKWJlv51ykDB1ROBthKQHBPGrNwEU0wFBNYEz50CBwSS/4ihgdP8dB XleCfRD19nOPu4qhATPxJR4zP1pa3Z3XKrb4UPviL8zYY77kwxUPfUyKm5+6H6RXBbqF hG9O37gmhTmCCHwmOQ7+oGkzFxo5IYmZli+pImjiZWpQrgyVFvxRAhXNFEV9aajEr+AS NO9LguLD5qa/ymD1l/bmLgD09BcimH2zpKf1p/5N4NHs/iR9OdN4tKWqJtinaVAQ2MaH i/BnVHCvk5IQ+/6O/HgLckDyJqnay74wqGfUmjnN52quhwD1QPi5i7GhAyS2z/RmhfAZ Gczg== X-Gm-Message-State: AOJu0YxrWF97pTaJE82DqUftW9h0/LdR6CXEIn3EMK/wM3mw6ONsTntT NukoJKFAOgPaczDDwENz3k7uhuR/h1Y29d4oKJqYy1u2VCK5ECfitBRvW5uis5uK26h3PVOV4tw lUXSpyNd0QbF97I2URPYd4L59TjICdKt9OcRP X-Received: by 2002:a5d:6da7:0:b0:333:13ce:dc8c with SMTP id u7-20020a5d6da7000000b0033313cedc8cmr399076wrs.13.1701187424797; Tue, 28 Nov 2023 08:03:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IEiOfaV75sGNSINsDpeEEds9KGbjsyagDyEpffjIbzoesRBATKMzILUEn1SQPtaalN7o6I1qQ== X-Received: by 2002:a5d:6da7:0:b0:333:13ce:dc8c with SMTP id u7-20020a5d6da7000000b0033313cedc8cmr399051wrs.13.1701187424562; Tue, 28 Nov 2023 08:03:44 -0800 (PST) Received: from maszat.piliscsaba.szeredi.hu (89-148-117-163.pool.digikabel.hu. [89.148.117.163]) by smtp.gmail.com with ESMTPSA id w27-20020adf8bdb000000b00332e5624a31sm14745352wra.84.2023.11.28.08.03.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 08:03:43 -0800 (PST) From: Miklos Szeredi To: Christian Brauner Cc: linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , linux-fsdevel@vger.kernel.org, Ian Kent , David Howells , Al Viro Subject: [PATCH 1/4] listmount: rip out flags Date: Tue, 28 Nov 2023 17:03:32 +0100 Message-ID: <20231128160337.29094-2-mszeredi@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231128160337.29094-1-mszeredi@redhat.com> References: <20231128160337.29094-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com LISTMOUNT_UNREACHABLE will be achieved differently in a following patch. LISTMOUNT_RECURSIVE becomes the default. If non-recursive listing turns out to be needed, it can be added later. Signed-off-by: Miklos Szeredi --- fs/namespace.c | 49 +++++++++++++------------------------- include/uapi/linux/mount.h | 4 ---- 2 files changed, 16 insertions(+), 37 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index cb338ab18db9..9b4cb25c25ed 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -5004,18 +5004,13 @@ static struct mount *listmnt_first(struct mount *root) return list_first_entry_or_null(&root->mnt_mounts, struct mount, mnt_child); } -static struct mount *listmnt_next(struct mount *curr, struct mount *root, bool recurse) +static struct mount *listmnt_next(struct mount *curr, struct mount *root) { - if (recurse) - return next_mnt(curr, root); - if (!list_is_head(curr->mnt_child.next, &root->mnt_mounts)) - return list_next_entry(curr, mnt_child); - return NULL; + return next_mnt(curr, root); } static ssize_t do_listmount(struct vfsmount *mnt, u64 __user *buf, - size_t bufsize, const struct path *root, - unsigned int flags) + size_t bufsize, const struct path *root) { struct mount *r, *m = real_mount(mnt); struct path rootmnt = { @@ -5023,26 +5018,17 @@ static ssize_t do_listmount(struct vfsmount *mnt, u64 __user *buf, .dentry = root->mnt->mnt_root }; ssize_t ctr; - bool reachable_only = true; - bool recurse = flags & LISTMOUNT_RECURSIVE; int err; - if (flags & LISTMOUNT_UNREACHABLE) { - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - reachable_only = false; - } - - if (reachable_only && !is_path_reachable(m, mnt->mnt_root, &rootmnt)) + if (!is_path_reachable(m, mnt->mnt_root, &rootmnt)) return capable(CAP_SYS_ADMIN) ? 