From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark Salyzyn via Linux-f2fs-devel Subject: [PATCH v13 1/5] overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh Date: Wed, 31 Jul 2019 09:57:56 -0700 Message-ID: <20190731165803.4755-2-salyzyn@android.com> References: <20190731165803.4755-1-salyzyn@android.com> Reply-To: Mark Salyzyn Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20190731165803.4755-1-salyzyn@android.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net To: linux-kernel@vger.kernel.org Cc: Latchesar Ionkov , Dave Kleikamp , jfs-discussion@lists.sourceforge.net, Randy Dunlap , linux-doc@vger.kernel.org, Martin Brandenburg , samba-technical@lists.samba.org, Dominique Martinet , Amir Goldstein , David Howells , Chris Mason , "David S . Miller" , Andreas Dilger , ocfs2-devel@oss.oracle.com, netdev@vger.kernel.org, Tyler Hicks , linux-afs@lists.infradead.org, Mike Marshall , linux-xfs@vger.kernel.org, Andreas Gruenbacher , Sage Weil , Jonathan Corbet , Richard Weinberger , Mark Fasheh , devel@lists.orangefs.org, Hugh Dickins List-Id: ceph-devel.vger.kernel.org QXNzdW1wdGlvbiBuZXZlciBjaGVja2VkLCBzaG91bGQgZmFpbCBpZiB0aGUgbW91bnRlciBjcmVk cyBhcmUgbm90CnN1ZmZpY2llbnQuCgpTaWduZWQtb2ZmLWJ5OiBNYXJrIFNhbHl6eW4gPHNhbHl6 eW5AYW5kcm9pZC5jb20+CkNjOiBNaWtsb3MgU3plcmVkaSA8bWlrbG9zQHN6ZXJlZGkuaHU+CkNj OiBKb25hdGhhbiBDb3JiZXQgPGNvcmJldEBsd24ubmV0PgpDYzogVml2ZWsgR295YWwgPHZnb3lh bEByZWRoYXQuY29tPgpDYzogRXJpYyBXLiBCaWVkZXJtYW4gPGViaWVkZXJtQHhtaXNzaW9uLmNv bT4KQ2M6IEFtaXIgR29sZHN0ZWluIDxhbWlyNzNpbEBnbWFpbC5jb20+CkNjOiBSYW5keSBEdW5s YXAgPHJkdW5sYXBAaW5mcmFkZWFkLm9yZz4KQ2M6IFN0ZXBoZW4gU21hbGxleSA8c2RzQHR5Y2hv Lm5zYS5nb3Y+CkNjOiBsaW51eC11bmlvbmZzQHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtZG9j QHZnZXIua2VybmVsLm9yZwpDYzogbGludXgta2VybmVsQHZnZXIua2VybmVsLm9yZwpDYzoga2Vy bmVsLXRlYW1AYW5kcm9pZC5jb20KQ2M6IEVyaWMgVmFuIEhlbnNiZXJnZW4gPGVyaWN2aEBnbWFp bC5jb20+CkNjOiBMYXRjaGVzYXIgSW9ua292IDxsdWNob0Bpb25rb3YubmV0PgpDYzogRG9taW5p cXVlIE1hcnRpbmV0IDxhc21hZGV1c0Bjb2Rld3JlY2sub3JnPgpDYzogRGF2aWQgSG93ZWxscyA8 ZGhvd2VsbHNAcmVkaGF0LmNvbT4KQ2M6IENocmlzIE1hc29uIDxjbG1AZmIuY29tPgpDYzogSm9z ZWYgQmFjaWsgPGpvc2VmQHRveGljcGFuZGEuY29tPgpDYzogRGF2aWQgU3RlcmJhIDxkc3RlcmJh QHN1c2UuY29tPgpDYzogSmVmZiBMYXl0b24gPGpsYXl0b25Aa2VybmVsLm9yZz4KQ2M6IFNhZ2Ug V2VpbCA8c2FnZUByZWRoYXQuY29tPgpDYzogSWx5YSBEcnlvbW92IDxpZHJ5b21vdkBnbWFpbC5j b20+CkNjOiBTdGV2ZSBGcmVuY2ggPHNmcmVuY2hAc2FtYmEub3JnPgpDYzogVHlsZXIgSGlja3Mg PHR5aGlja3NAY2Fub25pY2FsLmNvbT4KQ2M6IEphbiBLYXJhIDxqYWNrQHN1c2UuY29tPgpDYzog VGhlb2RvcmUgVHMnbyA8dHl0c29AbWl0LmVkdT4KQ2M6IEFuZHJlYXMgRGlsZ2VyIDxhZGlsZ2Vy Lmtlcm5lbEBkaWxnZXIuY2E+CkNjOiBKYWVnZXVrIEtpbSA8amFlZ2V1a0BrZXJuZWwub3JnPgpD YzogQ2hhbyBZdSA8eXVjaGFvMEBodWF3ZWkuY29tPgpDYzogQm9iIFBldGVyc29uIDxycGV0ZXJz b0ByZWRoYXQuY29tPgpDYzogQW5kcmVhcyBHcnVlbmJhY2hlciA8YWdydWVuYmFAcmVkaGF0LmNv bT4KQ2M6IERhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAaW5mcmFkZWFkLm9yZz4KQ2M6IFJpY2hhcmQg V2VpbmJlcmdlciA8cmljaGFyZEBub2QuYXQ+CkNjOiBEYXZlIEtsZWlrYW1wIDxzaGFnZ3lAa2Vy bmVsLm9yZz4KQ2M6IEdyZWcgS3JvYWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5v cmc+CkNjOiBUZWp1biBIZW8gPHRqQGtlcm5lbC5vcmc+CkNjOiBUcm9uZCBNeWtsZWJ1c3QgPHRy b25kLm15a2xlYnVzdEBoYW1tZXJzcGFjZS5jb20+CkNjOiBBbm5hIFNjaHVtYWtlciA8YW5uYS5z Y2h1bWFrZXJAbmV0YXBwLmNvbT4KQ2M6IE1hcmsgRmFzaGVoIDxtYXJrQGZhc2hlaC5jb20+CkNj OiBKb2VsIEJlY2tlciA8amxiZWNAZXZpbHBsYW4ub3JnPgpDYzogSm9zZXBoIFFpIDxqb3NlcGgu cWlAbGludXguYWxpYmFiYS5jb20+CkNjOiBNaWtlIE1hcnNoYWxsIDxodWJjYXBAb21uaWJvbmQu Y29tPgpDYzogTWFydGluIEJyYW5kZW5idXJnIDxtYXJ0aW5Ab21uaWJvbmQuY29tPgpDYzogQWxl eGFuZGVyIFZpcm8gPHZpcm9AemVuaXYubGludXgub3JnLnVrPgpDYzogUGhpbGxpcCBMb3VnaGVy IDxwaGlsbGlwQHNxdWFzaGZzLm9yZy51az4KQ2M6IERhcnJpY2sgSi4gV29uZyA8ZGFycmljay53 b25nQG9yYWNsZS5jb20+CkNjOiBsaW51eC14ZnNAdmdlci5rZXJuZWwub3JnCkNjOiBIdWdoIERp Y2tpbnMgPGh1Z2hkQGdvb2dsZS5jb20+CkNjOiBEYXZpZCBTLiBNaWxsZXIgPGRhdmVtQGRhdmVt bG9mdC5uZXQ+CkNjOiBBbmRyZXcgTW9ydG9uIDxha3BtQGxpbnV4LWZvdW5kYXRpb24ub3JnPgpD YzogTWF0aGlldSBNYWxhdGVycmUgPG1hbGF0QGRlYmlhbi5vcmc+CkNjOiBFcm5lc3RvIEEuIEZl cm7DoW5kZXogPGVybmVzdG8ubW5kLmZlcm5hbmRlekBnbWFpbC5jb20+CkNjOiBWeWFjaGVzbGF2 IER1YmV5a28gPHNsYXZhQGR1YmV5a28uY29tPgpDYzogdjlmcy1kZXZlbG9wZXJAbGlzdHMuc291 cmNlZm9yZ2UubmV0CkNjOiBsaW51eC1hZnNAbGlzdHMuaW5mcmFkZWFkLm9yZwpDYzogbGludXgt YnRyZnNAdmdlci5rZXJuZWwub3JnCkNjOiBjZXBoLWRldmVsQHZnZXIua2VybmVsLm9yZwpDYzog bGludXgtY2lmc0B2Z2VyLmtlcm5lbC5vcmcKQ2M6IHNhbWJhLXRlY2huaWNhbEBsaXN0cy5zYW1i YS5vcmcKQ2M6IGVjcnlwdGZzQHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtZXh0NEB2Z2VyLmtl cm5lbC5vcmcKQ2M6IGxpbnV4LWYyZnMtZGV2ZWxAbGlzdHMuc291cmNlZm9yZ2UubmV0CkNjOiBs aW51eC1mc2RldmVsQHZnZXIua2VybmVsLm9yZwpDYzogY2x1c3Rlci1kZXZlbEByZWRoYXQuY29t CkNjOiBsaW51eC1tdGRAbGlzdHMuaW5mcmFkZWFkLm9yZwpDYzogamZzLWRpc2N1c3Npb25AbGlz dHMuc291cmNlZm9yZ2UubmV0CkNjOiBsaW51eC1uZnNAdmdlci5rZXJuZWwub3JnCkNjOiBvY2Zz Mi1kZXZlbEBvc3Mub3JhY2xlLmNvbQpDYzogZGV2ZWxAbGlzdHMub3JhbmdlZnMub3JnCkNjOiBy ZWlzZXJmcy1kZXZlbEB2Z2VyLmtlcm5lbC5vcmcKQ2M6IGxpbnV4LW1tQGt2YWNrLm9yZwpDYzog bmV0ZGV2QHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtc2VjdXJpdHktbW9kdWxlQHZnZXIua2Vy bmVsLm9yZwpDYzogc3RhYmxlQHZnZXIua2VybmVsLm9yZyAjIDQuNCwgNC45LCA0LjE0ICYgNC4x OQotLS0KdjExICsgdjEyICsgdjEzIC0gcmViYXNlCgp2MTA6Ci0gcmV0dXJuIE5VTEwgcmF0aGVy IHRoYW4gRVJSX1BUUigtRVBFUk0pCi0gZGlkIF9ub3RfIGFkZCBpdCBvdmxfY2FuX2RlY29kZV9m aCgpIGJlY2F1c2Ugb2YgY2hhbmdlcyBzaW5jZSBsYXN0CiAgcmV2aWV3LCBzdXNwZWN0IG5lZWRz IHRvIGJlIGFkZGVkIHRvIG92bF9sb3dlcl91dWlkX29rKCk/Cgp2OCArIHY5OgotIHJlYmFzZQoK djc6Ci0gVGhpcyB0aW1lIGZvciByZWFsegoKdjY6Ci0gcmViYXNlCgp2NToKLSBkZXBlbmRlbmN5 IG9mICJvdmVybGF5ZnM6IG92ZXJyaWRlX2NyZWRzPW9mZiBvcHRpb24gYnlwYXNzIGNyZWF0b3Jf Y3JlZCIKLS0tCiBmcy9vdmVybGF5ZnMvbmFtZWkuYyB8IDMgKysrCiAxIGZpbGUgY2hhbmdlZCwg MyBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0IGEvZnMvb3ZlcmxheWZzL25hbWVpLmMgYi9mcy9v dmVybGF5ZnMvbmFtZWkuYwppbmRleCBlOTcxN2MyZjdkNDUuLjk3MDJmMGQ1MzA5ZCAxMDA2NDQK LS0tIGEvZnMvb3ZlcmxheWZzL25hbWVpLmMKKysrIGIvZnMvb3ZlcmxheWZzL25hbWVpLmMKQEAg LTE2MSw2ICsxNjEsOSBAQCBzdHJ1Y3QgZGVudHJ5ICpvdmxfZGVjb2RlX3JlYWxfZmgoc3RydWN0 