From: Al Viro <viro@ZenIV.linux.org.uk>
To: David Howells <dhowells@redhat.com>
Cc: mszeredi@redhat.com, linux-nfs@vger.kernel.org,
jlayton@redhat.com, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 07/27] VFS: Differentiate mount flags (MS_*) from internal superblock flags [ver #5]
Date: Thu, 15 Jun 2017 10:39:27 +0100 [thread overview]
Message-ID: <20170615093927.GG31671@ZenIV.linux.org.uk> (raw)
In-Reply-To: <149745338248.10897.17175227466711674034.stgit@warthog.procyon.org.uk>
On Wed, Jun 14, 2017 at 04:16:22PM +0100, David Howells wrote:
> diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
> index d2fb9c8ed205..e831c115daf9 100644
> --- a/drivers/base/devtmpfs.c
> +++ b/drivers/base/devtmpfs.c
> @@ -355,7 +355,7 @@ int devtmpfs_mount(const char *mntdir)
> if (!thread)
> return 0;
>
> - err = sys_mount("devtmpfs", (char *)mntdir, "devtmpfs", MS_SILENT, NULL);
> + err = sys_mount("devtmpfs", (char *)mntdir, "devtmpfs", SB_SILENT, NULL);
> if (err)
> printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
> else
> @@ -381,7 +381,7 @@ static int devtmpfsd(void *p)
> *err = sys_unshare(CLONE_NEWNS);
> if (*err)
> goto out;
> - *err = sys_mount("devtmpfs", "/", "devtmpfs", MS_SILENT, options);
> + *err = sys_mount("devtmpfs", "/", "devtmpfs", SB_SILENT, options);
Er... These really should be MS_SILENT.
> @@ -311,14 +311,14 @@ static void get_dpms_capabilities(unsigned char flags,
> struct fb_monspecs *specs)
> {
> specs->dpms = 0;
> - if (flags & DPMS_ACTIVE_OFF)
> - specs->dpms |= FB_DPMS_ACTIVE_OFF;
> + if (flags & DPSB_ACTIVE_OFF)
> + specs->dpms |= FB_DPSB_ACTIVE_OFF;
... the hell?
> - if (sb->s_flags & MS_RDONLY)
> + if (sb->s_flags & SB_RDONLY)
TBH, it looks like something along the lines of sb_rdonly(sb) for the above would
make more sense.
> static int flags_to_propagation_type(int flags)
> {
> - int type = flags & ~(MS_REC | MS_SILENT);
> + int type = flags & ~(MS_REC | SB_SILENT);
Huh?
> - flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
> - MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
> - MS_STRICTATIME | MS_NOREMOTELOCK | MS_SUBMOUNT);
> + flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | SB_ACTIVE | SB_BORN |
> + MS_NOATIME | MS_NODIRATIME | MS_RELATIME| SB_KERNMOUNT |
> + MS_STRICTATIME | SB_NOREMOTELOCK | SB_SUBMOUNT);
This is complete bullshit. _IF_ you want to separate these sets, do that
consistently. Mixing MS_... with SB_... in a mask is obviously wrong.
Sure, you can use the fact that such-and-such SB_ flag is the same value
as MS_... one; worth a BUILD_BUG_ON() somewhere to enforce that. However,
please separate the places where you have mount(2) flags argument from
those where you have a set of SB_... bits.
In this case you certainly have MS_... bunch. What's more, I would rather
do it as "we look only at..." instead of "we ignore the following..." - and
probably do it in do_...() functions instead. Note that they already
have parsing and validation of their own...
> diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c
> index 517785052f1c..65489157f8d7 100644
> --- a/tools/testing/selftests/mount/unprivileged-remount-test.c
> +++ b/tools/testing/selftests/mount/unprivileged-remount-test.c
> @@ -129,7 +129,7 @@ static int read_mnt_flags(const char *path)
> }
> mnt_flags = 0;
> if (stat.f_flag & ST_RDONLY)
> - mnt_flags |= MS_RDONLY;
> + mnt_flags |= SB_RDONLY;
> if (stat.f_flag & ST_NOSUID)
> mnt_flags |= MS_NOSUID;
> if (stat.f_flag & ST_NODEV)
> @@ -143,7 +143,7 @@ static int read_mnt_flags(const char *path)
> if (stat.f_flag & ST_RELATIME)
> mnt_flags |= MS_RELATIME;
> if (stat.f_flag & ST_SYNCHRONOUS)
> - mnt_flags |= MS_SYNCHRONOUS;
> + mnt_flags |= SB_SYNCHRONOUS;
> if (stat.f_flag & ST_MANDLOCK)
> mnt_flags |= ST_MANDLOCK;
Really? That's userland code, isn't it?