0 : -EPERM; err = security_sb_statfs(mnt->mnt_root); if (err) return err; - for (ctr = 0, r = listmnt_first(m); r; r = listmnt_next(r, m, recurse)) { - if (reachable_only && - !is_path_reachable(r, r->mnt.mnt_root, root)) + for (ctr = 0, r = listmnt_first(m); r; r = listmnt_next(r, m)) { + if (!is_path_reachable(r, r->mnt.mnt_root, root)) continue; if (ctr >= bufsize) @@ -5065,7 +5051,7 @@ SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req, u64 mnt_id; ssize_t ret; - if (flags & ~(LISTMOUNT_UNREACHABLE | LISTMOUNT_RECURSIVE)) + if (flags) return -EINVAL; if (copy_from_user(&kreq, req, sizeof(kreq))) @@ -5075,20 +5061,17 @@ SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req, mnt_id = kreq.mnt_id; down_read(&namespace_sem); - if (mnt_id == LSMT_ROOT) - mnt = ¤t->nsproxy->mnt_ns->root->mnt; - else - mnt = lookup_mnt_in_ns(mnt_id, current->nsproxy->mnt_ns); - if (!mnt) { - up_read(&namespace_sem); - return -ENOENT; - } - get_fs_root(current->fs, &root); - /* Skip unreachable for LSMT_ROOT */ - if (mnt_id == LSMT_ROOT && !(flags & LISTMOUNT_UNREACHABLE)) + if (mnt_id == LSMT_ROOT) { mnt = root.mnt; - ret = do_listmount(mnt, buf, bufsize, &root, flags); + } else { + ret = -ENOENT; + mnt = lookup_mnt_in_ns(mnt_id, current->nsproxy->mnt_ns); + if (!mnt) + goto err; + } + ret = do_listmount(mnt, buf, bufsize, &root); +err: path_put(&root); up_read(&namespace_sem); return ret; diff --git a/include/uapi/linux/mount.h b/include/uapi/linux/mount.h index 7a5bd0b24a62..f6b35a15b7dd 100644 --- a/include/uapi/linux/mount.h +++ b/include/uapi/linux/mount.h @@ -191,10 +191,6 @@ struct mnt_id_req { #define STATMOUNT_MNT_POINT 0x00000010U /* Want/got mnt_point */ #define STATMOUNT_FS_TYPE 0x00000020U /* Want/got fs_type */ -/* listmount(2) flags */ -#define LISTMOUNT_UNREACHABLE 0x01U /* List unreachable mounts too */ -#define LISTMOUNT_RECURSIVE 0x02U /* List a mount tree */ - /* * Special @mnt_id values that can be passed to listmount */ From patchwork Tue Nov 28 16:03:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 13471422 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="hm4t8eX0" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3642C1BE for ; Tue, 28 Nov 2023 08:03:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1701187431; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uHWP4CgGMGQMa05oAicwuViSFvoHVKUifmpkz3RoaX8=; b=hm4t8eX0SYs9uilE31HsArpVenKn84AeoEtlfjU6inIgCCONA59ycfvweR8CuBmumyCobK pJWjzSHl7bovtBXFt3lC8viEo1hs7ZM0xG0K5Rw5f0PG2wb03IIEDfUPF9g91ndSvDigfG HL3FPFHVYqMVuK9ES43hk+ze84HWWJo= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-464-7SCx4CGFP-eZbXGBfcnbDw-1; Tue, 28 Nov 2023 11:03:50 -0500 X-MC-Unique: 7SCx4CGFP-eZbXGBfcnbDw-1 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-40b4c9c3cffso5312415e9.2 for ; Tue, 28 Nov 2023 08:03:48 