From: Trond Myklebust <trondmy@primarydata.com>
To: "ebiederm@xmission.com" <ebiederm@xmission.com>,
"seth.forshee@canonical.com" <seth.forshee@canonical.com>
Cc: "bfields@fieldses.org" <bfields@fieldses.org>,
"anna.schumaker@netapp.com" <anna.schumaker@netapp.com>,
Steve French <sfrench@primarydata.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
Subject: Re: [REVIEW][PATCH] fs: Better permission checking for submounts
Date: Wed, 1 Feb 2017 13:28:19 +0000 [thread overview]
Message-ID: <1485955696.3731.1.camel@primarydata.com> (raw)
In-Reply-To: <87h94epg9y.fsf_-_@xmission.com>
T24gV2VkLCAyMDE3LTAyLTAxIGF0IDE5OjM4ICsxMzAwLCBFcmljIFcuIEJpZWRlcm1hbiB3cm90
ZToNCj4gVG8gc3VwcG9ydCB1bnByaXZpbGVnZWQgdXNlcnMgbW91bnRpbmcgZmlsZXN5c3RlbXMg
dHdvIHBlcm1pc3Npb24NCj4gY2hlY2tzIGhhdmUgdG8gYmUgcGVyZm9ybWVkOiBhIHRlc3QgdG8g
c2VlIGlmIHRoZSB1c2VyIGFsbG93ZWQgdG8NCj4gY3JlYXRlIGEgbW91bnQgaW4gdGhlIG1vdW50
IG5hbWVzcGFjZSwgYW5kIGEgdGVzdCB0byBzZWUgaWYNCj4gdGhlIHVzZXIgaXMgYWxsb3dlZCB0
byBhY2Nlc3MgdGhlIHNwZWNpZmllZCBmaWxlc3lzdGVtLg0KPiANCj4gVGhlIGF1dG9tb3VudCBj
YXNlIGlzIHNwZWNpYWwgaW4gdGhhdCBtb3VudGluZyB0aGUgb3JpZ2luYWwNCj4gZmlsZXN5c3Rl
bQ0KPiBncmFudHMgcGVybWlzc2lvbiB0byBtb3VudCB0aGUgc3ViLWZpbGVzeXN0ZW1zLCB0byBh
bnkgdXNlciB3aG8NCj4gaGFwcGVucyB0byBzdHVtYmxlIGFjcm9zcyB0aGUgdGhlaXIgbW91bnRw
b2ludCBhbmQgc2F0aXNmaWVzIHRoZQ0KPiBvcmRpbmFyeSBmaWxlc3lzdGVtIHBlcm1pc3Npb24g
Y2hlY2tzLg0KPiANCj4gQXR0ZW1wdGluZyB0byBoYW5kbGUgdGhlIGF1dG9tb3VudCBjYXNlIGJ5
IHVzaW5nIG92ZXJyaWRlX2NyZWRzDQo+IGFsbW9zdCB3b3Jrcy7CoMKgSXQgcHJlc2VydmVzIHRo
ZSBpZGVhIHRoYXQgcGVybWlzc2lvbiB0byBtb3VudA0KPiB0aGUgb3JpZ2luYWwgZmlsZXN5c3Rl
bSBpcyBwZXJtaXNzaW9uIHRvIG1vdW50IHRoZSBzdWItZmlsZXN5c3RlbS4NCj4gVW5mb3J0dW5h
dGVseSB1c2luZyBvdmVycmlkZV9jcmVkcyBtZXNzZXMgdXAgdGhlIGZpbGVzeXN0ZW1zDQo+IG9y
ZGluYXJ5IHBlcm1pc3Npb24gY2hlY2tzLg0KPiANCj4gU29sdmUgdGhpcyBieSBiZWluZyBleHBs
aWNpdCB0aGF0IGEgbW91bnQgaXMgYSBzdWJtb3VudCBieQ0KPiBpbnRyb2R1Y2luZw0KPiB2ZnNf
c3VibW91bnQsIGFuZCB1c2luZyBpdCB3aGVyZSBhcHByb3ByaWF0ZS4NCj4gDQo+IHZmc19zdWJt
b3VudCB1c2VzIGEgbmV3IG1vdW50IGludGVybmFsIG1vdW50IGZsYWdzIE1TX1NVQk1PVU5ULCB0
bw0KPiBsZXQNCj4gc2dldCBhbmQgZnJpZW5kcyBrbm93IHRoYXQgYSBtb3VudCBpcyBhIHN1Ym1v
dW50IHNvIHRoZXkgY2FuIHRha2UNCj4gYXBwcm9wcmlhdGUNCj4gYWN0aW9uLg0KPiANCj4gc2dl
dCBhbmQgc2dldF91c2VybnMgYXJlIG1vZGlmaWVkIHRvIG5vdCBwZXJmb3JtIGFueSBwZXJtaXNz
aW9uDQo+IGNoZWNrcw0KPiBvbiBzdWJtb3VudHMuDQo+IA0KPiBmb2xsb3dfYXV0b21vdW50IGlz
IG1vZGlmaWVkIHRvIHN0b3AgdXNpbmcgb3ZlcnJpZGVfY3JlZHMgYXMgdGhhdA0KPiBoYXMgcHJv
dmVuIHByb2JsZW1hbnRpYy4NCj4gDQo+IGRvX21vdW50IGlzIG1vZGlmaWVkIHRvIGFsd2F5cyBy
ZW1vdmUgdGhlIG5ldyBNU19TVUJNT1VOVCBmbGFnIHNvDQo+IHRoYXQgd2Uga25vdyB1c2Vyc3Bh
Y2Ugd2lsbCBuZXZlciBieSBhYmxlIHRvIHNwZWNpZnkgaXQuDQo+IA0KPiBhdXRvZnM0IGlzIG1v
ZGlmaWVkIHRvIHN0b3AgdXNpbmcgY3VycmVudF9yZWFsX2NyZWQgdGhhdCB3YXMgcHV0IGluDQo+
IHRoZXJlIHRvIGhhbmRsZSB0aGUgcHJldmlvdXMgdmVyc2lvbiBvZiBzdWJtb3VudCBwZXJtaXNz
aW9uIGNoZWNraW5nLg0KPiANCj4gY2lmcyBpcyBtb2RpZmllZCB0byBwYXNzIHRoZSBtb3VudHBv
aW50IGFsbCBvZiB0aGUgd2F5IGRvd24gdG8NCj4gdmZzX3N1Ym1vdW50Lg0KPiANCj4gZGVidWdm
cyBpcyBtb2RpZmllZCB0byBwYXNzIHRoZSBtb3VudHBvaW50IGFsbCBvZiB0aGUgd2F5IGRvd24g
dG8NCj4gdHJhY2VfYXV0b21vdW50IGJ5IGFkZGluZyBhIG5ldyBwYXJhbWV0ZXIuwqDCoFRvIG1h
a2UgdGhpcyBjaGFuZ2UNCj4gZWFzaWVyDQo+IGEgbmV3IHR5cGVkZWYgZGVidWdmc19hdXRvbW91
bnRfdCBpcyBpbnRyb2R1Y2VkIHRvIGNhcHR1cmUgdGhlIHR5cGUNCj4gb2YNCj4gdGhlIGRlYnVn
ZnMgYXV0b21vdW50IGZ1bmN0aW9uLg0KPiANCj4gQ2M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcN
Cj4gRml4ZXM6IDA2OWQ1YWM5YWUwZCAoImF1dG9mczrCoMKgRml4IGF1dG9tb3VudHMgYnkgdXNp
bmcNCj4gY3VycmVudF9yZWFsX2NyZWQoKS0+dWlkIikNCj4gRml4ZXM6IGFlYWE0YTc5ZmY2YSAo
ImZzOiBDYWxsIGRfYXV0b21vdW50IHdpdGggdGhlIGZpbGVzeXN0ZW1zDQo+IGNyZWRzIikNCj4g