WARNING: multiple messages have this Message-ID (diff)
From: viro@ZenIV.linux.org.uk (Al Viro)
To: linux-security-module@vger.kernel.org
Subject: [PATCH 07/27] VFS: Differentiate mount flags (MS_*) from internal superblock flags [ver #5]
Date: Thu, 15 Jun 2017 10:39:27 +0100 [thread overview]
Message-ID: <20170615093927.GG31671@ZenIV.linux.org.uk> (raw)
In-Reply-To: <149745338248.10897.17175227466711674034.stgit@warthog.procyon.org.uk>
On Wed, Jun 14, 2017 at 04:16:22PM +0100, David Howells wrote:
> diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
> index d2fb9c8ed205..e831c115daf9 100644
> --- a/drivers/base/devtmpfs.c
> +++ b/drivers/base/devtmpfs.c
> @@ -355,7 +355,7 @@ int devtmpfs_mount(const char *mntdir)
> if (!thread)
> return 0;
>
> - err = sys_mount("devtmpfs", (char *)mntdir, "devtmpfs", MS_SILENT, NULL);
> + err = sys_mount("devtmpfs", (char *)mntdir, "devtmpfs", SB_SILENT, NULL);
> if (err)
> printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
> else
> @@ -381,7 +381,7 @@ static int devtmpfsd(void *p)
> *err = sys_unshare(CLONE_NEWNS);
> if (*err)
> goto out;
> - *err = sys_mount("devtmpfs", "/", "devtmpfs", MS_SILENT, options);
> + *err = sys_mount("devtmpfs", "/", "devtmpfs", SB_SILENT, options);
Er... These really should be MS_SILENT.
> @@ -311,14 +311,14 @@ static void get_dpms_capabilities(unsigned char flags,
> struct fb_monspecs *specs)
> {
> specs->dpms = 0;
> - if (flags & DPMS_ACTIVE_OFF)
> - specs->dpms |= FB_DPMS_ACTIVE_OFF;
> + if (flags & DPSB_ACTIVE_OFF)
> + specs->dpms |= FB_DPSB_ACTIVE_OFF;
... the hell?
> - if (sb->s_flags & MS_RDONLY)
> + if (sb->s_flags & SB_RDONLY)
TBH, it looks like something along the lines of sb_rdonly(sb) for the above would
make more sense.
> static int flags_to_propagation_type(int flags)
> {
> - int type = flags & ~(MS_REC | MS_SILENT);
> + int type = flags & ~(MS_REC | SB_SILENT);
Huh?
> - flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
> - MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
> - MS_STRICTATIME | MS_NOREMOTELOCK | MS_SUBMOUNT);
> + flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | SB_ACTIVE | SB_BORN |
> + MS_NOATIME | MS_NODIRATIME | MS_RELATIME| SB_KERNMOUNT |
> + MS_STRICTATIME | SB_NOREMOTELOCK | SB_SUBMOUNT);
This is complete bullshit. _IF_ you want to separate these sets, do that
consistently. Mixing MS_... with SB_... in a mask is obviously wrong.
Sure, you can use the fact that such-and-such SB_ flag is the same value
as MS_... one; worth a BUILD_BUG_ON() somewhere to enforce that. However,
please separate the places where you have mount(2) flags argument from
those where you have a set of SB_... bits.
In this case you certainly have MS_... bunch. What's more, I would rather
do it as "we look only at..." instead of "we ignore the following..." - and
probably do it in do_...() functions instead. Note that they already
have parsing and validation of their own...
> diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c
> index 517785052f1c..65489157f8d7 100644
> --- a/tools/testing/selftests/mount/unprivileged-remount-test.c
> +++ b/tools/testing/selftests/mount/unprivileged-remount-test.c
> @@ -129,7 +129,7 @@ static int read_mnt_flags(const char *path)
> }
> mnt_flags = 0;
> if (stat.f_flag & ST_RDONLY)
> - mnt_flags |= MS_RDONLY;
> + mnt_flags |= SB_RDONLY;
> if (stat.f_flag & ST_NOSUID)
> mnt_flags |= MS_NOSUID;
> if (stat.f_flag & ST_NODEV)
> @@ -143,7 +143,7 @@ static int read_mnt_flags(const char *path)
> if (stat.f_flag & ST_RELATIME)
> mnt_flags |= MS_RELATIME;
> if (stat.f_flag & ST_SYNCHRONOUS)
> - mnt_flags |= MS_SYNCHRONOUS;
> + mnt_flags |= SB_SYNCHRONOUS;
> if (stat.f_flag & ST_MANDLOCK)
> mnt_flags |= ST_MANDLOCK;
Really? That's userland code, isn't it?
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-06-15 9:39 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-14 15:15 [RFC][PATCH 00/27] VFS: Introduce filesystem context [ver #5] David Howells
2017-06-14 15:15 ` David Howells
2017-06-14 15:15 ` [PATCH 01/27] Provide a function to create a NUL-terminated string from unterminated data " David Howells
2017-06-14 15:15 ` David Howells
2017-06-14 15:15 ` [PATCH 02/27] VFS: Clean up whitespace in fs/namespace.c and fs/super.c " David Howells
2017-06-14 15:15 ` David Howells
2017-06-14 15:15 ` [PATCH 03/27] VFS: Make get_mnt_ns() return the namespace " David Howells
2017-06-14 15:15 ` David Howells
2017-06-15 9:09 ` Al Viro
2017-06-15 9:09 ` Al Viro
2017-06-14 15:15 ` [PATCH 04/27] VFS: Make get_filesystem() return the affected filesystem " David Howells
2017-06-14 15:15 ` David Howells
2017-06-14 15:16 ` [PATCH 05/27] VFS: Provide empty name qstr " David Howells
2017-06-14 15:16 ` David Howells
2017-06-14 15:16 ` [PATCH 06/27] Provide supplementary error message facility " David Howells
2017-06-14 15:16 ` David Howells
2017-08-18 3:09 ` Kim Phillips
2017-08-18 3:09 ` Kim Phillips
2017-08-18 3:09 ` Kim Phillips
2017-08-18 3:09 ` Kim Phillips
2017-06-14 15:16 ` [PATCH 07/27] VFS: Differentiate mount flags (MS_*) from internal superblock flags " David Howells
2017-06-15 9:39 ` Al Viro [this message]
2017-06-15 9:39 ` Al Viro
2017-06-16 9:06 ` Christoph Hellwig
2017-06-16 9:06 ` Christoph Hellwig
2017-06-16 14:53 ` David Howells
2017-06-16 14:53 ` David Howells
2017-06-16 15:49 ` Christoph Hellwig
2017-06-16 15:49 ` Christoph Hellwig
2017-06-16 15:54 ` David Howells
2017-06-16 15:54 ` David Howells
2017-06-14 15:16 ` [PATCH 08/27] VFS: Introduce the structs and doc for a filesystem context " David Howells
2017-06-14 15:16 ` David Howells
2017-06-14 18:02 ` Randy Dunlap
2017-06-14 18:02 ` Randy Dunlap
2017-06-14 22:58 ` Updated docs David Howells
2017-06-14 22:58 ` David Howells
2017-06-15 1:53 ` Randy Dunlap
2017-06-15 1:53 ` Randy Dunlap
2017-06-14 20:03 ` [PATCH 08/27] VFS: Introduce the structs and doc for a filesystem context [ver #5] Casey Schaufler
2017-06-14 20:03 ` Casey Schaufler
2017-06-14 20:42 ` David Howells
2017-06-14 20:42 ` David Howells
2017-06-14 20:53 ` Casey Schaufler
2017-06-14 20:53 ` Casey Schaufler
2017-06-17 9:57 ` Theodore Ts'o
2017-06-17 9:57 ` Theodore Ts'o
2017-06-17 14:18 ` David Howells
2017-06-17 14:18 ` David Howells
2017-06-17 14:56 ` Jeff Layton
2017-06-17 14:56 ` Jeff Layton
2017-06-17 15:11 ` Randy Dunlap
2017-06-17 15:11 ` Randy Dunlap
2017-06-19 7:47 ` David Howells
2017-06-19 7:47 ` David Howells