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701187427; x=1701792227; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uHWP4CgGMGQMa05oAicwuViSFvoHVKUifmpkz3RoaX8=; b=KfVcAJngXt61BKJa+/VnTYBkXK+AX8Q6Fc4y8tL6xrzwwb9OBBf5/Dfk8ya4czsce8 BdZ8mnwbZK1UIW/vgsPI2bkqikF6ETmziOqR/zzU55ojzy7vtGckQvldNwKXE5WMFKOd C9ePabVOwYe/hXt3Gj5PZDny5o4wAVSIbPiM57bU6sHOs50G1ymslVuzTeOOH13AfmBy E0GTKi6ZQWiIRRcSRBFHGYtgGADvcZNlwTZSo8b4flOPeu60DHw8sKshW8kxtezoaTRp fnOSeBWMCk/Q5Jz0iMyErtb7sHh62RwBkpQfE6OcNG6Ampg9HQNGjHUKTkjYwMX9mErD 5Ufw== X-Gm-Message-State: AOJu0YzxICWJ3uOwOZjY7tMzCJjCHcOf5MXrPVm2vMvjQ98jeDz+saml PxJjZ1t7IBe40aW5hi36am4vaReje8nERaB9/u2yuC4eqdbvIdcqFQI0fIZWuHXKurfEhKF4jxg cbqABi/bpPiq6n0XkeZGdnBPIm9QddcpxGN7M X-Received: by 2002:a5d:6346:0:b0:332:f3c9:1c8b with SMTP id b6-20020a5d6346000000b00332f3c91c8bmr6888830wrw.35.1701187427192; Tue, 28 Nov 2023 08:03:47 -0800 (PST) X-Google-Smtp-Source: AGHT+IFeAuJxAOs5c/9tnwUokFzgY0Drl2v1Y2ITVtVNS8ZYHkGucf8lZeJyedz1R9kZoZu7mu1PWg== X-Received: by 2002:a5d:6346:0:b0:332:f3c9:1c8b with SMTP id b6-20020a5d6346000000b00332f3c91c8bmr6888808wrw.35.1701187426874; Tue, 28 Nov 2023 08:03:46 -0800 (PST) Received: from maszat.piliscsaba.szeredi.hu (89-148-117-163.pool.digikabel.hu. [89.148.117.163]) by smtp.gmail.com with ESMTPSA id w27-20020adf8bdb000000b00332e5624a31sm14745352wra.84.2023.11.28.08.03.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 08:03:45 -0800 (PST) From: Miklos Szeredi To: Christian Brauner Cc: linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , linux-fsdevel@vger.kernel.org, Ian Kent , David Howells , Al Viro Subject: [PATCH 2/4] listmount: list mounts in ID order Date: Tue, 28 Nov 2023 17:03:33 +0100 Message-ID: <20231128160337.29094-3-mszeredi@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231128160337.29094-1-mszeredi@redhat.com> References: <20231128160337.29094-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com This is needed to allow continuing from a midpoint. Signed-off-by: Miklos Szeredi --- fs/namespace.c | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 9b4cb25c25ed..ad62cf7ee334 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1010,7 +1010,7 @@ void mnt_change_mountpoint(struct mount *parent, struct mountpoint *mp, struct m static inline struct mount *node_to_mount(struct rb_node *node) { - return rb_entry(node, struct mount, mnt_node); + return node ? rb_entry(node, struct mount, mnt_node) : NULL; } static void mnt_add_to_ns(struct mnt_namespace *ns, struct mount *mnt) @@ -4999,24 +4999,21 @@ SYSCALL_DEFINE4(statmount, const struct mnt_id_req __user *, req, return ret; } -static struct mount *listmnt_first(struct mount *root) +static struct mount *listmnt_next(struct mount *curr) { - return list_first_entry_or_null(&root->mnt_mounts, struct mount, mnt_child); + return node_to_mount(rb_next(&curr->mnt_node)); } -static struct mount *listmnt_next(struct mount *curr, struct mount *root) -{ - return next_mnt(curr, root); -} - -static ssize_t do_listmount(struct vfsmount *mnt, u64 __user *buf, - size_t bufsize, const struct path *root) +static ssize_t do_listmount(struct mount *first, struct vfsmount *mnt, + u64 __user *buf, size_t bufsize, + const struct path *root) { struct mount *r, *m = real_mount(mnt); struct path rootmnt = { .mnt = root->mnt, .dentry = root->mnt->mnt_root }; + struct path orig; ssize_t ctr; int err; @@ -5027,8 +5024,17 @@ static ssize_t do_listmount(struct vfsmount *mnt, u64 __user *buf, if (err) return err; - for (ctr = 0, r = listmnt_first(m); r; r = listmnt_next(r, m)) { - if (!is_path_reachable(r, r->mnt.mnt_root, root)) + if (root->mnt == mnt) { + orig = *root; + } else { + orig.mnt = mnt; + orig.dentry = mnt->mnt_root; + } + + for (ctr = 0, r = first; r; r = listmnt_next(r)) { + if (r == m) + continue; + if (!is_path_reachable(r, r->mnt.mnt_root, &orig)) continue; if (ctr >= bufsize) @@ -5045,8 +5051,10 @@ static ssize_t do_listmount(struct vfsmount *mnt, u64 __user *buf, SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req, u64 __user *, buf, size_t, bufsize, unsigned int, flags) { + struct mnt_namespace *ns = current->nsproxy->mnt_ns; struct mnt_id_req kreq; struct vfsmount *mnt; + struct mount *first; struct path root; u64 mnt_id; ssize_t ret; @@ -5066,11 +5074,13 @@ SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req, mnt = root.mnt; } else { ret = -ENOENT; - mnt = lookup_mnt_in_ns(mnt_id, current->nsproxy->mnt_ns); + mnt = lookup_mnt_in_ns(mnt_id, ns); if (!mnt) goto err; } - ret = do_listmount(mnt, buf, bufsize, &root); + first = node_to_mount(rb_first(&ns->mounts)); + + ret = do_listmount(first, mnt, buf, bufsize, &root); err: path_put(&root); up_read(&namespace_sem); From patchwork Tue Nov 28 16:03:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 13471423 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="EzWBByG+" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2BBECD4B for ; Tue, 28 Nov 2023 08:03:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1701187432; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=omywh3uYUA+OP9xtT6bY+D59biyAwUJXDod3WOPdRWc=; b=EzWBByG+Qm5+9wLIJ/3FpzfxVki8punGEkFsoT029m60Jv5bu/2fl6sRj+OnWtFFp9nhV1 Rk47pa3dqkAdItPpvY+KIz+xUKAuSmG11G7NpJ/nUKDURnllW59/tI+JNGJY7d7Gav02Tt yPEfYdTyQVVj93tuwMrN5uIVe7HWN34= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-537-wQr1OmesPPavbjYYjmhScg-1; Tue, 28 Nov 2023 11:03:50 -0500 X-MC-Unique: wQr1OmesPPavbjYYjmhScg-1 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-40b394c381bso28689585e9.0 for ; Tue, 28 Nov 2023 08:03:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701187429; x=1701792229; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=omywh3uYUA+OP9xtT6bY+D59biyAwUJXDod3WOPdRWc=; b=aywVC81gWGahP0b8hjyLFgXxTt2w9WuVjRbxeYW8vx+Ma0bbcXroBrwFcaaRkXW4ho Ry+IzrYPqwjW3OMjMKCUolqDHDr69sXuSbt+3MxY4DEKLQzmcI1XeYl8CC1L2SBFE4bo /aibdu16Sl9QIQ0EU2uxSqarmjkXBmh+skhOdtcqqvktfEnDq9syieCNv72+hMaYT6VU o0+6ZlDqNANO7KX5vyllZCTo4/0fFDuAhydceYPNgUTuyqVh5iVoaJh8jc3xbp5wAaIS QFN3H9EM90XagFI7D8jhUbWRHwBd0tmbbXWjPpYL1/xNGVzZ2PtlcEcEioTH/7j+EUO+ 29yA== X-Gm-Message-State: AOJu0YxTCDwQnM9e0Tx0zPKLfD16WJmoQoHXNyxr1Xo2KUsXmhB9lgGd XNntAEotoAWBlFTiu/74IpuEKgtVUXdGfqg1IVw4zezSxCdyniRg0VBAkeiMQa6eeofhfLQAeAw BPnH5ybZE9fC9M6QfB7wxCWIit1nrZTKK4J1K X-Received: by 2002:adf:f1c1:0:b0:333:57:52dc with SMTP id z1-20020adff1c1000000b00333005752dcmr6968623wro.28.1701187429404; Tue, 