U2lnbmVkLW9mZi1ieTogIkVyaWMgVy4gQmllZGVybWFuIiA8ZWJpZWRlcm1AeG1pc3Npb24uY29t
Pg0KPiAtLS0NCj4gwqBmcy9hZnMvbW50cHQuY8KgwqDCoMKgwqDCoMKgwqDCoMKgfMKgwqAyICst
DQo+IMKgZnMvYXV0b2ZzNC93YWl0cS5jwqDCoMKgwqDCoMKgfMKgwqA0ICsrLS0NCj4gwqBmcy9j
aWZzL2NpZnNfZGZzX3JlZi5jwqDCoHzCoMKgNyArKysrLS0tDQo+IMKgZnMvZGVidWdmcy9pbm9k
ZS5jwqDCoMKgwqDCoMKgfMKgwqA4ICsrKystLS0tDQo+IMKgZnMvbmFtZWkuY8KgwqDCoMKgwqDC
oMKgwqDCoMKgwqDCoMKgwqB8wqDCoDMgLS0tDQo+IMKgZnMvbmFtZXNwYWNlLmPCoMKgwqDCoMKg
wqDCoMKgwqDCoHwgMTcgKysrKysrKysrKysrKysrKy0NCj4gwqBmcy9uZnMvbmFtZXNwYWNlLmPC
oMKgwqDCoMKgwqB8wqDCoDIgKy0NCj4gwqBmcy9uZnMvbmZzNG5hbWVzcGFjZS5jwqDCoHzCoMKg
MiArLQ0KPiDCoGZzL3N1cGVyLmPCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgfCAxMyArKysr
KysrKysrLS0tDQo+IMKgaW5jbHVkZS9saW51eC9kZWJ1Z2ZzLmggfMKgwqAzICsrLQ0KPiDCoGlu
Y2x1ZGUvbGludXgvbW91bnQuaMKgwqDCoHzCoMKgMyArKysNCj4gwqBpbmNsdWRlL3VhcGkvbGlu
dXgvZnMuaCB8wqDCoDEgKw0KPiDCoGtlcm5lbC90cmFjZS90cmFjZS5jwqDCoMKgwqB8wqDCoDQg
KystLQ0KPiDCoDEzIGZpbGVzIGNoYW5nZWQsIDQ3IGluc2VydGlvbnMoKyksIDIyIGRlbGV0aW9u
cygtKQ0KPiANCj4gZGlmZiAtLWdpdCBhL2ZzL2Fmcy9tbnRwdC5jIGIvZnMvYWZzL21udHB0LmMN
Cj4gaW5kZXggODFkZDA3NTM1NmI5Li5kNGZiMGFmYzAwOTcgMTAwNjQ0DQo+IC0tLSBhL2ZzL2Fm
cy9tbnRwdC5jDQo+ICsrKyBiL2ZzL2Fmcy9tbnRwdC5jDQo+IEBAIC0yMDIsNyArMjAyLDcgQEAg
c3RhdGljIHN0cnVjdCB2ZnNtb3VudA0KPiAqYWZzX21udHB0X2RvX2F1dG9tb3VudChzdHJ1Y3Qg
ZGVudHJ5ICptbnRwdCkNCj4gwqANCj4gwqAJLyogdHJ5IGFuZCBkbyB0aGUgbW91bnQgKi8NCj4g
wqAJX2RlYnVnKCItLS0gYXR0ZW1wdGluZyBtb3VudCAlcyAtbyAlcyAtLS0iLCBkZXZuYW1lLA0K
PiBvcHRpb25zKTsNCj4gLQltbnQgPSB2ZnNfa2Vybl9tb3VudCgmYWZzX2ZzX3R5cGUsIDAsIGRl
dm5hbWUsIG9wdGlvbnMpOw0KPiArCW1udCA9IHZmc19zdWJtb3VudChtbnRwdCwgJmFmc19mc190
eXBlLCBkZXZuYW1lLCBvcHRpb25zKTsNCj4gwqAJX2RlYnVnKCItLS0gbW91bnQgcmVzdWx0ICVw
IC0tLSIsIG1udCk7DQo+IMKgDQo+IMKgCWZyZWVfcGFnZSgodW5zaWduZWQgbG9uZykgZGV2bmFt
ZSk7DQo+IGRpZmYgLS1naXQgYS9mcy9hdXRvZnM0L3dhaXRxLmMgYi9mcy9hdXRvZnM0L3dhaXRx
LmMNCj4gaW5kZXggMTI3ODMzNWNlMzY2Li43OWZiZDg1ZGI0YmEgMTAwNjQ0DQo+IC0tLSBhL2Zz
L2F1dG9mczQvd2FpdHEuYw0KPiArKysgYi9mcy9hdXRvZnM0L3dhaXRxLmMNCj4gQEAgLTQzNiw4
ICs0MzYsOCBAQCBpbnQgYXV0b2ZzNF93YWl0KHN0cnVjdCBhdXRvZnNfc2JfaW5mbyAqc2JpLA0K
PiDCoAkJbWVtY3B5KCZ3cS0+bmFtZSwgJnFzdHIsIHNpemVvZihzdHJ1Y3QgcXN0cikpOw0KPiDC
oAkJd3EtPmRldiA9IGF1dG9mczRfZ2V0X2RldihzYmkpOw0KPiDCoAkJd3EtPmlubyA9IGF1dG9m
czRfZ2V0X2lubyhzYmkpOw0KPiAtCQl3cS0+dWlkID0gY3VycmVudF9yZWFsX2NyZWQoKS0+dWlk
Ow0KPiAtCQl3cS0+Z2lkID0gY3VycmVudF9yZWFsX2NyZWQoKS0+Z2lkOw0KPiArCQl3cS0+dWlk
ID0gY3VycmVudF9jcmVkKCktPnVpZDsNCj4gKwkJd3EtPmdpZCA9IGN1cnJlbnRfY3JlZCgpLT5n
aWQ7DQo+IMKgCQl3cS0+cGlkID0gcGlkOw0KPiDCoAkJd3EtPnRnaWQgPSB0Z2lkOw0KPiDCoAkJ
d3EtPnN0YXR1cyA9IC1FSU5UUjsgLyogU3RhdHVzIHJldHVybiBpZiBpbnRlcnJ1cHRlZA0KPiAq
Lw0KPiBkaWZmIC0tZ2l0IGEvZnMvY2lmcy9jaWZzX2Rmc19yZWYuYyBiL2ZzL2NpZnMvY2lmc19k
ZnNfcmVmLmMNCj4gaW5kZXggZWM5ZGJiY2NhM2I5Li45MTU2YmU1NDViMGYgMTAwNjQ0DQo+IC0t
LSBhL2ZzL2NpZnMvY2lmc19kZnNfcmVmLmMNCj4gKysrIGIvZnMvY2lmcy9jaWZzX2Rmc19yZWYu
Yw0KPiBAQCAtMjQ1LDcgKzI0NSw4IEBAIGNoYXIgKmNpZnNfY29tcG9zZV9tb3VudF9vcHRpb25z
KGNvbnN0IGNoYXINCj4gKnNiX21vdW50ZGF0YSwNCj4gwqAgKiBAZnVsbHBhdGg6CQlmdWxsIHBh
dGggaW4gVU5DIGZvcm1hdA0KPiDCoCAqIEByZWY6CQlzZXJ2ZXIncyByZWZlcnJhbA0KPiDCoCAq
Lw0KPiAtc3RhdGljIHN0cnVjdCB2ZnNtb3VudCAqY2lmc19kZnNfZG9fcmVmbW91bnQoc3RydWN0
IGNpZnNfc2JfaW5mbw0KPiAqY2lmc19zYiwNCj4gK3N0YXRpYyBzdHJ1Y3QgdmZzbW91bnQgKmNp
ZnNfZGZzX2RvX3JlZm1vdW50KHN0cnVjdCBkZW50cnkgKm1udHB0LA0KPiArCQlzdHJ1Y3QgY2lm
c19zYl9pbmZvICpjaWZzX3NiLA0KPiDCoAkJY29uc3QgY2hhciAqZnVsbHBhdGgsIGNvbnN0IHN0
cnVjdCBkZnNfaW5mbzNfcGFyYW0NCj4gKnJlZikNCj4gwqB7DQo+IMKgCXN0cnVjdCB2ZnNtb3Vu
dCAqbW50Ow0KPiBAQCAtMjU5LDcgKzI2MCw3IEBAIHN0YXRpYyBzdHJ1Y3QgdmZzbW91bnQNCj4g
KmNpZnNfZGZzX2RvX3JlZm1vdW50KHN0cnVjdCBjaWZzX3NiX2luZm8gKmNpZnNfc2IsDQo+IMKg