IG92bF9maCAqZmgsIHN0cnVjdCB2ZnNtb3VudCAqbW50LAogCWlmICghdXVpZF9lcXVhbCgmZmgt PnV1aWQsICZtbnQtPm1udF9zYi0+c191dWlkKSkKIAkJcmV0dXJuIE5VTEw7CiAKKwlpZiAoIWNh cGFibGUoQ0FQX0RBQ19SRUFEX1NFQVJDSCkpCisJCXJldHVybiBOVUxMOworCiAJYnl0ZXMgPSAo ZmgtPmxlbiAtIG9mZnNldG9mKHN0cnVjdCBvdmxfZmgsIGZpZCkpOwogCXJlYWwgPSBleHBvcnRm c19kZWNvZGVfZmgobW50LCAoc3RydWN0IGZpZCAqKWZoLT5maWQsCiAJCQkJICBieXRlcyA+PiAy LCAoaW50KWZoLT50eXBlLAotLSAKMi4yMi4wLjc3MC5nMGYyYzRhMzdmZC1nb29nCgoKCl9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkxpbnV4LWYyZnMtZGV2 ZWwgbWFpbGluZyBsaXN0CkxpbnV4LWYyZnMtZGV2ZWxAbGlzdHMuc291cmNlZm9yZ2UubmV0Cmh0 dHBzOi8vbGlzdHMuc291cmNlZm9yZ2UubmV0L2xpc3RzL2xpc3RpbmZvL2xpbnV4LWYyZnMtZGV2 ZWwK From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark Salyzyn Date: Wed, 31 Jul 2019 09:57:56 -0700 Subject: [Cluster-devel] [PATCH v13 1/5] overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh In-Reply-To: <20190731165803.4755-1-salyzyn@android.com> References: <20190731165803.4755-1-salyzyn@android.com> Message-ID: <20190731165803.4755-2-salyzyn@android.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Assumption never checked, should fail if the mounter creds are not sufficient. Signed-off-by: Mark Salyzyn Cc: Miklos Szeredi Cc: Jonathan Corbet Cc: Vivek Goyal Cc: Eric W. Biederman Cc: Amir Goldstein Cc: Randy Dunlap Cc: Stephen Smalley Cc: linux-unionfs at vger.kernel.org Cc: linux-doc at vger.kernel.org Cc: linux-kernel at vger.kernel.org Cc: kernel-team at android.com Cc: Eric Van Hensbergen Cc: Latchesar Ionkov Cc: Dominique Martinet Cc: David Howells Cc: Chris Mason Cc: Josef Bacik Cc: David Sterba Cc: Jeff Layton Cc: Sage Weil Cc: Ilya Dryomov Cc: Steve French Cc: Tyler Hicks Cc: Jan Kara Cc: Theodore Ts'o Cc: Andreas Dilger Cc: Jaegeuk Kim Cc: Chao Yu Cc: Bob Peterson Cc: Andreas Gruenbacher Cc: David Woodhouse Cc: Richard Weinberger Cc: Dave Kleikamp Cc: Greg Kroah-Hartman Cc: Tejun Heo Cc: Trond Myklebust Cc: Anna Schumaker Cc: Mark Fasheh Cc: Joel Becker Cc: Joseph Qi Cc: Mike Marshall Cc: Martin Brandenburg Cc: Alexander Viro Cc: Phillip Lougher Cc: Darrick J. Wong Cc: linux-xfs at vger.kernel.org Cc: Hugh Dickins Cc: David S. Miller Cc: Andrew Morton Cc: Mathieu Malaterre Cc: Ernesto A. Fern?ndez Cc: Vyacheslav Dubeyko Cc: v9fs-developer at lists.sourceforge.net Cc: linux-afs at lists.infradead.org Cc: linux-btrfs at vger.kernel.org Cc: ceph-devel at vger.kernel.org Cc: linux-cifs at vger.kernel.org Cc: samba-technical at lists.samba.org Cc: ecryptfs at vger.kernel.org Cc: linux-ext4 at vger.kernel.org Cc: linux-f2fs-devel at lists.sourceforge.net Cc: linux-fsdevel at vger.kernel.org Cc: cluster-devel at redhat.com Cc: linux-mtd at lists.infradead.org Cc: jfs-discussion at lists.sourceforge.net Cc: linux-nfs at vger.kernel.org Cc: ocfs2-devel at oss.oracle.com Cc: devel at lists.orangefs.org Cc: reiserfs-devel at vger.kernel.org Cc: linux-mm at kvack.org Cc: netdev at vger.kernel.org Cc: linux-security-module at vger.kernel.org Cc: stable at vger.kernel.org # 4.4, 4.9, 4.14 & 4.19 --- v11 + v12 + v13 - rebase v10: - return NULL rather than ERR_PTR(-EPERM) - did _not_ add it ovl_can_decode_fh() because of changes since last review, suspect needs to be added to ovl_lower_uuid_ok()? v8 + v9: - rebase v7: - This time for realz v6: - rebase v5: - dependency of "overlayfs: override_creds=off option bypass creator_cred" --- fs/overlayfs/namei.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index e9717c2f7d45..9702f0d5309d 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -161,6 +161,9 @@ struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt, if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid)) return NULL; + if (!capable(CAP_DAC_READ_SEARCH)) + return NULL; + bytes = (fh->len - offsetof(struct ovl_fh, fid)); real = exportfs_decode_fh(mnt, (struct fid *)fh->fid, bytes >> 2, (int)fh->type, -- 2.22.0.770.g0f2c4a37fd-goog From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark Salyzyn via Linux-f2fs-devel Subject: [PATCH v13 1/5] overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh Date: Wed, 31 Jul 2019 09:57:56 -0700 Message-ID: <20190731165803.4755-2-salyzyn@android.com> References: <20190731165803.4755-1-salyzyn@android.com> Reply-To: Mark Salyzyn Mime-Version: 1.0 Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20190731165803.4755-1-salyzyn@android.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net Content-Type: text/plain; charset="macroman" To: linux-kernel@vger.kernel.org Cc: Latchesar Ionkov , Dave Kleikamp , jfs-discussion@lists.sourceforge.net, Randy Dunlap , linux-doc@vger.kernel.org, Martin Brandenburg , samba-technical@lists.samba.org, Dominique Martinet , Amir Goldstein , David Howells , Chris Mason , "David S . Miller" , Andreas Dilger , ocfs2-devel@oss.oracle.com, netdev@vger.kernel.org, Tyler Hicks , linux-afs@lists.infradead.org, Mike Marshall , linux-xfs@vger.kernel.org, Andreas Gruenbacher , Sage Weil , Jonathan Corbet , Richard Weinberger , Mark Fasheh , devel@lists.orangefs.org, Hugh Dickins <> QXNzdW1wdGlvbiBuZXZlciBjaGVja2VkLCBzaG91bGQgZmFpbCBpZiB0aGUgbW91bnRlciBjcmVk cyBhcmUgbm90CnN1ZmZpY2llbnQuCgpTaWduZWQtb2ZmLWJ5OiBNYXJrIFNhbHl6eW4gPHNhbHl6 eW5AYW5kcm9pZC5jb20+CkNjOiBNaWtsb3MgU3plcmVkaSA8bWlrbG9zQHN6ZXJlZGkuaHU+CkNj OiBKb25hdGhhbiBDb3JiZXQgPGNvcmJldEBsd24ubmV0PgpDYzogVml2ZWsgR295YWwgPHZnb3lh bEByZWRoYXQuY29tPgpDYzogRXJpYyBXLiBCaWVkZXJtYW4gPGViaWVkZXJtQHhtaXNzaW9uLmNv bT4KQ2M6IEFtaXIgR29sZHN0ZWluIDxhbWlyNzNpbEBnbWFpbC5jb20+CkNjOiBSYW5keSBEdW5s YXAgPHJkdW5sYXBAaW5mcmFkZWFkLm9yZz4KQ2M6IFN0ZXBoZW4gU21hbGxleSA8c2RzQHR5Y2hv Lm5zYS5nb3Y+CkNjOiBsaW51eC11bmlvbmZzQHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtZG9j QHZnZXIua2VybmVsLm9yZwpDYzogbGludXgta2VybmVsQHZnZXIua2VybmVsLm9yZwpDYzoga2Vy bmVsLXRlYW1AYW5kcm9pZC5jb20KQ2M6IEVyaWMgVmFuIEhlbnNiZXJnZW4gPGVyaWN2aEBnbWFp bC5jb20+CkNjOiBMYXRjaGVzYXIgSW9ua292IDxsdWNob0Bpb25rb3YubmV0PgpDYzogRG9taW5p cXVlIE1hcnRpbmV0IDxhc21hZGV1c0Bjb2Rld3JlY2sub3JnPgpDYzogRGF2aWQgSG93ZWxscyA8 ZGhvd2VsbHNAcmVkaGF0LmNvbT4KQ2M6IENocmlzIE1hc29uIDxjbG1AZmIuY29tPgpDYzogSm9z