28 Nov 2023 08:03:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IEjBXrvjTmUnqUbvz6X5Z6wicgMGQwKTpwouHd6eOg+ohVwquafvdjG1qDYQ2HQi5uGrlK3bQ== X-Received: by 2002:adf:f1c1:0:b0:333:57:52dc with SMTP id z1-20020adff1c1000000b00333005752dcmr6968581wro.28.1701187429027; Tue, 28 Nov 2023 08:03:49 -0800 (PST) Received: from maszat.piliscsaba.szeredi.hu (89-148-117-163.pool.digikabel.hu. [89.148.117.163]) by smtp.gmail.com with ESMTPSA id w27-20020adf8bdb000000b00332e5624a31sm14745352wra.84.2023.11.28.08.03.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 08:03:47 -0800 (PST) From: Miklos Szeredi To: Christian Brauner Cc: linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , linux-fsdevel@vger.kernel.org, Ian Kent , David Howells , Al Viro Subject: [PATCH 3/4] listmount: small changes in semantics Date: Tue, 28 Nov 2023 17:03:34 +0100 Message-ID: <20231128160337.29094-4-mszeredi@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231128160337.29094-1-mszeredi@redhat.com> References: <20231128160337.29094-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com 1) Make permission checking consistent with statmount(2): fail if mount is unreachable from current root. Previously it failed if mount was unreachable from root->mnt->mnt_root. 2) List all submounts, even if unreachable from current root. This is safe, since 1) will prevent listing unreachable mounts for unprivileged users. 3) LSMT_ROOT is unchaged, it lists mounts under current root. Signed-off-by: Miklos Szeredi --- fs/namespace.c | 39 ++++++++++++++------------------------- 1 file changed, 14 insertions(+), 25 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index ad62cf7ee334..10cd651175b5 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -5004,37 +5004,26 @@ static struct mount *listmnt_next(struct mount *curr) return node_to_mount(rb_next(&curr->mnt_node)); } -static ssize_t do_listmount(struct mount *first, struct vfsmount *mnt, +static ssize_t do_listmount(struct mount *first, struct path *orig, u64 mnt_id, u64 __user *buf, size_t bufsize, const struct path *root) { - struct mount *r, *m = real_mount(mnt); - struct path rootmnt = { - .mnt = root->mnt, - .dentry = root->mnt->mnt_root - }; - struct path orig; + struct mount *r; ssize_t ctr; int err; - if (!is_path_reachable(m, mnt->mnt_root, &rootmnt)) - return capable(CAP_SYS_ADMIN) ? 0 : -EPERM; + if (!capable(CAP_SYS_ADMIN) && + !is_path_reachable(real_mount(orig->mnt), orig->dentry, root)) + return -EPERM; - err = security_sb_statfs(mnt->mnt_root); + err = security_sb_statfs(orig->dentry); if (err) return err; - if (root->mnt == mnt) { - orig = *root; - } else { - orig.mnt = mnt; - orig.dentry = mnt->mnt_root; - } - for (ctr = 0, r = first; r; r = listmnt_next(r)) { - if (r == m) + if (r->mnt_id_unique == mnt_id) continue; - if (!is_path_reachable(r, r->mnt.mnt_root, &orig)) + if (!is_path_reachable(r, r->mnt.mnt_root, orig)) continue; if (ctr >= bufsize) @@ -5053,9 +5042,8 @@ SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req, { struct mnt_namespace *ns = current->nsproxy->mnt_ns; struct mnt_id_req kreq; - struct vfsmount *mnt; struct mount *first; - struct path