CWlmIChJU19FUlIobW91bnRkYXRhKSkNCj4gwqAJCXJldHVybiAoc3RydWN0IHZmc21vdW50ICop
bW91bnRkYXRhOw0KPiDCoA0KPiAtCW1udCA9IHZmc19rZXJuX21vdW50KCZjaWZzX2ZzX3R5cGUs
IDAsIGRldm5hbWUsIG1vdW50ZGF0YSk7DQo+ICsJbW50ID0gdmZzX3N1Ym1vdW50KG1udHB0LCAm
Y2lmc19mc190eXBlLCBkZXZuYW1lLA0KPiBtb3VudGRhdGEpOw0KPiDCoAlrZnJlZShtb3VudGRh
dGEpOw0KPiDCoAlrZnJlZShkZXZuYW1lKTsNCj4gwqAJcmV0dXJuIG1udDsNCj4gQEAgLTMzNCw3
ICszMzUsNyBAQCBzdGF0aWMgc3RydWN0IHZmc21vdW50DQo+ICpjaWZzX2Rmc19kb19hdXRvbW91
bnQoc3RydWN0IGRlbnRyeSAqbW50cHQpDQo+IMKgCQkJbW50ID0gRVJSX1BUUigtRUlOVkFMKTsN
Cj4gwqAJCQlicmVhazsNCj4gwqAJCX0NCj4gLQkJbW50ID0gY2lmc19kZnNfZG9fcmVmbW91bnQo
Y2lmc19zYiwNCj4gKwkJbW50ID0gY2lmc19kZnNfZG9fcmVmbW91bnQobW50cHQsIGNpZnNfc2Is
DQo+IMKgCQkJCWZ1bGxfcGF0aCwgcmVmZXJyYWxzICsgaSk7DQo+IMKgCQljaWZzX2RiZyhGWUks
ICIlczogY2lmc19kZnNfZG9fcmVmbW91bnQ6JXMgLA0KPiBtbnQ6JXBcbiIsDQo+IMKgCQkJwqBf
X2Z1bmNfXywgcmVmZXJyYWxzW2ldLm5vZGVfbmFtZSwgbW50KTsNCj4gZGlmZiAtLWdpdCBhL2Zz
L2RlYnVnZnMvaW5vZGUuYyBiL2ZzL2RlYnVnZnMvaW5vZGUuYw0KPiBpbmRleCBmMTdmY2Y4OWUx
OGUuLjFlMzBmNzRhOTUyNyAxMDA2NDQNCj4gLS0tIGEvZnMvZGVidWdmcy9pbm9kZS5jDQo+ICsr
KyBiL2ZzL2RlYnVnZnMvaW5vZGUuYw0KPiBAQCAtMTg3LDkgKzE4Nyw5IEBAIHN0YXRpYyBjb25z
dCBzdHJ1Y3Qgc3VwZXJfb3BlcmF0aW9ucw0KPiBkZWJ1Z2ZzX3N1cGVyX29wZXJhdGlvbnMgPSB7
DQo+IMKgDQo+IMKgc3RhdGljIHN0cnVjdCB2ZnNtb3VudCAqZGVidWdmc19hdXRvbW91bnQoc3Ry
dWN0IHBhdGggKnBhdGgpDQo+IMKgew0KPiAtCXN0cnVjdCB2ZnNtb3VudCAqKCpmKSh2b2lkICop
Ow0KPiAtCWYgPSAoc3RydWN0IHZmc21vdW50ICooKikodm9pZCAqKSlwYXRoLT5kZW50cnktPmRf
ZnNkYXRhOw0KPiAtCXJldHVybiBmKGRfaW5vZGUocGF0aC0+ZGVudHJ5KS0+aV9wcml2YXRlKTsN
Cj4gKwlkZWJ1Z2ZzX2F1dG9tb3VudF90IGY7DQo+ICsJZiA9IChkZWJ1Z2ZzX2F1dG9tb3VudF90
KXBhdGgtPmRlbnRyeS0+ZF9mc2RhdGE7DQo+ICsJcmV0dXJuIGYocGF0aC0+ZGVudHJ5LCBkX2lu
b2RlKHBhdGgtPmRlbnRyeSktPmlfcHJpdmF0ZSk7DQo+IMKgfQ0KPiDCoA0KPiDCoHN0YXRpYyBj
b25zdCBzdHJ1Y3QgZGVudHJ5X29wZXJhdGlvbnMgZGVidWdmc19kb3BzID0gew0KPiBAQCAtNTA0
LDcgKzUwNCw3IEBAIEVYUE9SVF9TWU1CT0xfR1BMKGRlYnVnZnNfY3JlYXRlX2Rpcik7DQo+IMKg
ICovDQo+IMKgc3RydWN0IGRlbnRyeSAqZGVidWdmc19jcmVhdGVfYXV0b21vdW50KGNvbnN0IGNo
YXIgKm5hbWUsDQo+IMKgCQkJCQlzdHJ1Y3QgZGVudHJ5ICpwYXJlbnQsDQo+IC0JCQkJCXN0cnVj
dCB2ZnNtb3VudCAqKCpmKSh2b2lkDQo+ICopLA0KPiArCQkJCQlkZWJ1Z2ZzX2F1dG9tb3VudF90
IGYsDQo+IMKgCQkJCQl2b2lkICpkYXRhKQ0KPiDCoHsNCj4gwqAJc3RydWN0IGRlbnRyeSAqZGVu
dHJ5ID0gc3RhcnRfY3JlYXRpbmcobmFtZSwgcGFyZW50KTsNCj4gZGlmZiAtLWdpdCBhL2ZzL25h
bWVpLmMgYi9mcy9uYW1laS5jDQo+IGluZGV4IDZmYTNlOTEzOGZlNC4uZGE2ODljOWMwMDVlIDEw
MDY0NA0KPiAtLS0gYS9mcy9uYW1laS5jDQo+ICsrKyBiL2ZzL25hbWVpLmMNCj4gQEAgLTExMDAs
NyArMTEwMCw2IEBAIHN0YXRpYyBpbnQgZm9sbG93X2F1dG9tb3VudChzdHJ1Y3QgcGF0aCAqcGF0
aCwNCj4gc3RydWN0IG5hbWVpZGF0YSAqbmQsDQo+IMKgCQkJwqDCoMKgwqBib29sICpuZWVkX21u
dHB1dCkNCj4gwqB7DQo+IMKgCXN0cnVjdCB2ZnNtb3VudCAqbW50Ow0KPiAtCWNvbnN0IHN0cnVj
dCBjcmVkICpvbGRfY3JlZDsNCj4gwqAJaW50IGVycjsNCj4gwqANCj4gwqAJaWYgKCFwYXRoLT5k
ZW50cnktPmRfb3AgfHwgIXBhdGgtPmRlbnRyeS0+ZF9vcC0+ZF9hdXRvbW91bnQpDQo+IEBAIC0x
MTI5LDkgKzExMjgsNyBAQCBzdGF0aWMgaW50IGZvbGxvd19hdXRvbW91bnQoc3RydWN0IHBhdGgg
KnBhdGgsDQo+IHN0cnVjdCBuYW1laWRhdGEgKm5kLA0KPiDCoAlpZiAobmQtPnRvdGFsX2xpbmtf
Y291bnQgPj0gNDApDQo+IMKgCQlyZXR1cm4gLUVMT09QOw0KPiDCoA0KPiAtCW9sZF9jcmVkID0g
b3ZlcnJpZGVfY3JlZHMoJmluaXRfY3JlZCk7DQo+IMKgCW1udCA9IHBhdGgtPmRlbnRyeS0+ZF9v
cC0+ZF9hdXRvbW91bnQocGF0aCk7DQo+IC0JcmV2ZXJ0X2NyZWRzKG9sZF9jcmVkKTsNCj4gwqAJ
aWYgKElTX0VSUihtbnQpKSB7DQo+IMKgCQkvKg0KPiDCoAkJwqAqIFRoZSBmaWxlc3lzdGVtIGlz
IGFsbG93ZWQgdG8gcmV0dXJuIC1FSVNESVIgaGVyZQ0KPiB0byBpbmRpY2F0ZQ0KPiBkaWZmIC0t
Z2l0IGEvZnMvbmFtZXNwYWNlLmMgYi9mcy9uYW1lc3BhY2UuYw0KPiBpbmRleCA0ODdiYTMwYmI1
YzYuLjA4OWE2YjIzMTM1YSAxMDA2NDQNCj4gLS0tIGEvZnMvbmFtZXNwYWNlLmMNCj4gKysrIGIv
ZnMvbmFtZXNwYWNlLmMNCj4gQEAgLTk4OSw2ICs5ODksMjEgQEAgdmZzX2tlcm5fbW91bnQoc3Ry