2017-06-14 15:16 ` [PATCH 09/27] VFS: Add LSM hooks for " David Howells
2017-06-14 15:16 ` David Howells
2017-06-14 15:16 ` [PATCH 10/27] VFS: Implement a filesystem superblock creation/configuration " David Howells
2017-06-14 15:16 ` David Howells
2017-06-14 15:17 ` [PATCH 11/27] VFS: Remove unused code after filesystem context changes " David Howells
2017-06-14 15:17 ` David Howells
2017-06-14 15:17 ` [PATCH 12/27] VFS: Implement fsopen() to prepare for a mount " David Howells
2017-06-14 15:17 ` David Howells
2017-06-14 15:17 ` [PATCH 13/27] VFS: Implement fsmount() to effect a pre-configured " David Howells
2017-06-14 15:17 ` David Howells
2017-06-14 15:17 ` [PATCH 14/27] VFS: Add a sample program for fsopen/fsmount " David Howells
2017-06-14 15:17 ` David Howells
2017-06-14 15:17 ` [PATCH 15/27] procfs: Move proc_fill_super() to fs/proc/root.c " David Howells
2017-06-14 15:17 ` David Howells
2017-06-14 15:17 ` [PATCH 16/27] proc: Add fs_context support to procfs " David Howells
2017-06-14 15:17 ` David Howells
2017-06-15 10:14 ` Al Viro
2017-06-15 10:14 ` Al Viro
2017-06-14 15:17 ` [PATCH 17/27] NFS: Move mount parameterisation bits into their own file " David Howells
2017-06-14 15:17 ` David Howells
2017-06-14 15:18 ` [PATCH 18/27] NFS: Constify mount argument match tables " David Howells
2017-06-14 15:18 ` David Howells
2017-06-14 15:18 ` [PATCH 19/27] NFS: Rename struct nfs_parsed_mount_data to struct nfs_fs_context " David Howells
2017-06-14 15:18 ` David Howells
2017-06-14 15:18 ` [PATCH 20/27] NFS: Split nfs_parse_mount_options() " David Howells
2017-06-14 15:18 ` David Howells
2017-06-14 15:18 ` [PATCH 21/27] NFS: Deindent nfs_fs_context_parse_option() " David Howells
2017-06-14 15:18 ` David Howells
2017-06-14 15:18 ` [PATCH 22/27] NFS: Add a small buffer in nfs_fs_context to avoid string dup " David Howells
2017-06-14 15:18 ` David Howells
2017-06-14 15:18 ` [PATCH 23/27] NFS: Do some tidying of the parsing code " David Howells
2017-06-14 15:18 ` David Howells
2017-06-14 15:18 ` [PATCH 24/27] NFS: Add fs_context support. " David Howells
2017-06-14 15:18 ` David Howells
2017-06-15 15:28 ` Anna Schumaker
2017-06-14 15:19 ` [PATCH 25/27] ipc: Convert mqueue fs to fs_context " David Howells
2017-06-14 15:19 ` David Howells
2017-06-15 10:07 ` Al Viro
2017-06-15 10:07 ` Al Viro
2017-06-15 14:47 ` David Howells
2017-06-15 14:47 ` David Howells
2017-06-14 15:19 ` [PATCH 26/27] cpuset: Use " David Howells
2017-06-14 15:19 ` David Howells
2017-06-14 15:19 ` [PATCH 27/27] kernfs, sysfs, cgroup: Support " David Howells
2017-06-14 15:19 ` David Howells
[not found] ` <149745355907.10897.10073768158664960494.stgit-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2017-06-14 17:54 ` Tejun Heo
2017-06-14 17:54 ` Tejun Heo
2017-06-14 17:54 ` Tejun Heo
2017-06-14 22:31 ` [PATCH 27/27] ... and the intel_rdt driver David Howells
2017-06-14 22:31 ` David Howells
[not found] ` <20170614175426.GA26229-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2017-06-23 15:29 ` [PATCH 27/27] kernfs, sysfs, cgroup: Support fs_context [ver #5] David Howells
2017-06-23 15:29 ` David Howells
2017-06-23 15:29 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170615093927.GG31671@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=dhowells@redhat.com \
--cc=jlayton@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mszeredi@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.