root; + struct path root, orig; u64 mnt_id; ssize_t ret; @@ -5071,16 +5059,17 @@ SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req, down_read(&namespace_sem); get_fs_root(current->fs, &root); if (mnt_id == LSMT_ROOT) { - mnt = root.mnt; + orig = root; } else { ret = -ENOENT; - mnt = lookup_mnt_in_ns(mnt_id, ns); - if (!mnt) + orig.mnt = lookup_mnt_in_ns(mnt_id, ns); + if (!orig.mnt) goto err; + orig.dentry = orig.mnt->mnt_root; } first = node_to_mount(rb_first(&ns->mounts)); - ret = do_listmount(first, mnt, buf, bufsize, &root); + ret = do_listmount(first, &orig, mnt_id, buf, bufsize, &root); err: path_put(&root); up_read(&namespace_sem); From patchwork Tue Nov 28 16:03:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 13471424 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="FyLPAu7U" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3DD39D4B for ; Tue, 28 Nov 2023 08:03:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1701187435; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4m6tDkdqSaR0d8GaO2j1yGeRlQK9+QqRyo5nT9BhDIE=; b=FyLPAu7UK+Aqdm0vSfRwh2btIZTbqfZ8lhY9DJdVmlfW53ytJBvmFTUhO2AyksNJqLSpfu qZA/9xQTtTqATP43iGjDSmVVFHIEfZrGLgm5lwQZbi7EPQuSm+yiY7Os9bJD/fx00sKi++ 0sBQ9vp5YpLY8RlwgTc3TjaaxoKEu0k= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-355-RO8NvIUUNYOl7bz2LXEONw-1; Tue, 28 Nov 2023 11:03:54 -0500 X-MC-Unique: RO8NvIUUNYOl7bz2LXEONw-1 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-332f6a7c8b1so2234846f8f.2 for ; Tue, 28 Nov 2023 08:03:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701187433; x=1701792233; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4m6tDkdqSaR0d8GaO2j1yGeRlQK9+QqRyo5nT9BhDIE=; b=SgzKNwT2fDkNeE+kq0MlWQNyZd4IvMgis9J/vvq8E6OoH7UM6HOex8GJAPI+xWsc/u qOQFinTlPSSgusOHeLevGDSm/9ClJVEWYDsjew0Ii0Vv2AsTLPVGni4anOzEv8zsMVMk 9vg4BpVaPVR0iOm+4CFZqLrkye60vyiFaobMriUwwGjyXHDtLDxR01cUKMp90NEdHKnJ DE6oI2VLFgfULtZ0Bzwi/QgqDPDt2qUtN++XcWnjnQMBjIt4Gj6F4tBwExsFPr2sVmQI 4BK5o0brbT+LenxP0vXfnD9N3j14JmuIBFNLFC2yGyLznWUfbEKcWoqbfspGq3iy366z 3q9g== X-Gm-Message-State: AOJu0Yyur9YrLtN/khbHA8CP/GY2gkGuA2OAbJ5Vw62Uyidz0WUtWAh6 GZMzWDmmv08p0dnOSJlhH3RU8JNxefhwoKuDS2FcjxTdPC0KvxB7SvJvu3EAf0Dih5BsMNQEZLy kjUsmnv3+7tJ0GM6JGghrqkcO0F/2CMfnGqlW X-Received: by 2002:a5d:424a:0:b0:32f:7c4d:8746 with SMTP id s10-20020a5d424a000000b0032f7c4d8746mr10709423wrr.12.1701187432773; Tue, 28 Nov 2023 08:03:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IGSw+uqLHp4posNurAQ3xZ86X68JibS7pcphfK76/nFWMAGed6YOaHy9YzICF60bQ7CfXQuxg== X-Received: by 2002:a5d:424a:0:b0:32f:7c4d:8746 with SMTP id s10-20020a5d424a000000b0032f7c4d8746mr10709402wrr.12.1701187432494; Tue, 28 Nov 2023 08:03:52 -0800 (PST) Received: from maszat.piliscsaba.szeredi.hu (89-148-117-163.pool.digikabel.hu. [89.148.117.163]) by smtp.gmail.com with ESMTPSA id w27-20020adf8bdb000000b00332e5624a31sm14745352wra.84.2023.11.28.08.03.