dWN0IGZpbGVfc3lzdGVtX3R5cGUgKnR5cGUsDQo+IGludCBmbGFncywgY29uc3QgY2hhciAqbmFt
ZSwgdm9pZA0KPiDCoH0NCj4gwqBFWFBPUlRfU1lNQk9MX0dQTCh2ZnNfa2Vybl9tb3VudCk7DQo+
IMKgDQo+ICtzdHJ1Y3QgdmZzbW91bnQgKg0KPiArdmZzX3N1Ym1vdW50KGNvbnN0IHN0cnVjdCBk
ZW50cnkgKm1vdW50cG9pbnQsIHN0cnVjdA0KPiBmaWxlX3N5c3RlbV90eXBlICp0eXBlLA0KPiAr
CcKgwqDCoMKgwqBjb25zdCBjaGFyICpuYW1lLCB2b2lkICpkYXRhKQ0KPiArew0KPiArCS8qIFVu
dGlsIGl0IGlzIHdvcmtlZCBvdXQgaG93IHRvIHBhc3MgdGhlIHVzZXIgbmFtZXNwYWNlDQo+ICsJ
wqAqIHRocm91Z2ggZnJvbSB0aGUgcGFyZW50IG1vdW50IHRvIHRoZSBzdWJtb3VudCBkb24ndA0K
PiBzdXBwb3J0DQo+ICsJwqAqIHVucHJpdmlsZWdlZCBtb3VudHMgd2l0aCBzdWJtb3VudHMuDQo+
ICsJwqAqLw0KPiArCWlmIChtb3VudHBvaW50LT5kX3NiLT5zX3VzZXJfbnMgIT0gJmluaXRfdXNl
cl9ucykNCj4gKwkJcmV0dXJuIEVSUl9QVFIoLUVQRVJNKTsNCj4gKw0KPiArCXJldHVybiB2ZnNf
a2Vybl9tb3VudCh0eXBlLCBNU19TVUJNT1VOVCwgbmFtZSwgZGF0YSk7DQo+ICt9DQo+ICtFWFBP
UlRfU1lNQk9MX0dQTCh2ZnNfc3VibW91bnQpOw0KPiArDQo+IMKgc3RhdGljIHN0cnVjdCBtb3Vu
dCAqY2xvbmVfbW50KHN0cnVjdCBtb3VudCAqb2xkLCBzdHJ1Y3QgZGVudHJ5DQo+ICpyb290LA0K
PiDCoAkJCQkJaW50IGZsYWcpDQo+IMKgew0KPiBAQCAtMjc5NCw3ICsyODA5LDcgQEAgbG9uZyBk
b19tb3VudChjb25zdCBjaGFyICpkZXZfbmFtZSwgY29uc3QgY2hhcg0KPiBfX3VzZXIgKmRpcl9u
YW1lLA0KPiDCoA0KPiDCoAlmbGFncyAmPSB+KE1TX05PU1VJRCB8IE1TX05PRVhFQyB8IE1TX05P
REVWIHwgTVNfQUNUSVZFIHwNCj4gTVNfQk9STiB8DQo+IMKgCQnCoMKgwqBNU19OT0FUSU1FIHwg
TVNfTk9ESVJBVElNRSB8IE1TX1JFTEFUSU1FfA0KPiBNU19LRVJOTU9VTlQgfA0KPiAtCQnCoMKg
wqBNU19TVFJJQ1RBVElNRSB8IE1TX05PUkVNT1RFTE9DSyk7DQo+ICsJCcKgwqDCoE1TX1NUUklD
VEFUSU1FIHwgTVNfTk9SRU1PVEVMT0NLIHwgTVNfU1VCTU9VTlQpOw0KPiDCoA0KPiDCoAlpZiAo
ZmxhZ3MgJiBNU19SRU1PVU5UKQ0KPiDCoAkJcmV0dmFsID0gZG9fcmVtb3VudCgmcGF0aCwgZmxh
Z3MgJiB+TVNfUkVNT1VOVCwNCj4gbW50X2ZsYWdzLA0KPiBkaWZmIC0tZ2l0IGEvZnMvbmZzL25h
bWVzcGFjZS5jIGIvZnMvbmZzL25hbWVzcGFjZS5jDQo+IGluZGV4IDU1NTFlOGVmNjdmZC4uZTQ5
ZDgzMWM0ZTg1IDEwMDY0NA0KPiAtLS0gYS9mcy9uZnMvbmFtZXNwYWNlLmMNCj4gKysrIGIvZnMv
bmZzL25hbWVzcGFjZS5jDQo+IEBAIC0yMjYsNyArMjI2LDcgQEAgc3RhdGljIHN0cnVjdCB2ZnNt
b3VudCAqbmZzX2RvX2Nsb25lX21vdW50KHN0cnVjdA0KPiBuZnNfc2VydmVyICpzZXJ2ZXIsDQo+
IMKgCQkJCQnCoMKgwqBjb25zdCBjaGFyICpkZXZuYW1lLA0KPiDCoAkJCQkJwqDCoMKgc3RydWN0
IG5mc19jbG9uZV9tb3VudA0KPiAqbW91bnRkYXRhKQ0KPiDCoHsNCj4gLQlyZXR1cm4gdmZzX2tl
cm5fbW91bnQoJm5mc194ZGV2X2ZzX3R5cGUsIDAsIGRldm5hbWUsDQo+IG1vdW50ZGF0YSk7DQo+
ICsJcmV0dXJuIHZmc19zdWJtb3VudChtb3VudGRhdGEtPmRlbnRyeSwgJm5mc194ZGV2X2ZzX3R5
cGUsDQo+IGRldm5hbWUsIG1vdW50ZGF0YSk7DQo+IMKgfQ0KPiDCoA0KPiDCoC8qKg0KPiBkaWZm
IC0tZ2l0IGEvZnMvbmZzL25mczRuYW1lc3BhY2UuYyBiL2ZzL25mcy9uZnM0bmFtZXNwYWNlLmMN
Cj4gaW5kZXggZDIxMTA0OTEyNjc2Li5kOGIwNDBiZDk4MTQgMTAwNjQ0DQo+IC0tLSBhL2ZzL25m
cy9uZnM0bmFtZXNwYWNlLmMNCj4gKysrIGIvZnMvbmZzL25mczRuYW1lc3BhY2UuYw0KPiBAQCAt
Mjc5LDcgKzI3OSw3IEBAIHN0YXRpYyBzdHJ1Y3QgdmZzbW91bnQgKnRyeV9sb2NhdGlvbihzdHJ1
Y3QNCj4gbmZzX2Nsb25lX21vdW50ICptb3VudGRhdGEsDQo+IMKgCQkJCW1vdW50ZGF0YS0+aG9z
dG5hbWUsDQo+IMKgCQkJCW1vdW50ZGF0YS0+bW50X3BhdGgpOw0KPiDCoA0KPiAtCQltbnQgPSB2
ZnNfa2Vybl9tb3VudCgmbmZzNF9yZWZlcnJhbF9mc190eXBlLCAwLA0KPiBwYWdlLCBtb3VudGRh
dGEpOw0KPiArCQltbnQgPSB2ZnNfc3VibW91bnQobW91bnRkYXRhLT5kZW50cnksDQo+ICZuZnM0
X3JlZmVycmFsX2ZzX3R5cGUsIHBhZ2UsIG1vdW50ZGF0YSk7DQo+IMKgCQlpZiAoIUlTX0VSUiht
bnQpKQ0KPiDCoAkJCWJyZWFrOw0KPiDCoAl9DQo+IGRpZmYgLS1naXQgYS9mcy9zdXBlci5jIGIv
ZnMvc3VwZXIuYw0KPiBpbmRleCAxNzA5ZWQwMjlhMmMuLjQxODU4NDRmN2ExMiAxMDA2NDQNCj4g
LS0tIGEvZnMvc3VwZXIuYw0KPiArKysgYi9mcy9zdXBlci5jDQo+IEBAIC00NjksNyArNDY5LDcg
QEAgc3RydWN0IHN1cGVyX2Jsb2NrICpzZ2V0X3VzZXJucyhzdHJ1Y3QNCj4gZmlsZV9zeXN0ZW1f
dHlwZSAqdHlwZSwNCj4gwqAJc3RydWN0IHN1cGVyX2Jsb2NrICpvbGQ7DQo+IMKgCWludCBlcnI7
DQo+IMKgDQo+IC0JaWYgKCEoZmxhZ3MgJiBNU19LRVJOTU9VTlQpICYmDQo+ICsJaWYgKCEoZmxh
Z3MgJiAoTVNfS0VSTk1PVU5UfE1TX1NVQk1PVU5UKSkgJiYNCj4gwqAJwqDCoMKgwqAhKHR5cGUt