ZWYgQmFjaWsgPGpvc2VmQHRveGljcGFuZGEuY29tPgpDYzogRGF2aWQgU3RlcmJhIDxkc3RlcmJh QHN1c2UuY29tPgpDYzogSmVmZiBMYXl0b24gPGpsYXl0b25Aa2VybmVsLm9yZz4KQ2M6IFNhZ2Ug V2VpbCA8c2FnZUByZWRoYXQuY29tPgpDYzogSWx5YSBEcnlvbW92IDxpZHJ5b21vdkBnbWFpbC5j b20+CkNjOiBTdGV2ZSBGcmVuY2ggPHNmcmVuY2hAc2FtYmEub3JnPgpDYzogVHlsZXIgSGlja3Mg PHR5aGlja3NAY2Fub25pY2FsLmNvbT4KQ2M6IEphbiBLYXJhIDxqYWNrQHN1c2UuY29tPgpDYzog VGhlb2RvcmUgVHMnbyA8dHl0c29AbWl0LmVkdT4KQ2M6IEFuZHJlYXMgRGlsZ2VyIDxhZGlsZ2Vy Lmtlcm5lbEBkaWxnZXIuY2E+CkNjOiBKYWVnZXVrIEtpbSA8amFlZ2V1a0BrZXJuZWwub3JnPgpD YzogQ2hhbyBZdSA8eXVjaGFvMEBodWF3ZWkuY29tPgpDYzogQm9iIFBldGVyc29uIDxycGV0ZXJz b0ByZWRoYXQuY29tPgpDYzogQW5kcmVhcyBHcnVlbmJhY2hlciA8YWdydWVuYmFAcmVkaGF0LmNv bT4KQ2M6IERhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAaW5mcmFkZWFkLm9yZz4KQ2M6IFJpY2hhcmQg V2VpbmJlcmdlciA8cmljaGFyZEBub2QuYXQ+CkNjOiBEYXZlIEtsZWlrYW1wIDxzaGFnZ3lAa2Vy bmVsLm9yZz4KQ2M6IEdyZWcgS3JvYWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5v cmc+CkNjOiBUZWp1biBIZW8gPHRqQGtlcm5lbC5vcmc+CkNjOiBUcm9uZCBNeWtsZWJ1c3QgPHRy b25kLm15a2xlYnVzdEBoYW1tZXJzcGFjZS5jb20+CkNjOiBBbm5hIFNjaHVtYWtlciA8YW5uYS5z Y2h1bWFrZXJAbmV0YXBwLmNvbT4KQ2M6IE1hcmsgRmFzaGVoIDxtYXJrQGZhc2hlaC5jb20+CkNj OiBKb2VsIEJlY2tlciA8amxiZWNAZXZpbHBsYW4ub3JnPgpDYzogSm9zZXBoIFFpIDxqb3NlcGgu cWlAbGludXguYWxpYmFiYS5jb20+CkNjOiBNaWtlIE1hcnNoYWxsIDxodWJjYXBAb21uaWJvbmQu Y29tPgpDYzogTWFydGluIEJyYW5kZW5idXJnIDxtYXJ0aW5Ab21uaWJvbmQuY29tPgpDYzogQWxl eGFuZGVyIFZpcm8gPHZpcm9AemVuaXYubGludXgub3JnLnVrPgpDYzogUGhpbGxpcCBMb3VnaGVy IDxwaGlsbGlwQHNxdWFzaGZzLm9yZy51az4KQ2M6IERhcnJpY2sgSi4gV29uZyA8ZGFycmljay53 b25nQG9yYWNsZS5jb20+CkNjOiBsaW51eC14ZnNAdmdlci5rZXJuZWwub3JnCkNjOiBIdWdoIERp Y2tpbnMgPGh1Z2hkQGdvb2dsZS5jb20+CkNjOiBEYXZpZCBTLiBNaWxsZXIgPGRhdmVtQGRhdmVt bG9mdC5uZXQ+CkNjOiBBbmRyZXcgTW9ydG9uIDxha3BtQGxpbnV4LWZvdW5kYXRpb24ub3JnPgpD YzogTWF0aGlldSBNYWxhdGVycmUgPG1hbGF0QGRlYmlhbi5vcmc+CkNjOiBFcm5lc3RvIEEuIEZl cm7DoW5kZXogPGVybmVzdG8ubW5kLmZlcm5hbmRlekBnbWFpbC5jb20+CkNjOiBWeWFjaGVzbGF2 IER1YmV5a28gPHNsYXZhQGR1YmV5a28uY29tPgpDYzogdjlmcy1kZXZlbG9wZXJAbGlzdHMuc291 cmNlZm9yZ2UubmV0CkNjOiBsaW51eC1hZnNAbGlzdHMuaW5mcmFkZWFkLm9yZwpDYzogbGludXgt YnRyZnNAdmdlci5rZXJuZWwub3JnCkNjOiBjZXBoLWRldmVsQHZnZXIua2VybmVsLm9yZwpDYzog bGludXgtY2lmc0B2Z2VyLmtlcm5lbC5vcmcKQ2M6IHNhbWJhLXRlY2huaWNhbEBsaXN0cy5zYW1i YS5vcmcKQ2M6IGVjcnlwdGZzQHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtZXh0NEB2Z2VyLmtl cm5lbC5vcmcKQ2M6IGxpbnV4LWYyZnMtZGV2ZWxAbGlzdHMuc291cmNlZm9yZ2UubmV0CkNjOiBs aW51eC1mc2RldmVsQHZnZXIua2VybmVsLm9yZwpDYzogY2x1c3Rlci1kZXZlbEByZWRoYXQuY29t CkNjOiBsaW51eC1tdGRAbGlzdHMuaW5mcmFkZWFkLm9yZwpDYzogamZzLWRpc2N1c3Npb25AbGlz dHMuc291cmNlZm9yZ2UubmV0CkNjOiBsaW51eC1uZnNAdmdlci5rZXJuZWwub3JnCkNjOiBvY2Zz Mi1kZXZlbEBvc3Mub3JhY2xlLmNvbQpDYzogZGV2ZWxAbGlzdHMub3JhbmdlZnMub3JnCkNjOiBy ZWlzZXJmcy1kZXZlbEB2Z2VyLmtlcm5lbC5vcmcKQ2M6IGxpbnV4LW1tQGt2YWNrLm9yZwpDYzog bmV0ZGV2QHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtc2VjdXJpdHktbW9kdWxlQHZnZXIua2Vy bmVsLm9yZwpDYzogc3RhYmxlQHZnZXIua2VybmVsLm9yZyAjIDQuNCwgNC45LCA0LjE0ICYgNC4x OQotLS0KdjExICsgdjEyICsgdjEzIC0gcmViYXNlCgp2MTA6Ci0gcmV0dXJuIE5VTEwgcmF0aGVy IHRoYW4gRVJSX1BUUigtRVBFUk0pCi0gZGlkIF9ub3RfIGFkZCBpdCBvdmxfY2FuX2RlY29kZV9m aCgpIGJlY2F1c2Ugb2YgY2hhbmdlcyBzaW5jZSBsYXN0CiAgcmV2aWV3LCBzdXNwZWN0IG5lZWRz IHRvIGJlIGFkZGVkIHRvIG92bF9sb3dlcl91dWlkX29rKCk/Cgp2OCArIHY5OgotIHJlYmFzZQoK djc6Ci0gVGhpcyB0aW1lIGZvciByZWFsegoKdjY6Ci0gcmViYXNlCgp2NToKLSBkZXBlbmRlbmN5 IG9mICJvdmVybGF5ZnM6IG92ZXJyaWRlX2NyZWRzPW9mZiBvcHRpb24gYnlwYXNzIGNyZWF0b3Jf Y3JlZCIKLS0tCiBmcy9vdmVybGF5ZnMvbmFtZWkuYyB8IDMgKysrCiAxIGZpbGUgY2hhbmdlZCwg MyBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0IGEvZnMvb3ZlcmxheWZzL25hbWVpLmMgYi9mcy9v dmVybGF5ZnMvbmFtZWkuYwppbmRleCBlOTcxN2MyZjdkNDUuLjk3MDJmMGQ1MzA5ZCAxMDA2NDQK LS0tIGEvZnMvb3ZlcmxheWZzL25hbWVpLmMKKysrIGIvZnMvb3ZlcmxheWZzL25hbWVpLmMKQEAg LTE2MSw2ICsxNjEsOSBAQCBzdHJ1Y3QgZGVudHJ5ICpvdmxfZGVjb2RlX3JlYWxfZmgoc3RydWN0 IG92bF9maCAqZmgsIHN0cnVjdCB2ZnNtb3VudCAqbW50LAogCWlmICghdXVpZF9lcXVhbCgmZmgt PnV1aWQsICZtbnQtPm1udF9zYi0+c191dWlkKSkKIAkJcmV0dXJuIE5VTEw7CiAKKwlpZiAoIWNh cGFibGUoQ0FQX0RBQ19SRUFEX1NFQVJDSCkpCisJCXJldHVybiBOVUxMOworCiAJYnl0ZXMgPSAo ZmgtPmxlbiAtIG9mZnNldG9mKHN0cnVjdCBvdmxfZmgsIGZpZCkpOwogCXJlYWwgPSBleHBvcnRm c19kZWNvZGVfZmgobW50LCAoc3RydWN0IGZpZCAqKWZoLT5maWQsCiAJCQkJICBieXRlcyA+PiAy LCAoaW50KWZoLT50eXBlLAotLSAKMi4yMi4wLjc3MC5nMGYyYzRhMzdmZC1nb29nCgoKCl9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkxpbnV4LWYyZnMtZGV2 ZWwgbWFpbGluZyBsaXN0CkxpbnV4LWYyZnMtZGV2ZWxAbGlzdHMuc291cmNlZm9yZ2UubmV0Cmh0 dHBzOi8vbGlzdHMuc291cmNlZm9yZ2UubmV0L2xpc3RzL2xpc3RpbmZvL2xpbnV4LWYyZnMtZGV2 ZWwK From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.9 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7AE3BC433FF for ; Wed, 31 Jul 2019 16:58:33 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 47AC3206B8; Wed, 31 Jul 2019 16:58:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=lists.sourceforge.net header.i=@lists.sourceforge.net header.b="E+h5SZr3"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sourceforge.net header.i=@sourceforge.net header.b="NEzQ1Wyx"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sf.net header.i=@sf.net header.b="GlPo1FH5"; dkim=neutral (0-bit key) header.d=android.com header.i=@android.com header.b="jvJzTZBl" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 47AC3206B8 Authentication-Results: mail.kernel.org; dmarc=pass (p=none dis=none) header.from=lists.sourceforge.