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 08:03:49 -0800 (PST) From: Miklos Szeredi To: Christian Brauner Cc: linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , linux-fsdevel@vger.kernel.org, Ian Kent , David Howells , Al Viro Subject: [PATCH 4/4] listmount: allow continuing Date: Tue, 28 Nov 2023 17:03:35 +0100 Message-ID: <20231128160337.29094-5-mszeredi@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231128160337.29094-1-mszeredi@redhat.com> References: <20231128160337.29094-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Rename mnt_id_req.request_mask to .param to allow using it for listmount(2) as well. 1) If the buffer is full don't return EOVERFLOW, instead return the buffer size. This still allows detecting a full buffer. 2) listing is continued after the ID contained in .param. This allows listing the mount IDs in multiple listmount() invocations without having to resize buffer. If .param is zero, then the listing is started from the beginning, just like previously. Signed-off-by: Miklos Szeredi --- fs/namespace.c | 17 ++++++++--------- include/uapi/linux/mount.h | 9 ++++++++- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 10cd651175b5..5c1455c4b53b 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -4942,7 +4942,7 @@ static int prepare_kstatmount(struct kstatmount *ks, struct mnt_id_req *kreq, return -EFAULT; *ks = (struct kstatmount){ - .mask = kreq->request_mask, + .mask = kreq->param, .buf = buf, .bufsize = bufsize, .seq = { @@ -5020,14 +5020,11 @@ static ssize_t do_listmount(struct mount *first, struct path *orig, u64 mnt_id, if (err) return err; - for (ctr = 0, r = first; r; r = listmnt_next(r)) { + for (ctr = 0, r = first; r && ctr < bufsize; r = listmnt_next(r)) { if (r->mnt_id_unique == mnt_id) continue; if (!is_path_reachable(r, r->mnt.mnt_root, orig)) continue; - - if (ctr >= bufsize) - return -EOVERFLOW; ctr = array_index_nospec(ctr, bufsize); if (put_user(r->mnt_id_unique, buf + ctr)) return -EFAULT; @@ -5044,7 +5041,7 @@ SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req, struct mnt_id_req kreq; struct mount *first; struct path root, orig; - u64 mnt_id; + u64 mnt_id, last_mnt_id; ssize_t ret; if (flags) @@ -5052,9 +5049,8 @@ SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req, if (copy_from_user(&kreq, req, sizeof(kreq))) return -EFAULT; - if (kreq.request_mask != 0) - return -EINVAL; mnt_id = kreq.mnt_id; + last_mnt_id = kreq.param; down_read(&namespace_sem); get_fs_root(current->fs, &root); @@ -5067,7 +5063,10 @@ SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req, goto err; orig.dentry = orig.mnt->mnt_root; } - first = node_to_mount(rb_first(&ns->mounts)); + if (!last_mnt_id) + first = node_to_mount(rb_first(&ns->mounts)); + else + first = mnt_find_id_at(ns, last_mnt_id + 1); ret = do_listmount(first, &orig, mnt_id, buf, bufsize, &root); err: diff --git a/include/uapi/linux/mount.h b/include/uapi/linux/mount.h index f6b35a15b7dd..dc9a0112d819 100644 --- a/include/uapi/linux/mount.h +++ b/include/uapi/linux/mount.h @@ -176,9 +176,16 @@ struct statmount { char str[]; /* Variable size part containing strings */ }; +/* + * Structure for passing mount ID and miscellaneous parameters to statmount(2) + * and listmount(2). + * + * For statmount(2) @param represents the request mask. + * For listmount(2) @param represents the last listed mount id (or zero). + */ struct mnt_id_req { __u64 mnt_id; - __u64 request_mask; + __u64 param; }; /*