PmZzX2ZsYWdzICYgRlNfVVNFUk5TX01PVU5UKSAmJg0KPiDCoAnCoMKgwqDCoCFjYXBhYmxlKENB
UF9TWVNfQURNSU4pKQ0KPiDCoAkJcmV0dXJuIEVSUl9QVFIoLUVQRVJNKTsNCj4gQEAgLTQ5OSw3
ICs0OTksNyBAQCBzdHJ1Y3Qgc3VwZXJfYmxvY2sgKnNnZXRfdXNlcm5zKHN0cnVjdA0KPiBmaWxl
X3N5c3RlbV90eXBlICp0eXBlLA0KPiDCoAl9DQo+IMKgCWlmICghcykgew0KPiDCoAkJc3Bpbl91
bmxvY2soJnNiX2xvY2spOw0KPiAtCQlzID0gYWxsb2Nfc3VwZXIodHlwZSwgZmxhZ3MsIHVzZXJf
bnMpOw0KPiArCQlzID0gYWxsb2Nfc3VwZXIodHlwZSwgKGZsYWdzICYgfk1TX1NVQk1PVU5UKSwN
Cj4gdXNlcl9ucyk7DQo+IMKgCQlpZiAoIXMpDQo+IMKgCQkJcmV0dXJuIEVSUl9QVFIoLUVOT01F
TSk7DQo+IMKgCQlnb3RvIHJldHJ5Ow0KPiBAQCAtNTQwLDggKzU0MCwxNSBAQCBzdHJ1Y3Qgc3Vw
ZXJfYmxvY2sgKnNnZXQoc3RydWN0IGZpbGVfc3lzdGVtX3R5cGUNCj4gKnR5cGUsDQo+IMKgew0K
PiDCoAlzdHJ1Y3QgdXNlcl9uYW1lc3BhY2UgKnVzZXJfbnMgPSBjdXJyZW50X3VzZXJfbnMoKTsN
Cj4gwqANCj4gKwkvKiBXZSBkb24ndCB5ZXQgcGFzcyB0aGUgdXNlciBuYW1lc3BhY2Ugb2YgdGhl
IHBhcmVudA0KPiArCcKgKiBtb3VudCB0aHJvdWdoIHRvIGhlcmUgc28gYWx3YXlzIHVzZSAmaW5p
dF91c2VyX25zDQo+ICsJwqAqIHVudGlsIHRoYXQgY2hhbmdlcy4NCj4gKwnCoCovDQo+ICsJaWYg
KGZsYWdzICYgTVNfU1VCTU9VTlQpDQo+ICsJCXVzZXJfbnMgPSAmaW5pdF91c2VyX25zOw0KPiAr
DQo+IMKgCS8qIEVuc3VyZSB0aGUgcmVxdWVzdG9yIGhhcyBwZXJtaXNzaW9ucyBvdmVyIHRoZSB0
YXJnZXQNCj4gZmlsZXN5c3RlbSAqLw0KPiAtCWlmICghKGZsYWdzICYgTVNfS0VSTk1PVU5UKSAm
JiAhbnNfY2FwYWJsZSh1c2VyX25zLA0KPiBDQVBfU1lTX0FETUlOKSkNCj4gKwlpZiAoIShmbGFn
cyAmIChNU19LRVJOTU9VTlR8TVNfU1VCTU9VTlQpKSAmJg0KPiAhbnNfY2FwYWJsZSh1c2VyX25z
LCBDQVBfU1lTX0FETUlOKSkNCj4gwqAJCXJldHVybiBFUlJfUFRSKC1FUEVSTSk7DQo+IMKgDQo+
IMKgCXJldHVybiBzZ2V0X3VzZXJucyh0eXBlLCB0ZXN0LCBzZXQsIGZsYWdzLCB1c2VyX25zLCBk
YXRhKTsNCj4gZGlmZiAtLWdpdCBhL2luY2x1ZGUvbGludXgvZGVidWdmcy5oIGIvaW5jbHVkZS9s
aW51eC9kZWJ1Z2ZzLmgNCj4gaW5kZXggMDE0Y2M1NjRkMWM0Li4yMzMwMDZiZTMwYWEgMTAwNjQ0
DQo+IC0tLSBhL2luY2x1ZGUvbGludXgvZGVidWdmcy5oDQo+ICsrKyBiL2luY2x1ZGUvbGludXgv
ZGVidWdmcy5oDQo+IEBAIC05Nyw5ICs5NywxMCBAQCBzdHJ1Y3QgZGVudHJ5ICpkZWJ1Z2ZzX2Ny
ZWF0ZV9kaXIoY29uc3QgY2hhcg0KPiAqbmFtZSwgc3RydWN0IGRlbnRyeSAqcGFyZW50KTsNCj4g
wqBzdHJ1Y3QgZGVudHJ5ICpkZWJ1Z2ZzX2NyZWF0ZV9zeW1saW5rKGNvbnN0IGNoYXIgKm5hbWUs
IHN0cnVjdA0KPiBkZW50cnkgKnBhcmVudCwNCj4gwqAJCQkJwqDCoMKgwqDCoMKgY29uc3QgY2hh
ciAqZGVzdCk7DQo+IMKgDQo+ICt0eXBlZGVmIHN0cnVjdCB2ZnNtb3VudCAqKCpkZWJ1Z2ZzX2F1
dG9tb3VudF90KShzdHJ1Y3QgZGVudHJ5ICosDQo+IHZvaWQgKik7DQo+IMKgc3RydWN0IGRlbnRy
eSAqZGVidWdmc19jcmVhdGVfYXV0b21vdW50KGNvbnN0IGNoYXIgKm5hbWUsDQo+IMKgCQkJCQlz
dHJ1Y3QgZGVudHJ5ICpwYXJlbnQsDQo+IC0JCQkJCXN0cnVjdCB2ZnNtb3VudCAqKCpmKSh2b2lk
DQo+ICopLA0KPiArCQkJCQlkZWJ1Z2ZzX2F1dG9tb3VudF90IGYsDQo+IMKgCQkJCQl2b2lkICpk
YXRhKTsNCj4gwqANCj4gwqB2b2lkIGRlYnVnZnNfcmVtb3ZlKHN0cnVjdCBkZW50cnkgKmRlbnRy
eSk7DQo+IGRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4L21vdW50LmggYi9pbmNsdWRlL2xpbnV4
L21vdW50LmgNCj4gaW5kZXggYzZmNTUxNThkNWU1Li44ZTAzNTJhZjA2YjcgMTAwNjQ0DQo+IC0t
LSBhL2luY2x1ZGUvbGludXgvbW91bnQuaA0KPiArKysgYi9pbmNsdWRlL2xpbnV4L21vdW50LmgN
Cj4gQEAgLTkwLDYgKzkwLDkgQEAgc3RydWN0IGZpbGVfc3lzdGVtX3R5cGU7DQo+IMKgZXh0ZXJu
IHN0cnVjdCB2ZnNtb3VudCAqdmZzX2tlcm5fbW91bnQoc3RydWN0IGZpbGVfc3lzdGVtX3R5cGUN
Cj4gKnR5cGUsDQo+IMKgCQkJCcKgwqDCoMKgwqDCoGludCBmbGFncywgY29uc3QgY2hhciAqbmFt
ZSwNCj4gwqAJCQkJwqDCoMKgwqDCoMKgdm9pZCAqZGF0YSk7DQo+ICtleHRlcm4gc3RydWN0IHZm
c21vdW50ICp2ZnNfc3VibW91bnQoY29uc3Qgc3RydWN0IGRlbnRyeQ0KPiAqbW91bnRwb2ludCwN
Cj4gKwkJCQnCoMKgwqDCoMKgc3RydWN0IGZpbGVfc3lzdGVtX3R5cGUgKnR5cGUsDQo+ICsJCQkJ
wqDCoMKgwqDCoGNvbnN0IGNoYXIgKm5hbWUsIHZvaWQgKmRhdGEpOw0KPiDCoA0KPiDCoGV4dGVy
biB2b2lkIG1udF9zZXRfZXhwaXJ5KHN0cnVjdCB2ZnNtb3VudCAqbW50LCBzdHJ1Y3QgbGlzdF9o
ZWFkDQo+ICpleHBpcnlfbGlzdCk7DQo+IMKgZXh0ZXJuIHZvaWQgbWFya19tb3VudHNfZm9yX2V4
cGlyeShzdHJ1Y3QgbGlzdF9oZWFkICptb3VudHMpOw0KPiBkaWZmIC0tZ2l0IGEvaW5jbHVkZS91
YXBpL2xpbnV4L2ZzLmggYi9pbmNsdWRlL3VhcGkvbGludXgvZnMuaA0KPiBpbmRleCAzNmRhOTNm