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-f2fs-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: Reply-To:From:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Subject:MIME-Version:References:In-Reply-To: Message-Id:Date:To:Sender:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=leRirPOLmcDLQne0hJm+Xe0wY9NSby0Xn6EUB/JdBbo=; b=E+h5SZr3hmtOXCCGz4Zi2bH7u igaKvjTCTGO9cHb36kkV+YKfVlhx3wDSZ2WZVDIXifeKEuTDumJ2kS8SGFSuXFIAPU54S7ONIdEzu 5taqV14z/W0haRpChZ42Aaehx9ziuja3ZuCf4PvlJChG6xBkg41KpaI3i5HSbqO4XmCMk=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hsrvs-0006RZ-Sr; Wed, 31 Jul 2019 16:58:32 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1hsrvr-0006RR-HM for linux-f2fs-devel@lists.sourceforge.net; Wed, 31 Jul 2019 16:58:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version :References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ec+TCYltRZ+0BbWthj8J/cCYhvIm8sHJdK79dSthSdY=; b=NEzQ1WyxFApX2DHwZBqZve2ksN t5QynUMRBxtQMghm03AMlmUmX6hxxbGxjIOpF9ShlH293jZkyafqfkAC/fVJbhlW03sNFvhMEheIX CaHnzcVocx3BBPxKlUvyuV8s3agOHTBVVX0SW1EARTh4Rp9oDcxM7rlDvh17KJDeePCc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ec+TCYltRZ+0BbWthj8J/cCYhvIm8sHJdK79dSthSdY=; b=GlPo1FH5sngPBhewvde2Kz+tX4 qCiHBrW7rJPXypxYTLGoDGbt6GpfhQzE6EREJFHJUKGMAD5dRLiand4ezHEOVyPSXcb+BnI6DhEfm 6Y3MPmRMzs6nCckq3EUpkbnFvvm3XnJlv/RDgH70dPeJkAZU3hlzzGO01smebd9WiXkQ=; Received: from mail-pg1-f169.google.com ([209.85.215.169]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1) id 1hsrvi-005rNs-Qb for linux-f2fs-devel@lists.sourceforge.net; Wed, 31 Jul 2019 16:58:31 +0000 Received: by mail-pg1-f169.google.com with SMTP id k189so13290650pgk.13 for ; Wed, 31 Jul 2019 09:58:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=android.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ec+TCYltRZ+0BbWthj8J/cCYhvIm8sHJdK79dSthSdY=; b=jvJzTZBlmSeEYN+aZgAO0eQUN/Tk2RrbbnkPYld1oxWv6SRiwJlYMsrXwGgUEYUa4O c8IP9mSiBWfPnPUoMsfcP+avh6N+yXfmsFTOhlk/oLSPrOg61dplHWROkWXV2YCWs182 J1E7UMPHDHumM9VHcwzfpneV57lGJ2pZrUb9g6VVDdWdrNFamw+D+bnFF2HIsMO1otBP QaYE36dCS32zu5Yfvc5rPyb7yUgw4D3O28kjNq/esNyy56+NllVY419E9QCcXJj+lNZ9 n1nsl1oo8VqunmZKSa2BQZLlBHcA0KpEmN1VJDvIZg0i5KfyYr6715FMiAk9Bj8dpLw/ L5lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ec+TCYltRZ+0BbWthj8J/cCYhvIm8sHJdK79dSthSdY=; b=i8NJAKWbnbom0JIr7TcKqnnlDrK2FCyrJw6CgviGsSmJegM2wPMw0FS1GWY7yhZUeu NGCzvOaVNAp6Xw6w+VbmPoUrNbY3m6pwsLlxtTGsNqn4TrXjT9xeNBjBGTt5OWwnhd0f IhR/WKg2bdfbpt3fb9/fRnMj733PiO1F7BKwZdpzGN43IOhBvESaibxC5FpU8tg+Z84h PGyJ8Gs8s/DvNYD552mPd6Th1aHq/c7+mQR0XPFqhAl0JMCPaDb6zefeoHto8QsRaDgZ Yh4apUZmYgq4sCsSOokNR6TKS23VbwHsFPMCkimCKecQF03cte8d1baD6ccPBEARFB7P m61Q== X-Gm-Message-State: APjAAAWN299gFJEp5aPrWRks5+iN1/R6G5y75CQ/Op6fX3Z5rpgbyulS TUqV43r6l9km0KwXJXg1c8U= X-Google-Smtp-Source: APXvYqwAtm9Oi2dzrneje86zRIini04LNIAE0QYgVNa/tnC71lp2ENoOwAUjSIsPUfgwsF181KbaYg== X-Received: by 2002:a62:6:: with SMTP id 6mr47453483pfa.159.1564592296986; Wed, 31 Jul 2019 09:58:16 -0700 (PDT) Received: from nebulus.mtv.corp.google.com ([2620:15c:211:200:5404:91ba:59dc:9400]) by smtp.gmail.com with ESMTPSA id f72sm2245954pjg.10.2019.07.31.09.58.14 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 31 Jul 2019 09:58:16 -0700 (PDT) To: linux-kernel@vger.kernel.org Date: Wed, 31 Jul 2019 09:57:56 -0700 Message-Id: <20190731165803.4755-2-salyzyn@android.com> X-Mailer: git-send-email 2.22.0.770.g0f2c4a37fd-goog In-Reply-To: <20190731165803.4755-1-salyzyn@android.com> References: <20190731165803.4755-1-salyzyn@android.com> MIME-Version: 1.0 X-Headers-End: 1hsrvi-005rNs-Qb Subject: [f2fs-dev] [PATCH v13 1/5] overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Mark Salyzyn via Linux-f2fs-devel Reply-To: Mark Salyzyn Cc: Latchesar Ionkov , Dave Kleikamp , jfs-discussion@lists.sourceforge.net, Randy Dunlap , linux-doc@vger.kernel.org, Martin Brandenburg , samba-technical@lists.samba.org, Dominique Martinet , Amir Goldstein , David Howells , Chris Mason , "David S . Miller" , Andreas Dilger , ocfs2-devel@oss.oracle.com, netdev@vger.kernel.org, Tyler Hicks , linux-afs@lists.infradead.org, Mike Marshall , linux-xfs@vger.kernel.org, Andreas Gruenbacher , Sage Weil , Jonathan Corbet , Richard Weinberger , Mark Fasheh , devel@lists.orangefs.org, Hugh Dickins , linux-security-module@vger.kernel.org, cluster-devel@redhat.com, Vyacheslav Dubeyko , v9fs-developer@lists.sourceforge.net, Ilya Dryomov , linux-ext4@vger.kernel.org, Stephen Smalley , linux-mm@kvack.org, Vivek Goyal , linux-cifs@vger.kernel.org, Eric Van Hensbergen , ecryptfs@vger.kernel.org, Josef Bacik , "Darrick J . Wong" , reiserfs-devel@vger.kernel.org, Tejun Heo , Greg Kroah-Hartman , Joel Becker , linux-mtd@lists.infradead.org, David Sterba , Jaegeuk Kim , ceph-devel@vger.kernel.org, Trond Myklebust , linux-nfs@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, Theodore Ts'o , linux-fsdevel@vger.kernel.org, Joseph Qi , Mathieu Malaterre , kernel-team@android.com, Miklos Szeredi , Jeff Layton , linux-unionfs@vger.kernel.org, stable@vger.kernel.org, Mark Salyzyn , Steve French , =?UTF-8?q?Ernesto=20A=20=2E=20Fern=C3=A1ndez?= , "Eric W . Biederman" , Jan Kara , Bob Peterson , Phillip Lougher , Andrew Morton , David Woodhouse , Anna Schumaker , linux-btrfs@vger.kernel.org, Alexander Viro Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net QXNzdW1wdGlvbiBuZXZlciBjaGVja2VkLCBzaG91bGQgZmFpbCBpZiB0aGUgbW91bnRlciBjcmVk cyBhcmUgbm90CnN1ZmZpY2llbnQuCgpTaWduZWQtb2ZmLWJ5OiBNYXJrIFNhbHl6eW4gPHNhbHl6 eW5AYW5kcm9pZC5jb20+CkNjOiBNaWtsb3MgU3plcmVkaSA8bWlrbG9zQHN6ZXJlZGkuaHU+CkNj OiBKb25hdGhhbiBDb3JiZXQgPGNvcmJldEBsd24ubmV0PgpDYzogVml2ZWsgR295YWwgPHZnb3lh bEByZWRoYXQuY29tPgpDYzogRXJpYyBXLiBCaWVkZXJtYW4gPGViaWVkZXJtQHhtaXNzaW9uLmNv bT4KQ2M6IEFtaXIgR29sZHN0ZWluIDxhbWlyNzNpbEBnbWFpbC5jb20+CkNjOiBSYW5keSBEdW5s YXAgPHJkdW5sYXBAaW5mcmFkZWFkLm9yZz4KQ2M6IFN0ZXBoZW4gU21hbGxleSA8c2RzQHR5Y2hv Lm5zYS5nb3Y+CkNjOiBsaW51eC11bmlvbmZzQHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtZG9j QHZnZXIua2VybmVsLm9yZwpDYzogbGludXgta2VybmVsQHZnZXIua2VybmVsLm9yZwpDYzoga2Vy bmVsLXRlYW1AYW5kcm9pZC5jb20KQ2M6IEVyaWMgVmFuIEhlbnNiZXJnZW4gPGVyaWN2aEBnbWFp bC5jb20+CkNjOiBMYXRjaGVzYXIgSW9ua292IDxsdWNob0Bpb25rb3YubmV0PgpDYzogRG9taW5p cXVlIE1hcnRpbmV0IDxhc21hZGV1c0Bjb2Rld3JlY2sub3JnPgpDYzogRGF2aWQgSG93ZWxscyA8 ZGhvd2VsbHNAcmVkaGF0LmNvbT4KQ2M6IENocmlzIE1hc29uIDxjbG1AZmIuY29tPgpDYzogSm9z ZWYgQmFjaWsgPGpvc2VmQHRveGljcGFuZGEuY29tPgpDYzogRGF2aWQgU3RlcmJhIDxkc3RlcmJh QHN1c2UuY29tPgpDYzogSmVmZiBMYXl0b24gPGpsYXl0b25Aa2VybmVsLm9yZz4KQ2M6IFNhZ2Ug V2VpbCA8c2FnZUByZWRoYXQuY29tPgpDYzogSWx5YSBEcnlvbW92IDxpZHJ5b21vdkBnbWFpbC5j