YmYxODguLjA0OGE4NWU5ZjAxNyAxMDA2NDQNCj4gLS0tIGEvaW5jbHVkZS91YXBpL2xpbnV4L2Zz
LmgNCj4gKysrIGIvaW5jbHVkZS91YXBpL2xpbnV4L2ZzLmgNCj4gQEAgLTEzMiw2ICsxMzIsNyBA
QCBzdHJ1Y3QgaW5vZGVzX3N0YXRfdCB7DQo+IMKgI2RlZmluZSBNU19MQVpZVElNRQkoMTw8MjUp
IC8qIFVwZGF0ZSB0aGUgb24tZGlzayBbYWNtXXRpbWVzDQo+IGxhemlseSAqLw0KPiDCoA0KPiDC
oC8qIFRoZXNlIHNiIGZsYWdzIGFyZSBpbnRlcm5hbCB0byB0aGUga2VybmVsICovDQo+ICsjZGVm
aW5lIE1TX1NVQk1PVU5UwqDCoMKgwqDCoCgxPDwyNikNCj4gwqAjZGVmaW5lIE1TX05PUkVNT1RF
TE9DSwkoMTw8MjcpDQo+IMKgI2RlZmluZSBNU19OT1NFQwkoMTw8MjgpDQo+IMKgI2RlZmluZSBN
U19CT1JOCQkoMTw8MjkpDQo+IGRpZmYgLS1naXQgYS9rZXJuZWwvdHJhY2UvdHJhY2UuYyBiL2tl
cm5lbC90cmFjZS90cmFjZS5jDQo+IGluZGV4IGQ3NDQ5NzgzOTg3YS4uMzEwZjBlYTBkMWEyIDEw
MDY0NA0KPiAtLS0gYS9rZXJuZWwvdHJhY2UvdHJhY2UuYw0KPiArKysgYi9rZXJuZWwvdHJhY2Uv
dHJhY2UuYw0KPiBAQCAtNzUwMyw3ICs3NTAzLDcgQEAgaW5pdF90cmFjZXJfdHJhY2VmcyhzdHJ1
Y3QgdHJhY2VfYXJyYXkgKnRyLA0KPiBzdHJ1Y3QgZGVudHJ5ICpkX3RyYWNlcikNCj4gwqAJZnRy
YWNlX2luaXRfdHJhY2Vmcyh0ciwgZF90cmFjZXIpOw0KPiDCoH0NCj4gwqANCj4gLXN0YXRpYyBz
dHJ1Y3QgdmZzbW91bnQgKnRyYWNlX2F1dG9tb3VudCh2b2lkICppbmdvcmUpDQo+ICtzdGF0aWMg
c3RydWN0IHZmc21vdW50ICp0cmFjZV9hdXRvbW91bnQoc3RydWN0IGRlbnRyeSAqbW50cHQsIHZv
aWQNCj4gKmluZ29yZSkNCj4gwqB7DQo+IMKgCXN0cnVjdCB2ZnNtb3VudCAqbW50Ow0KPiDCoAlz
dHJ1Y3QgZmlsZV9zeXN0ZW1fdHlwZSAqdHlwZTsNCj4gQEAgLTc1MTYsNyArNzUxNiw3IEBAIHN0
YXRpYyBzdHJ1Y3QgdmZzbW91bnQgKnRyYWNlX2F1dG9tb3VudCh2b2lkDQo+ICppbmdvcmUpDQo+
IMKgCXR5cGUgPSBnZXRfZnNfdHlwZSgidHJhY2VmcyIpOw0KPiDCoAlpZiAoIXR5cGUpDQo+IMKg
CQlyZXR1cm4gTlVMTDsNCj4gLQltbnQgPSB2ZnNfa2Vybl9tb3VudCh0eXBlLCAwLCAidHJhY2Vm
cyIsIE5VTEwpOw0KPiArCW1udCA9IHZmc19zdWJtb3VudChtbnRwdCwgdHlwZSwgInRyYWNlZnMi
LCBOVUxMKTsNCj4gwqAJcHV0X2ZpbGVzeXN0ZW0odHlwZSk7DQo+IMKgCWlmIChJU19FUlIobW50
KSkNCj4gwqAJCXJldHVybiBOVUxMOw0KDQpZZXMuIFRoYXQgbG9va3MgbGlrZSBpdCBtaWdodCBi
ZSB3b3JrYWJsZS4NCg0KUmV2aWV3ZWQtYnk6IFRyb25kIE15a2xlYnVzdCA8dHJvbmQubXlrbGVi
dXN0QHByaW1hcnlkYXRhLmNvbT4NCi0tIA0KVHJvbmQgTXlrbGVidXN0DQpMaW51eCBORlMgY2xp
ZW50IG1haW50YWluZXIsIFByaW1hcnlEYXRhDQp0cm9uZC5teWtsZWJ1c3RAcHJpbWFyeWRhdGEu
Y29tDQo=
WARNING: multiple messages have this Message-ID (diff)
From: Trond Myklebust <trondmy@primarydata.com>
To: "ebiederm@xmission.com" <ebiederm@xmission.com>,
"seth.forshee@canonical.com" <seth.forshee@canonical.com>
Cc: "bfields@fieldses.org" <bfields@fieldses.org>,
"anna.schumaker@netapp.com" <anna.schumaker@netapp.com>,
Steve French <sfrench@primarydata.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
Subject: Re: [REVIEW][PATCH] fs: Better permission checking for submounts
Date: Wed, 1 Feb 2017 13:28:19 +0000 [thread overview]
Message-ID: <1485955696.3731.1.camel@primarydata.com> (raw)
In-Reply-To: <87h94epg9y.fsf_-_@xmission.com>
On Wed, 2017-02-01 at 19:38 +1300, Eric W. Biederman wrote:
> To support unprivileged users mounting filesystems two permission
> checks have to be performed: a test to see if the user allowed to
> create a mount in the mount namespace, and a test to see if
> the user is allowed to access the specified filesystem.
>
> The automount case is special in that mounting the original
> filesystem
> grants permission to mount the sub-filesystems, to any user who
> happens to stumble across the their mountpoint and satisfies the
> ordinary filesystem permission checks.
>
> Attempting to handle the automount case by using override_creds
> almost works. It preserves the idea that permission to mount
> the original filesystem is permission to mount the sub-filesystem.
> Unfortunately using override_creds messes up the filesystems
> ordinary permission checks.
>
> Solve this by being explicit that a mount is a submount by
> introducing
> vfs_submount, and using it where appropriate.