b20+CkNjOiBTdGV2ZSBGcmVuY2ggPHNmcmVuY2hAc2FtYmEub3JnPgpDYzogVHlsZXIgSGlja3Mg PHR5aGlja3NAY2Fub25pY2FsLmNvbT4KQ2M6IEphbiBLYXJhIDxqYWNrQHN1c2UuY29tPgpDYzog VGhlb2RvcmUgVHMnbyA8dHl0c29AbWl0LmVkdT4KQ2M6IEFuZHJlYXMgRGlsZ2VyIDxhZGlsZ2Vy Lmtlcm5lbEBkaWxnZXIuY2E+CkNjOiBKYWVnZXVrIEtpbSA8amFlZ2V1a0BrZXJuZWwub3JnPgpD YzogQ2hhbyBZdSA8eXVjaGFvMEBodWF3ZWkuY29tPgpDYzogQm9iIFBldGVyc29uIDxycGV0ZXJz b0ByZWRoYXQuY29tPgpDYzogQW5kcmVhcyBHcnVlbmJhY2hlciA8YWdydWVuYmFAcmVkaGF0LmNv bT4KQ2M6IERhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAaW5mcmFkZWFkLm9yZz4KQ2M6IFJpY2hhcmQg V2VpbmJlcmdlciA8cmljaGFyZEBub2QuYXQ+CkNjOiBEYXZlIEtsZWlrYW1wIDxzaGFnZ3lAa2Vy bmVsLm9yZz4KQ2M6IEdyZWcgS3JvYWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5v cmc+CkNjOiBUZWp1biBIZW8gPHRqQGtlcm5lbC5vcmc+CkNjOiBUcm9uZCBNeWtsZWJ1c3QgPHRy b25kLm15a2xlYnVzdEBoYW1tZXJzcGFjZS5jb20+CkNjOiBBbm5hIFNjaHVtYWtlciA8YW5uYS5z Y2h1bWFrZXJAbmV0YXBwLmNvbT4KQ2M6IE1hcmsgRmFzaGVoIDxtYXJrQGZhc2hlaC5jb20+CkNj OiBKb2VsIEJlY2tlciA8amxiZWNAZXZpbHBsYW4ub3JnPgpDYzogSm9zZXBoIFFpIDxqb3NlcGgu cWlAbGludXguYWxpYmFiYS5jb20+CkNjOiBNaWtlIE1hcnNoYWxsIDxodWJjYXBAb21uaWJvbmQu Y29tPgpDYzogTWFydGluIEJyYW5kZW5idXJnIDxtYXJ0aW5Ab21uaWJvbmQuY29tPgpDYzogQWxl eGFuZGVyIFZpcm8gPHZpcm9AemVuaXYubGludXgub3JnLnVrPgpDYzogUGhpbGxpcCBMb3VnaGVy IDxwaGlsbGlwQHNxdWFzaGZzLm9yZy51az4KQ2M6IERhcnJpY2sgSi4gV29uZyA8ZGFycmljay53 b25nQG9yYWNsZS5jb20+CkNjOiBsaW51eC14ZnNAdmdlci5rZXJuZWwub3JnCkNjOiBIdWdoIERp Y2tpbnMgPGh1Z2hkQGdvb2dsZS5jb20+CkNjOiBEYXZpZCBTLiBNaWxsZXIgPGRhdmVtQGRhdmVt bG9mdC5uZXQ+CkNjOiBBbmRyZXcgTW9ydG9uIDxha3BtQGxpbnV4LWZvdW5kYXRpb24ub3JnPgpD YzogTWF0aGlldSBNYWxhdGVycmUgPG1hbGF0QGRlYmlhbi5vcmc+CkNjOiBFcm5lc3RvIEEuIEZl cm7DoW5kZXogPGVybmVzdG8ubW5kLmZlcm5hbmRlekBnbWFpbC5jb20+CkNjOiBWeWFjaGVzbGF2 IER1YmV5a28gPHNsYXZhQGR1YmV5a28uY29tPgpDYzogdjlmcy1kZXZlbG9wZXJAbGlzdHMuc291 cmNlZm9yZ2UubmV0CkNjOiBsaW51eC1hZnNAbGlzdHMuaW5mcmFkZWFkLm9yZwpDYzogbGludXgt YnRyZnNAdmdlci5rZXJuZWwub3JnCkNjOiBjZXBoLWRldmVsQHZnZXIua2VybmVsLm9yZwpDYzog bGludXgtY2lmc0B2Z2VyLmtlcm5lbC5vcmcKQ2M6IHNhbWJhLXRlY2huaWNhbEBsaXN0cy5zYW1i YS5vcmcKQ2M6IGVjcnlwdGZzQHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtZXh0NEB2Z2VyLmtl cm5lbC5vcmcKQ2M6IGxpbnV4LWYyZnMtZGV2ZWxAbGlzdHMuc291cmNlZm9yZ2UubmV0CkNjOiBs aW51eC1mc2RldmVsQHZnZXIua2VybmVsLm9yZwpDYzogY2x1c3Rlci1kZXZlbEByZWRoYXQuY29t CkNjOiBsaW51eC1tdGRAbGlzdHMuaW5mcmFkZWFkLm9yZwpDYzogamZzLWRpc2N1c3Npb25AbGlz dHMuc291cmNlZm9yZ2UubmV0CkNjOiBsaW51eC1uZnNAdmdlci5rZXJuZWwub3JnCkNjOiBvY2Zz Mi1kZXZlbEBvc3Mub3JhY2xlLmNvbQpDYzogZGV2ZWxAbGlzdHMub3JhbmdlZnMub3JnCkNjOiBy ZWlzZXJmcy1kZXZlbEB2Z2VyLmtlcm5lbC5vcmcKQ2M6IGxpbnV4LW1tQGt2YWNrLm9yZwpDYzog bmV0ZGV2QHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtc2VjdXJpdHktbW9kdWxlQHZnZXIua2Vy bmVsLm9yZwpDYzogc3RhYmxlQHZnZXIua2VybmVsLm9yZyAjIDQuNCwgNC45LCA0LjE0ICYgNC4x OQotLS0KdjExICsgdjEyICsgdjEzIC0gcmViYXNlCgp2MTA6Ci0gcmV0dXJuIE5VTEwgcmF0aGVy IHRoYW4gRVJSX1BUUigtRVBFUk0pCi0gZGlkIF9ub3RfIGFkZCBpdCBvdmxfY2FuX2RlY29kZV9m aCgpIGJlY2F1c2Ugb2YgY2hhbmdlcyBzaW5jZSBsYXN0CiAgcmV2aWV3LCBzdXNwZWN0IG5lZWRz IHRvIGJlIGFkZGVkIHRvIG92bF9sb3dlcl91dWlkX29rKCk/Cgp2OCArIHY5OgotIHJlYmFzZQoK djc6Ci0gVGhpcyB0aW1lIGZvciByZWFsegoKdjY6Ci0gcmViYXNlCgp2NToKLSBkZXBlbmRlbmN5 IG9mICJvdmVybGF5ZnM6IG92ZXJyaWRlX2NyZWRzPW9mZiBvcHRpb24gYnlwYXNzIGNyZWF0b3Jf Y3JlZCIKLS0tCiBmcy9vdmVybGF5ZnMvbmFtZWkuYyB8IDMgKysrCiAxIGZpbGUgY2hhbmdlZCwg MyBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0IGEvZnMvb3ZlcmxheWZzL25hbWVpLmMgYi9mcy9v dmVybGF5ZnMvbmFtZWkuYwppbmRleCBlOTcxN2MyZjdkNDUuLjk3MDJmMGQ1MzA5ZCAxMDA2NDQK LS0tIGEvZnMvb3ZlcmxheWZzL25hbWVpLmMKKysrIGIvZnMvb3ZlcmxheWZzL25hbWVpLmMKQEAg LTE2MSw2ICsxNjEsOSBAQCBzdHJ1Y3QgZGVudHJ5ICpvdmxfZGVjb2RlX3JlYWxfZmgoc3RydWN0 IG92bF9maCAqZmgsIHN0cnVjdCB2ZnNtb3VudCAqbW50LAogCWlmICghdXVpZF9lcXVhbCgmZmgt PnV1aWQsICZtbnQtPm1udF9zYi0+c191dWlkKSkKIAkJcmV0dXJuIE5VTEw7CiAKKwlpZiAoIWNh cGFibGUoQ0FQX0RBQ19SRUFEX1NFQVJDSCkpCisJCXJldHVybiBOVUxMOworCiAJYnl0ZXMgPSAo ZmgtPmxlbiAtIG9mZnNldG9mKHN0cnVjdCBvdmxfZmgsIGZpZCkpOwogCXJlYWwgPSBleHBvcnRm c19kZWNvZGVfZmgobW50LCAoc3RydWN0IGZpZCAqKWZoLT5maWQsCiAJCQkJICBieXRlcyA+PiAy LCAoaW50KWZoLT50eXBlLAotLSAKMi4yMi4wLjc3MC5nMGYyYzRhMzdmZC1nb29nCgoKCl9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkxpbnV4LWYyZnMtZGV2 ZWwgbWFpbGluZyBsaXN0CkxpbnV4LWYyZnMtZGV2ZWxAbGlzdHMuc291cmNlZm9yZ2UubmV0Cmh0 dHBzOi8vbGlzdHMuc291cmNlZm9yZ2UubmV0L2xpc3RzL2xpc3RpbmZvL2xpbnV4LWYyZnMtZGV2 ZWwK From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47A65C32751 for ; Wed, 31 Jul 2019 16:58:45 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1C795208E4 for ; Wed, 31 Jul 2019 16:58:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="tS5AgJpm"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=android.com header.i=@android.com header.b="jvJzTZBl" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1C795208E4 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=android.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6uFaB8VYTRy4TEbHhu/j7w+G7WwaXe6nVTwsUPEpY9M=; b=tS5AgJpmFMkZMH 6WGVm1feSQ36FPpSUPeyLMiFqHxD34ZjrjFuIf4eyGhTrAGcP+xEFdiF/cHDlU42eDB+ZJnEF/oy5 X/C/HLOpFeayZPwKpAvysKPqGFZ97uZg7dRot4Bzhis4abF+gKqgL2TrTO1Y7RJkaezIf/pWQ8xkr 5Oy4p0/PHfeHoIR2hBS84bdJdMLxL4svfHyRXX+yKsmyU5S2f8Z2XTmdOKOPdzYRO3coCULhabNDu gmfuXgUY2MLwQK64i6wQbtp9/0yo2AKzISRuB3aN4WM1YLHWA5chIaj+8o+K4ayb9G5uypEd+O/+4 B2SmIjc7rh0mBulys+gw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hsrvk-0007Hc-01; Wed, 31 Jul 2019 16:58:24 +0000 Received: from mail-pg1-x530.google.com ([2607:f8b0:4864:20::530]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hsrvd-00077K-Vz for linux-mtd@lists.infradead.org; Wed, 31 Jul 2019 16:58:20 +0000 Received: by mail-pg1-x530.google.com with SMTP id s1so26032793pgr.2 for ; Wed, 31 Jul 2019 09:58:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=android.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ec+TCYltRZ+0BbWthj8J/cCYhvIm8sHJdK79dSthSdY=; b=jvJzTZBlmSeEYN+aZgAO0eQUN/Tk2RrbbnkPYld1oxWv6SRiwJlYMsrXwGgUEYUa4O c8IP9mSiBWfPnPUoMsfcP+avh6N+yXfmsFTOhlk/oLSPrOg61dplHWROkWXV2YCWs182 J1E7UMPHDHumM9VHcwzfpneV57lGJ2pZrUb9g6VVDdWdrNFamw+D+bnFF2HIsMO1otBP QaYE36dCS32zu5Yfvc5rPyb7yUgw4D3O28kjNq/esNyy56+NllVY419E9QCcXJj+lNZ9 n1nsl1oo8VqunmZKSa2BQZLlBHcA0KpEmN1VJDvIZg0i5KfyYr6715FMiAk9Bj8dpLw/ L5lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ec+TCYltRZ+0BbWthj8J/cCYhvIm8sHJdK79dSthSdY=; b=OkdeZ0a9rclW3L4bLoAiWmt48uae33FP2Qeu/cRILJSJaA4WS3bJOhRce1gq9AYtCY oxf3qUXB/MhNsrhf1JCOdd9JLFAAIwyZiDexQTRA+eF0PtNiywa0hrvkn3Gu4x0uu8rx IkFmCoOuWMjVLcty1csZ9NaFYuzuDjvWTrugBdSv0Ph49yA9R3Hq9E5bJl6mg442arC1 /XSqHgDpJ3OksVzITCcZt71+G6/QNcDzUgvl8lWkv3JEfk6F/ziJQtXwYlodfoiL6VMN 7A5ZJAgyHZrFo7NPrBLb/F+LmVNCSwXpgEmeZBm0TEDl/uDsPqWcDZHKNffNNPZKQI1v TghA== X-Gm-Message-State: APjAAAWTra8Fs0FyWb8eu1YqpgACmFBeK/TWebpAoTVIi7UoIu0Fpmcc 5D15wnyFF8xUa4UlN7EhABE= X-Google-Smtp-Source: APXvYqwAtm9Oi2dzrneje86zRIini04LNIAE0QYgVNa/tnC71lp2ENoOwAUjSIsPUfgwsF181KbaYg== X-Received: by 2002:a62:6:: with SMTP id 6mr47453483pfa.159.1564592296986; Wed, 31 Jul 2019 09:58:16 -0700 (PDT) Received: from nebulus.mtv.corp.google.com ([2620:15c:211:200:5404:91ba:59dc:9400]) by smtp.gmail.com with ESMTPSA id f72sm2245954pjg.10.2019.07.31.09.58.14 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 31 Jul 2019 09:58:16 -0700 (PDT) From: Mark Salyzyn To: linux-kernel@vger.kernel.org Subject: [PATCH v13 1/5] overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh Date: Wed, 31 Jul 2019 09:57:56 -0700 Message-Id: <20190731165803.4755-2-salyzyn@android.com> X-Mailer: git-send-email 2.22.0.770.g0f2c4a37fd-goog In-Reply-To: <20190731165803.4755-1-salyzyn@android.com> References: <20190731165803.4755-1-salyzyn@android.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190731_095818_026423_80B9D71D X-CRM114-Status: GOOD ( 13.95 ) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Latchesar Ionkov , Dave Kleikamp , jfs-discussion@lists.sourceforge.net, Randy Dunlap , linux-doc@vger.kernel.org, Martin Brandenburg , samba-technical@lists.samba.org, Dominique Martinet , Amir Goldstein , David Howells , Chris Mason , "David S . Miller" , Andreas Dilger , ocfs2-devel@oss.oracle.com, netdev@vger.kernel.org, Tyler Hicks , linux-afs@lists.infradead.org, Mike Marshall , linux-xfs@vger.kernel.org, Andreas Gruenbacher , Sage Weil , Jonathan Corbet , Richard Weinberger , Mark Fasheh , devel@lists.orangefs.org, Hugh Dickins , linux-security-module@vger.kernel.org, cluster-devel@redhat.com, Vyacheslav Dubeyko , v9fs-developer@lists.sourceforge.net, Ilya Dryomov , linux-ext4@vger.kernel.org, Stephen Smalley , linux-mm@kvack.org, Vivek Goyal , Chao Yu , linux-cifs@vger.kernel.org, Eric Van Hensbergen , ecryptfs@vger.kernel.org, Josef Bacik , "Darrick J . Wong" , reiserfs-devel@vger.kernel.org, Tejun Heo , Greg Kroah-Hartman , Joel Becker , linux-mtd@lists.infradead.org, David Sterba , Jaegeuk Kim , ceph-devel@vger.kernel.org, Trond Myklebust , linux-nfs@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, Theodore Ts'o , linux-fsdevel@vger.kernel.org, Joseph Qi , Mathieu Malaterre , kernel-team@android.com, Miklos Szeredi , Jeff Layton , linux-unionfs@vger.kernel.org, stable@vger.kernel.org, Mark Salyzyn , Steve French , =?UTF-8?q?Ernesto=20A=20=2E=20Fern=C3=A1ndez?= , "Eric W . Biederman" , Jan Kara , Bob Peterson , Phillip Lougher , Andrew Morton , David Woodhouse , Anna Schumaker , linux-btrfs@vger.kernel.org, Alexander Viro Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org QXNzdW1wdGlvbiBuZXZlciBjaGVja2VkLCBzaG91bGQgZmFpbCBpZiB0aGUgbW91bnRlciBjcmVk cyBhcmUgbm90CnN1ZmZpY2llbnQuCgpTaWduZWQtb2ZmLWJ5OiBNYXJrIFNhbHl6eW4gPHNhbHl6 eW5AYW5kcm9pZC5jb20+CkNjOiBNaWtsb3MgU3plcmVkaSA8bWlrbG9zQHN6ZXJlZGkuaHU+CkNj OiBKb25hdGhhbiBDb3JiZXQgPGNvcmJldEBsd24ubmV0PgpDYzogVml2ZWsgR295YWwgPHZnb3lh bEByZWRoYXQuY29tPgpDYzogRXJpYyBXLiBCaWVkZXJtYW4gPGViaWVkZXJtQHhtaXNzaW9uLmNv bT4KQ2M6IEFtaXIgR29sZHN0ZWluIDxhbWlyNzNpbEBnbWFpbC5jb20+CkNjOiBSYW5keSBEdW5s YXAgPHJkdW5sYXBAaW5mcmFkZWFkLm9yZz4KQ2M6IFN0ZXBoZW4gU21hbGxleSA8c2RzQHR5Y2hv Lm5zYS5nb3Y+CkNjOiBsaW51eC11bmlvbmZzQHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtZG9j QHZnZXIua2VybmVsLm9yZwpDYzogbGludXgta2VybmVsQHZnZXIua2VybmVsLm9yZwpDYzoga2Vy bmVsLXRlYW1AYW5kcm9pZC5jb20KQ2M6IEVyaWMgVmFuIEhlbnNiZXJnZW4gPGVyaWN2aEBnbWFp bC5jb20+CkNjOiBMYXRjaGVzYXIgSW9ua292IDxsdWNob0Bpb25rb3YubmV0PgpDYzogRG9taW5p cXVlIE1hcnRpbmV0IDxhc21hZGV1c0Bjb2Rld3JlY2sub3JnPgpDYzogRGF2aWQgSG93ZWxscyA8 ZGhvd2VsbHNAcmVkaGF0LmNvbT4KQ2M6IENocmlzIE1hc29uIDxjbG1AZmIuY29tPgpDYzogSm9z ZWYgQmFjaWsgPGpvc2VmQHRveGljcGFuZGEuY29tPgpDYzogRGF2aWQgU3RlcmJhIDxkc3RlcmJh QHN1c2UuY29tPgpDYzogSmVmZiBMYXl0b24gPGpsYXl0b25Aa2VybmVsLm9yZz4KQ2M6IFNhZ2Ug V2VpbCA8c2FnZUByZWRoYXQuY29tPgpDYzogSWx5YSBEcnlvbW92IDxpZHJ5b21vdkBnbWFpbC5j b20+CkNjOiBTdGV2ZSBGcmVuY2ggPHNmcmVuY2hAc2FtYmEub3JnPgpDYzogVHlsZXIgSGlja3Mg PHR5aGlja3NAY2Fub25pY2FsLmNvbT4KQ2M6IEphbiBLYXJhIDxqYWNrQHN1c2UuY29tPgpDYzog VGhlb2RvcmUgVHMnbyA8dHl0c29AbWl0LmVkdT4KQ2M6IEFuZHJlYXMgRGlsZ2VyIDxhZGlsZ2Vy Lmtlcm5lbEBkaWxnZXIuY2E+CkNjOiBKYWVnZXVrIEtpbSA8amFlZ2V1a0BrZXJuZWwub3JnPgpD YzogQ2hhbyBZdSA8eXVjaGFvMEBodWF3ZWkuY29tPgpDYzogQm9iIFBldGVyc29uIDxycGV0ZXJz b0ByZWRoYXQuY29tPgpDYzogQW5kcmVhcyBHcnVlbmJhY2hlciA8YWdydWVuYmFAcmVkaGF0LmNv bT4KQ2M6IERhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAaW5mcmFkZWFkLm9yZz4KQ2M6IFJpY2hhcmQg V2VpbmJlcmdlciA8cmljaGFyZEBub2QuYXQ+CkNjOiBEYXZlIEtsZWlrYW1wIDxzaGFnZ3lAa2Vy bmVsLm9yZz4KQ2M6IEdyZWcgS3JvYWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5v cmc+CkNjOiBUZWp1biBIZW8gPHRqQGtlcm5lbC5vcmc+CkNjOiBUcm9uZCBNeWtsZWJ1c3QgPHRy b25kLm15a2xlYnVzdEBoYW1tZXJzcGFjZS5jb20+CkNjOiBBbm5hIFNjaHVtYWtlciA8YW5uYS5z Y2h1bWFrZXJAbmV0YXBwLmNvbT4KQ2M6IE1hcmsgRmFzaGVoIDxtYXJrQGZhc2hlaC5jb20+CkNj OiBKb2VsIEJlY2tlciA8amxiZWNAZXZpbHBsYW4ub3JnPgpDYzogSm9zZXBoIFFpIDxqb3NlcGgu cWlAbGludXguYWxpYmFiYS5jb20+CkNjOiBNaWtlIE1hcnNoYWxsIDxodWJjYXBAb21uaWJvbmQu Y29tPgpDYzogTWFydGluIEJyYW5kZW5idXJnIDxtYXJ0aW5Ab21uaWJvbmQuY29tPgpDYzogQWxl eGFuZGVyIFZpcm8gPHZpcm9AemVuaXYubGludXgub3JnLnVrPgpDYzogUGhpbGxpcCBMb3VnaGVy IDxwaGlsbGlwQHNxdWFzaGZzLm9yZy51az4KQ2M6IERhcnJpY2sgSi4gV29uZyA8ZGFycmljay53 b25nQG9yYWNsZS5jb20+CkNjOiBsaW51eC14ZnNAdmdlci5rZXJuZWwub3JnCkNjOiBIdWdoIERp