>
> vfs_submount uses a new mount internal mount flags MS_SUBMOUNT, to
> let
> sget and friends know that a mount is a submount so they can take
> appropriate
> action.
>
> sget and sget_userns are modified to not perform any permission
> checks
> on submounts.
>
> follow_automount is modified to stop using override_creds as that
> has proven problemantic.
>
> do_mount is modified to always remove the new MS_SUBMOUNT flag so
> that we know userspace will never by able to specify it.
>
> autofs4 is modified to stop using current_real_cred that was put in
> there to handle the previous version of submount permission checking.
>
> cifs is modified to pass the mountpoint all of the way down to
> vfs_submount.
>
> debugfs is modified to pass the mountpoint all of the way down to
> trace_automount by adding a new parameter. To make this change
> easier
> a new typedef debugfs_automount_t is introduced to capture the type
> of
> the debugfs automount function.
>
> Cc: stable@vger.kernel.org
> Fixes: 069d5ac9ae0d ("autofs: Fix automounts by using
> current_real_cred()->uid")
> Fixes: aeaa4a79ff6a ("fs: Call d_automount with the filesystems
> creds")
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
> ---
> fs/afs/mntpt.c | 2 +-
> fs/autofs4/waitq.c | 4 ++--
> fs/cifs/cifs_dfs_ref.c | 7 ++++---
> fs/debugfs/inode.c | 8 ++++----
> fs/namei.c | 3 ---
> fs/namespace.c | 17 ++++++++++++++++-
> fs/nfs/namespace.c | 2 +-
> fs/nfs/nfs4namespace.c | 2 +-
> fs/super.c | 13 ++++++++++---
> include/linux/debugfs.h | 3 ++-
> include/linux/mount.h | 3 +++
> include/uapi/linux/fs.h | 1 +
> kernel/trace/trace.c | 4 ++--
> 13 files changed, 47 insertions(+), 22 deletions(-)
>
> diff --git a/fs/afs/mntpt.c b/fs/afs/mntpt.c
> index 81dd075356b9..d4fb0afc0097 100644
> --- a/fs/afs/mntpt.c
> +++ b/fs/afs/mntpt.c
> @@ -202,7 +202,7 @@ static struct vfsmount
> *afs_mntpt_do_automount(struct dentry *mntpt)
>
> /* try and do the mount */
> _debug("--- attempting mount %s -o %s ---", devname,
> options);
> - mnt = vfs_kern_mount(&afs_fs_type, 0, devname, options);
> + mnt = vfs_submount(mntpt, &afs_fs_type, devname, options);
> _debug("--- mount result %p ---", mnt);
>
> free_page((unsigned long) devname);
> diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
> index 1278335ce366..79fbd85db4ba 100644
> --- a/fs/autofs4/waitq.c
> +++ b/fs/autofs4/waitq.c
> @@ -436,8 +436,8 @@ int autofs4_wait(struct autofs_sb_info *sbi,
> memcpy(&wq->name, &qstr, sizeof(struct qstr));
> wq->dev = autofs4_get_dev(sbi);
> wq->ino = autofs4_get_ino(sbi);
> - wq->uid = current_real_cred()->uid;
> - wq->gid = current_real_cred()->gid;
> + wq->uid = current_cred()->uid;
> + wq->gid = current_cred()->gid;
> wq->pid = pid;
> wq->tgid = tgid;
> wq->status = -EINTR; /* Status return if interrupted
> */
> diff --git a/fs/cifs/cifs_dfs_ref.c b/fs/cifs/cifs_dfs_ref.c
> index ec9dbbcca3b9..9156be545b0f 100644
> --- a/fs/cifs/cifs_dfs_ref.c
> +++ b/fs/cifs/cifs_dfs_ref.c
> @@ -245,7 +245,8 @@ char *cifs_compose_mount_options(const char
> *sb_mountdata,
> * @fullpath: full path in UNC format
> * @ref: server's referral
> */
> -static struct vfsmount *cifs_dfs_do_refmount(struct cifs_sb_info
> *cifs_sb,
> +static struct vfsmount *cifs_dfs_do_refmount(struct dentry *mntpt,
> + struct cifs_sb_info *cifs_sb,
> const char *fullpath, const struct dfs_info3_param
> *ref)
> {
> struct vfsmount *mnt;
> @@ -259,7 +260,7 @@ static struct vfsmount
> *cifs_dfs_do_refmount(struct cifs_sb_info *cifs_sb,
> if (IS_ERR(mountdata))
> return (struct vfsmount *)mountdata;
>
> - mnt = vfs_kern_mount(&cifs_fs_type, 0, devname, mountdata);
> + mnt = vfs_submount(mntpt, &cifs_fs_type, devname,
> mountdata);
> kfree(mountdata);
> kfree(devname);
> return mnt;
> @@ -334,7 +335,7 @@ static struct vfsmount
> *cifs_dfs_do_automount(struct dentry *mntpt)
> mnt = ERR_PTR(-EINVAL);
> break;
> }
> - mnt = cifs_dfs_do_refmount(cifs_sb,
> + mnt = cifs_dfs_do_refmount(mntpt, cifs_sb,
> full_path, referrals + i);
> cifs_dbg(FYI, "%s: cifs_dfs_do_refmount:%s ,
> mnt:%p\n",
> __func__, referrals[i].node_name, mnt);
> diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
> index f17fcf89e18e..1e30f74a9527 100644
> --- a/fs/debugfs/inode.c
> +++ b/fs/debugfs/inode.c
> @@ -187,9 +187,9 @@ static const struct super_operations
> debugfs_super_operations = {
>
> static struct vfsmount *debugfs_automount(struct path *path)
> {
> - struct vfsmount *(*f)(void *);
> - f = (struct vfsmount *(*)(void *))path->dentry->d_fsdata;
> - return f(d_inode(path->dentry)->i_private);
> + debugfs_automount_t f;
> + f = (debugfs_automount_t)path->dentry->d_fsdata;
> + return f(path->dentry, d_inode(path->dentry)->i_private);
> }
>
> static const struct dentry_operations debugfs_dops = {
> @@ -504,7 +504,7 @@ EXPORT_SYMBOL_GPL(debugfs_create_dir);
> */
> struct dentry *debugfs_create_automount(const char *name,
> struct dentry *parent,
> - struct vfsmount *(*f)(void
> *),
> + debugfs_automount_t f,
> void *data)
> {
> struct dentry *dentry = start_creating(name, parent);
> diff --git a/fs/namei.c b/fs/namei.c
> index 6fa3e9138fe4..da689c9c005e 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -1100,7 +1100,6 @@ static int follow_automount(struct path *path,
> struct nameidata *nd,
> bool *need_mntput)
> {
> struct vfsmount *mnt;
> - const struct cred *old_cred;
> int err;
>
> if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
> @@ -1129,9 +1128,7 @@ static int follow_automount(struct path *path,
> struct nameidata *nd,
> if (nd->total_link_count >= 40)
> return -ELOOP;
>
> - old_cred = override_creds(&init_cred);
> mnt = path->dentry->d_op->d_automount(path);
> - revert_creds(old_cred);
> if (IS_ERR(mnt)) {
> /*
> * The filesystem is allowed to return -EISDIR here
> to indicate
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 487ba30bb5c6..089a6b23135a 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -989,6 +989,21 @@ vfs_kern_mount(struct file_system_type *type,
> int flags, const char *name, void
> }
> EXPORT_SYMBOL_GPL(vfs_kern_mount);
>
> +struct vfsmount *
> +vfs_submount(const struct dentry *mountpoint, struct
> file_system_type *type,
> + const char *name, void *data)
> +{
> + /* Until it is worked out how to pass the user namespace
> + * through from the parent mount to the submount don't
> support
> + * unprivileged mounts with submounts.