Y2tpbnMgPGh1Z2hkQGdvb2dsZS5jb20+CkNjOiBEYXZpZCBTLiBNaWxsZXIgPGRhdmVtQGRhdmVt bG9mdC5uZXQ+CkNjOiBBbmRyZXcgTW9ydG9uIDxha3BtQGxpbnV4LWZvdW5kYXRpb24ub3JnPgpD YzogTWF0aGlldSBNYWxhdGVycmUgPG1hbGF0QGRlYmlhbi5vcmc+CkNjOiBFcm5lc3RvIEEuIEZl cm7DoW5kZXogPGVybmVzdG8ubW5kLmZlcm5hbmRlekBnbWFpbC5jb20+CkNjOiBWeWFjaGVzbGF2 IER1YmV5a28gPHNsYXZhQGR1YmV5a28uY29tPgpDYzogdjlmcy1kZXZlbG9wZXJAbGlzdHMuc291 cmNlZm9yZ2UubmV0CkNjOiBsaW51eC1hZnNAbGlzdHMuaW5mcmFkZWFkLm9yZwpDYzogbGludXgt YnRyZnNAdmdlci5rZXJuZWwub3JnCkNjOiBjZXBoLWRldmVsQHZnZXIua2VybmVsLm9yZwpDYzog bGludXgtY2lmc0B2Z2VyLmtlcm5lbC5vcmcKQ2M6IHNhbWJhLXRlY2huaWNhbEBsaXN0cy5zYW1i YS5vcmcKQ2M6IGVjcnlwdGZzQHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtZXh0NEB2Z2VyLmtl cm5lbC5vcmcKQ2M6IGxpbnV4LWYyZnMtZGV2ZWxAbGlzdHMuc291cmNlZm9yZ2UubmV0CkNjOiBs aW51eC1mc2RldmVsQHZnZXIua2VybmVsLm9yZwpDYzogY2x1c3Rlci1kZXZlbEByZWRoYXQuY29t CkNjOiBsaW51eC1tdGRAbGlzdHMuaW5mcmFkZWFkLm9yZwpDYzogamZzLWRpc2N1c3Npb25AbGlz dHMuc291cmNlZm9yZ2UubmV0CkNjOiBsaW51eC1uZnNAdmdlci5rZXJuZWwub3JnCkNjOiBvY2Zz Mi1kZXZlbEBvc3Mub3JhY2xlLmNvbQpDYzogZGV2ZWxAbGlzdHMub3JhbmdlZnMub3JnCkNjOiBy ZWlzZXJmcy1kZXZlbEB2Z2VyLmtlcm5lbC5vcmcKQ2M6IGxpbnV4LW1tQGt2YWNrLm9yZwpDYzog bmV0ZGV2QHZnZXIua2VybmVsLm9yZwpDYzogbGludXgtc2VjdXJpdHktbW9kdWxlQHZnZXIua2Vy bmVsLm9yZwpDYzogc3RhYmxlQHZnZXIua2VybmVsLm9yZyAjIDQuNCwgNC45LCA0LjE0ICYgNC4x OQotLS0KdjExICsgdjEyICsgdjEzIC0gcmViYXNlCgp2MTA6Ci0gcmV0dXJuIE5VTEwgcmF0aGVy IHRoYW4gRVJSX1BUUigtRVBFUk0pCi0gZGlkIF9ub3RfIGFkZCBpdCBvdmxfY2FuX2RlY29kZV9m aCgpIGJlY2F1c2Ugb2YgY2hhbmdlcyBzaW5jZSBsYXN0CiAgcmV2aWV3LCBzdXNwZWN0IG5lZWRz IHRvIGJlIGFkZGVkIHRvIG92bF9sb3dlcl91dWlkX29rKCk/Cgp2OCArIHY5OgotIHJlYmFzZQoK djc6Ci0gVGhpcyB0aW1lIGZvciByZWFsegoKdjY6Ci0gcmViYXNlCgp2NToKLSBkZXBlbmRlbmN5 IG9mICJvdmVybGF5ZnM6IG92ZXJyaWRlX2NyZWRzPW9mZiBvcHRpb24gYnlwYXNzIGNyZWF0b3Jf Y3JlZCIKLS0tCiBmcy9vdmVybGF5ZnMvbmFtZWkuYyB8IDMgKysrCiAxIGZpbGUgY2hhbmdlZCwg MyBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0IGEvZnMvb3ZlcmxheWZzL25hbWVpLmMgYi9mcy9v dmVybGF5ZnMvbmFtZWkuYwppbmRleCBlOTcxN2MyZjdkNDUuLjk3MDJmMGQ1MzA5ZCAxMDA2NDQK LS0tIGEvZnMvb3ZlcmxheWZzL25hbWVpLmMKKysrIGIvZnMvb3ZlcmxheWZzL25hbWVpLmMKQEAg LTE2MSw2ICsxNjEsOSBAQCBzdHJ1Y3QgZGVudHJ5ICpvdmxfZGVjb2RlX3JlYWxfZmgoc3RydWN0 IG92bF9maCAqZmgsIHN0cnVjdCB2ZnNtb3VudCAqbW50LAogCWlmICghdXVpZF9lcXVhbCgmZmgt PnV1aWQsICZtbnQtPm1udF9zYi0+c191dWlkKSkKIAkJcmV0dXJuIE5VTEw7CiAKKwlpZiAoIWNh cGFibGUoQ0FQX0RBQ19SRUFEX1NFQVJDSCkpCisJCXJldHVybiBOVUxMOworCiAJYnl0ZXMgPSAo ZmgtPmxlbiAtIG9mZnNldG9mKHN0cnVjdCBvdmxfZmgsIGZpZCkpOwogCXJlYWwgPSBleHBvcnRm c19kZWNvZGVfZmgobW50LCAoc3RydWN0IGZpZCAqKWZoLT5maWQsCiAJCQkJICBieXRlcyA+PiAy LCAoaW50KWZoLT50eXBlLAotLSAKMi4yMi4wLjc3MC5nMGYyYzRhMzdmZC1nb29nCgoKX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkxpbnV4IE1U RCBkaXNjdXNzaW9uIG1haWxpbmcgbGlzdApodHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWls bWFuL2xpc3RpbmZvL2xpbnV4LW10ZC8K From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.9 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CF28C32751 for ; Wed, 31 Jul 2019 16:58:20 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id D894A206B8 for ; Wed, 31 Jul 2019 16:58:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=android.com header.i=@android.com header.b="jvJzTZBl" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D894A206B8 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=android.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 62D198E0005; Wed, 31 Jul 2019 12:58:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5DCD78E0001; Wed, 31 Jul 2019 12:58:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4A5B58E0005; Wed, 31 Jul 2019 12:58:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 16C068E0001 for ; Wed, 31 Jul 2019 12:58:19 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id d6so37809831pls.17 for ; Wed, 31 Jul 2019 09:58:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=ec+TCYltRZ+0BbWthj8J/cCYhvIm8sHJdK79dSthSdY=; b=FphVxiPxs1rzp+YVeJQ6X20PuH1r+fvpMIZ3iVjLsgGPpq8q/iTWk25zce2aF8h9HX 2B57BYOhzIF56vxrmpq9WXE9WGZpQ+0w1BpEZda2+it9EqGnfdqk0rIPyjA/ZC70wEzh BLkHv2TyBeQ+11FSD5eQA6EriooSAh1hKDOrIhYsEq2VJC6B3CQRQZbQFiunLzKoCtC1 Md+vRk5cxwUDD02ilOYsM/ueXWoWMC6hB28nVVSXoS3AlLdq94JrobjHJudAhektajVg zmJRoQLHz0WLO/Deuu37xLG89cH/g2uJeqSFyQ3BsUmAxM3i8ImUKQ16ZcIsLWLRwqc2 tf+A== X-Gm-Message-State: APjAAAWD0hOhd8i5hXGmAy86DLj7uCZASIyjlctCPEZt5mgJ/e3P4nN+ /N2kZo6ZDSWf0VgwNNY7uUzDLdSSP75PEjjUSHXzGBcsw2nH9T1gEqdGnQnt61H94d1Y9xOXmrL xqc6RIC/gLlO6UJSjfYKlok4mUgGto8yxY2vQSMpKaF5v3Qrl1dUccnoHc75wMdaD9Q== X-Received: by 2002:a17:90a:b908:: with SMTP id p8mr3933519pjr.94.1564592298638; Wed, 31 Jul 2019 09:58:18 -0700 (PDT) X-Received: by 2002:a17:90a:b908:: with SMTP id p8mr3933445pjr.94.1564592297425; Wed, 31 Jul 2019 09:58:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564592297; cv=none; d=google.com; s=arc-20160816; b=kb2thQMdcMGeoUzPNN9mQ9uO+RlIhm5tnP6edHZYGdthwGtKsCApJmQuwbo77Y/SI0 x7XSxRTunZOQw843vNWcOEp5hPw0RNByrKC1hRDSyzg/p0S4m7tIZ6XbXfLvFe+4jkLR koMAd5AADJ9Bo5TEz1DS4xl1yAKSondyOEytEejW46asrtVF1uzjk+VENeSUjC0dmDri MNsbpPsZxi3U9xbeU/B7oboAbOHYOZlRa9VwK5qjeykEerWTJL92ydXbaHW76kyyNKPQ Xq+27tcKj4zQX8cTu4M3IEGj38bZhodQtYlfDzxEmrHn3isJdZz3GlAi6X1UIz6C/tNn liXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=ec+TCYltRZ+0BbWthj8J/cCYhvIm8sHJdK79dSthSdY=; b=WMFWVES6ICX6ohlsztzbqPcGS8u21c4pS86Njwobaz3ZE4QgA66jus8v9okP0Viv1R DJtau25DEmlMUav7jTQL/2X9r8tJqObDIeJSiZ1GO6GiieeErGP9bppJVnELyqzp/iWh +yetYedXD7SwhuS2w8OP62uNViBwTTnK0+eQ3SzdYsoPFZ+0aoHB2CMrziVSK9qFsyD3 DexxewrY0nrstp9jjBcmki0N0BGvl07o3xG3SuDzlfoFoY3j2Ruufs41VpAr87J76L2Q HxhnO284NymXha0glx1XrAgOwaY8b/yQCWSpE7miUuNrGyZYKISUgsy8cy6bUh4DSuVJ viRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@android.com header.s=20161025 header.b=jvJzTZBl; spf=pass (google.com: domain of salyzyn@android.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=salyzyn@android.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=android.com Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id z64sor49951360pfz.10.2019.07.31.09.58.17 for (Google Transport Security); Wed, 31 Jul 2019 09:58:17 -0700 (PDT) Received-SPF: pass (google.com: domain of salyzyn@android.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; Authentication-Results: mx.google.com; dkim=pass header.i=@android.com header.s=20161025 header.b=jvJzTZBl; spf=pass (google.com: domain of salyzyn@android.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=salyzyn@android.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=android.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=android.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ec+TCYltRZ+0BbWthj8J/cCYhvIm8sHJdK79dSthSdY=; b=jvJzTZBlmSeEYN+aZgAO0eQUN/Tk2RrbbnkPYld1oxWv6SRiwJlYMsrXwGgUEYUa4O c8IP9mSiBWfPnPUoMsfcP+avh6N+yXfmsFTOhlk/oLSPrOg61dplHWROkWXV2YCWs182 J1E7UMPHDHumM9VHcwzfpneV57lGJ2pZrUb9g6VVDdWdrNFamw+D+bnFF2HIsMO1otBP QaYE36dCS32zu5Yfvc5rPyb7yUgw4D3O28kjNq/esNyy56+NllVY419E9QCcXJj+lNZ9 n1nsl1oo8VqunmZKSa2BQZLlBHcA0KpEmN1VJDvIZg0i5KfyYr6715FMiAk9Bj8dpLw/ L5lw== X-Google-Smtp-Source: APXvYqwAtm9Oi2dzrneje86zRIini04LNIAE0QYgVNa/tnC71lp2ENoOwAUjSIsPUfgwsF181KbaYg== X-Received: by 2002:a62:6:: with SMTP id 6mr47453483pfa.159.1564592296986; Wed, 31 Jul 2019 09:58:16 -0700 (PDT) Received: from nebulus.mtv.corp.google.com ([2620:15c:211:200:5404:91ba:59dc:9400]) by smtp.gmail.com with ESMTPSA id f72sm2245954pjg.10.2019.07.31.09.58.14 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 31 Jul 2019 09:58:16 -0700 (PDT) From: Mark Salyzyn To: linux-kernel@vger.kernel.org Cc: kernel-team@android.com, Mark Salyzyn , Miklos Szeredi , Jonathan Corbet , Vivek Goyal , "Eric W . Biederman" , Amir Goldstein , Randy Dunlap , Stephen Smalley , linux-unionfs@vger.kernel.org, linux-doc@vger.kernel.org, Eric Van Hensbergen , Latchesar Ionkov , Dominique Martinet , David Howells , Chris Mason , Josef Bacik , David Sterba , Jeff Layton , Sage Weil , Ilya Dryomov , Steve French , Tyler Hicks , Jan Kara , Theodore Ts'o , Andreas Dilger , Jaegeuk Kim , Chao Yu , Bob Peterson , Andreas Gruenbacher , David Woodhouse , Richard Weinberger , Dave Kleikamp , Greg Kroah-Hartman , Tejun Heo , Trond Myklebust , Anna Schumaker , Mark Fasheh , Joel Becker , Joseph Qi , Mike Marshall , Martin Brandenburg , Alexander Viro , Phillip Lougher , "Darrick J . Wong" , linux-xfs@vger.kernel.org, Hugh Dickins , "David S . Miller" , Andrew Morton , Mathieu Malaterre , =?UTF-8?q?Ernesto=20A=20=2E=20Fern=C3=A1ndez?= , Vyacheslav Dubeyko , v9fs-developer@lists.sourceforge.net, linux-afs@lists.infradead.org, linux-btrfs@vger.kernel.org, ceph-devel@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, ecryptfs@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-fsdevel@vger.kernel.org, cluster-devel@redhat.com, linux-mtd@lists.infradead.org, jfs-discussion@lists.sourceforge.net, linux-nfs@vger.kernel.org, ocfs2-devel@oss.oracle.com, devel@lists.orangefs.org, reiserfs-devel@vger.kernel.org, linux-mm@kvack.org, netdev@vger.kernel.org, linux-security-module@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH v13 1/5] overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh Date: Wed, 31 Jul 2019 09:57:56 -0700 Message-Id: <20190731165803.4755-2-salyzyn@android.com> X-Mailer: git-send-email 2.22.0.770.g0f2c4a37fd-goog In-Reply-To: <20190731165803.4755-1-salyzyn@android.com> References: <20190731165803.4755-1-salyzyn@android.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Assumption never checked, should fail if the mounter creds are not sufficient. Signed-off-by: Mark Salyzyn Cc: Miklos Szeredi Cc: Jonathan Corbet Cc: Vivek Goyal Cc: Eric W. Biederman Cc: Amir Goldstein Cc: Randy Dunlap Cc: Stephen Smalley Cc: linux-unionfs@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: kernel-team@android.com Cc: Eric Van Hensbergen Cc: Latchesar Ionkov Cc: Dominique Martinet Cc: David Howells Cc: Chris Mason Cc: Josef Bacik Cc: David Sterba Cc: Jeff Layton Cc: Sage Weil Cc: Ilya Dryomov Cc: Steve French Cc: Tyler Hicks Cc: Jan Kara Cc: Theodore Ts'o Cc: Andreas Dilger Cc: Jaegeuk Kim Cc: Chao Yu Cc: Bob Peterson Cc: Andreas Gruenbacher Cc: David Woodhouse Cc: Richard Weinberger Cc: Dave Kleikamp Cc: Greg Kroah-Hartman Cc: Tejun Heo Cc: Trond Myklebust Cc: Anna Schumaker Cc: Mark Fasheh Cc: Joel Becker Cc: Joseph Qi Cc: Mike Marshall Cc: Martin Brandenburg Cc: Alexander Viro Cc: Phillip Lougher Cc: Darrick J. Wong Cc: linux-xfs@vger.kernel.org Cc: Hugh Dickins Cc: David S. Miller Cc: Andrew Morton Cc: Mathieu Malaterre Cc: Ernesto A. Fernández Cc: Vyacheslav Dubeyko Cc: v9fs-developer@lists.sourceforge.net Cc: linux-afs@lists.infradead.org Cc: linux-btrfs@vger.kernel.org Cc: ceph-devel@vger.kernel.org Cc: linux-cifs@vger.kernel.org Cc: samba-technical@lists.samba.org Cc: ecryptfs@vger.kernel.org Cc: linux-ext4@vger.kernel.org Cc: linux-f2fs-devel@lists.sourceforge.net Cc: linux-fsdevel@vger.kernel.org Cc: cluster-devel@redhat.com Cc: linux-mtd@lists.infradead.org Cc: jfs-discussion@lists.sourceforge.net Cc: linux-nfs@vger.kernel.org Cc: ocfs2-devel@oss.oracle.com Cc: devel@lists.orangefs.org Cc: reiserfs-devel@vger.kernel.org Cc: linux-mm@kvack.org Cc: netdev@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: stable@vger.kernel.org # 4.4, 4.9, 4.14 & 4.19 --- v11 + v12 + v13 - rebase v10: - return NULL rather than ERR_PTR(-EPERM) - did _not_ add it ovl_can_decode_fh() because of changes since last review, suspect needs to be added to ovl_lower_uuid_ok()? v8 + v9: - rebase v7: - This time for realz v6: - rebase v5: - dependency of "overlayfs: override_creds=off option bypass creator_cred" --- fs/overlayfs/namei.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index e9717c2f7d45..9702f0d5309d 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -161,6 +161,9 @@ struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt, if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid)) return NULL; + if (!capable(CAP_DAC_READ_SEARCH)) + return NULL; + bytes = (fh->len - offsetof(struct ovl_fh, fid)); real = exportfs_decode_fh(mnt, (struct fid *)fh->fid, bytes >> 2, (int)fh->type, -- 2.22.0.770.g0f2c4a37fd-goog