> + */
> + if (mountpoint->d_sb->s_user_ns != &init_user_ns)
> + return ERR_PTR(-EPERM);
> +
> + return vfs_kern_mount(type, MS_SUBMOUNT, name, data);
> +}
> +EXPORT_SYMBOL_GPL(vfs_submount);
> +
> static struct mount *clone_mnt(struct mount *old, struct dentry
> *root,
> int flag)
> {
> @@ -2794,7 +2809,7 @@ long do_mount(const char *dev_name, const char
> __user *dir_name,
>
> flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE |
> MS_BORN |
> MS_NOATIME | MS_NODIRATIME | MS_RELATIME|
> MS_KERNMOUNT |
> - MS_STRICTATIME | MS_NOREMOTELOCK);
> + MS_STRICTATIME | MS_NOREMOTELOCK | MS_SUBMOUNT);
>
> if (flags & MS_REMOUNT)
> retval = do_remount(&path, flags & ~MS_REMOUNT,
> mnt_flags,
> diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c
> index 5551e8ef67fd..e49d831c4e85 100644
> --- a/fs/nfs/namespace.c
> +++ b/fs/nfs/namespace.c
> @@ -226,7 +226,7 @@ static struct vfsmount *nfs_do_clone_mount(struct
> nfs_server *server,
> const char *devname,
> struct nfs_clone_mount
> *mountdata)
> {
> - return vfs_kern_mount(&nfs_xdev_fs_type, 0, devname,
> mountdata);
> + return vfs_submount(mountdata->dentry, &nfs_xdev_fs_type,
> devname, mountdata);
> }
>
> /**
> diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c
> index d21104912676..d8b040bd9814 100644
> --- a/fs/nfs/nfs4namespace.c
> +++ b/fs/nfs/nfs4namespace.c
> @@ -279,7 +279,7 @@ static struct vfsmount *try_location(struct
> nfs_clone_mount *mountdata,
> mountdata->hostname,
> mountdata->mnt_path);
>
> - mnt = vfs_kern_mount(&nfs4_referral_fs_type, 0,
> page, mountdata);
> + mnt = vfs_submount(mountdata->dentry,
> &nfs4_referral_fs_type, page, mountdata);
> if (!IS_ERR(mnt))
> break;
> }
> diff --git a/fs/super.c b/fs/super.c
> index 1709ed029a2c..4185844f7a12 100644
> --- a/fs/super.c
> +++ b/fs/super.c
> @@ -469,7 +469,7 @@ struct super_block *sget_userns(struct
> file_system_type *type,
> struct super_block *old;
> int err;
>
> - if (!(flags & MS_KERNMOUNT) &&
> + if (!(flags & (MS_KERNMOUNT|MS_SUBMOUNT)) &&
> !(type->fs_flags & FS_USERNS_MOUNT) &&
> !capable(CAP_SYS_ADMIN))
> return ERR_PTR(-EPERM);
> @@ -499,7 +499,7 @@ struct super_block *sget_userns(struct
> file_system_type *type,
> }
> if (!s) {
> spin_unlock(&sb_lock);
> - s = alloc_super(type, flags, user_ns);
> + s = alloc_super(type, (flags & ~MS_SUBMOUNT),
> user_ns);
> if (!s)
> return ERR_PTR(-ENOMEM);
> goto retry;
> @@ -540,8 +540,15 @@ struct super_block *sget(struct file_system_type
> *type,
> {
> struct user_namespace *user_ns = current_user_ns();
>
> + /* We don't yet pass the user namespace of the parent
> + * mount through to here so always use &init_user_ns
> + * until that changes.
> + */
> + if (flags & MS_SUBMOUNT)
> + user_ns = &init_user_ns;
> +
> /* Ensure the requestor has permissions over the target
> filesystem */
> - if (!(flags & MS_KERNMOUNT) && !ns_capable(user_ns,
> CAP_SYS_ADMIN))
> + if (!(flags & (MS_KERNMOUNT|MS_SUBMOUNT)) &&
> !ns_capable(user_ns, CAP_SYS_ADMIN))
> return ERR_PTR(-EPERM);
>
> return sget_userns(type, test, set, flags, user_ns, data);
> diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h
> index 014cc564d1c4..233006be30aa 100644
> --- a/include/linux/debugfs.h
> +++ b/include/linux/debugfs.h
> @@ -97,9 +97,10 @@ struct dentry *debugfs_create_dir(const char
> *name, struct dentry *parent);
> struct dentry *debugfs_create_symlink(const char *name, struct
> dentry *parent,
> const char *dest);
>
> +typedef struct vfsmount *(*debugfs_automount_t)(struct dentry *,
> void *);
> struct dentry *debugfs_create_automount(const char *name,
> struct dentry *parent,
> - struct vfsmount *(*f)(void
> *),
> + debugfs_automount_t f,
> void *data);
>
> void debugfs_remove(struct dentry *dentry);
> diff --git a/include/linux/mount.h b/include/linux/mount.h
> index c6f55158d5e5..8e0352af06b7 100644
> --- a/include/linux/mount.h
> +++ b/include/linux/mount.h
> @@ -90,6 +90,9 @@ struct file_system_type;
> extern struct vfsmount *vfs_kern_mount(struct file_system_type
> *type,
> int flags, const char *name,
> void *data);
> +extern struct vfsmount *vfs_submount(const struct dentry
> *mountpoint,
> + struct file_system_type *type,
> + const char *name, void *data);
>
> extern void mnt_set_expiry(struct vfsmount *mnt, struct list_head
> *expiry_list);
> extern void mark_mounts_for_expiry(struct list_head *mounts);
> diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
> index 36da93fbf188..048a85e9f017 100644
> --- a/include/uapi/linux/fs.h
> +++ b/include/uapi/linux/fs.h
> @@ -132,6 +132,7 @@ struct inodes_stat_t {
> #define MS_LAZYTIME (1<<25) /* Update the on-disk [acm]times
> lazily */
>
> /* These sb flags are internal to the kernel */
> +#define MS_SUBMOUNT (1<<26)
> #define MS_NOREMOTELOCK (1<<27)
> #define MS_NOSEC (1<<28)
> #define MS_BORN (1<<29)
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index d7449783987a..310f0ea0d1a2 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -7503,7 +7503,7 @@ init_tracer_tracefs(struct trace_array *tr,
> struct dentry *d_tracer)
> ftrace_init_tracefs(tr, d_tracer);
> }
>
> -static struct vfsmount *trace_automount(void *ingore)
> +static struct vfsmount *trace_automount(struct dentry *mntpt, void
> *ingore)
> {
> struct vfsmount *mnt;
> struct file_system_type *type;
> @@ -7516,7 +7516,7 @@ static struct vfsmount *trace_automount(void
> *ingore)
> type = get_fs_type("tracefs");
> if (!type)
> return NULL;
> - mnt = vfs_kern_mount(type, 0, "tracefs", NULL);
> + mnt = vfs_submount(mntpt, type, "tracefs", NULL);
> put_filesystem(type);
> if (IS_ERR(mnt))
> return NULL;
Yes. That looks like it might be workable.
Reviewed-by: Trond Myklebust <trond.myklebust@primarydata.com>
--
Trond Myklebust
Linux NFS client maintainer, PrimaryData
trond.myklebust@primarydata.com
next prev parent reply other threads:[~2017-02-01 13:28 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-15 17:13 [PATCH] sunrpc: Use current_real_cred() when looking up rpc credentials Seth Forshee
2016-12-15 23:01 ` Trond Myklebust
2016-12-16 13:06 ` Seth Forshee
2017-01-10 14:55 ` Seth Forshee
2017-01-11 0:21 ` Eric W. Biederman
2017-01-24 15:17 ` Seth Forshee
2017-01-24 22:55 ` Eric W. Biederman
2017-01-24 23:28 ` Eric W. Biederman
2017-01-24 23:46 ` Trond Myklebust
2017-01-24 23:56 ` Eric W. Biederman
2017-01-25 0:14 ` Trond Myklebust
2017-01-25 14:52 ` Seth Forshee
2017-01-25 15:51 ` Trond Myklebust
2017-01-25 16:28 ` Seth Forshee
2017-02-01 6:36 ` Eric W. Biederman
2017-02-01 6:38 ` [REVIEW][PATCH] fs: Better permission checking for submounts Eric W. Biederman
2017-02-01 13:28 ` Trond Myklebust [this message]
2017-02-01 13:28 ` Trond Myklebust
2017-02-01 13:38 ` Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1485955696.3731.1.camel@primarydata.com \
--to=trondmy@primarydata.com \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=seth.forshee@canonical.com \
--cc=sfrench@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.