From: Christian Brauner <brauner@kernel.org>
To: Tyler Hicks <code@tyhicks.com>, ecryptfs@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org,
Amir Goldstein <amir73il@gmail.com>,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: [PATCH 3/3] ecryptfs: extend ro check to private mount
Date: Fri, 9 Apr 2021 18:24:22 +0200 [thread overview]
Message-ID: <20210409162422.1326565-4-brauner@kernel.org> (raw)
In-Reply-To: <20210409162422.1326565-1-brauner@kernel.org>
From: Christian Brauner <christian.brauner@ubuntu.com>
So far ecryptfs only verified that the superblock wasn't read-only but
didn't check whether the mount was. This made sense when we did not use
a private mount because the read-only state could change at any point.
Now that we have a private mount and mount properties can't change
behind our back extend the read-only check to include the vfsmount.
The __mnt_is_readonly() helper will check both the mount and the
superblock. Note that before we checked root->d_sb and now we check
mnt->mnt_sb but since we have a matching <vfsmount, dentry> pair here
this is only syntactical change, not a semantic one.
Overlayfs and cachefiles have been changed to check this as well.
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Tyler Hicks <code@tyhicks.com>
Cc: ecryptfs@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
fs/ecryptfs/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 9dcf9a0dd37b..cdf37d856c62 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -569,7 +569,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
* 1) The lower mount is ro
* 2) The ecryptfs_encrypted_view mount option is specified
*/
- if (sb_rdonly(path.dentry->d_sb) || mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
+ if (__mnt_is_readonly(mnt) || mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
s->s_flags |= SB_RDONLY;
s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
--
2.27.0
prev parent reply other threads:[~2021-04-09 16:26 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-09 16:24 [PATCH 0/3] ecryptfs: fixes and port to private mounts Christian Brauner
2021-04-09 16:24 ` [PATCH 1/3] ecryptfs: remove unused helpers Christian Brauner
2021-04-19 4:48 ` Tyler Hicks
2021-04-19 13:49 ` Al Viro
2021-04-19 14:22 ` Tyler Hicks
2021-04-19 15:27 ` Al Viro
2021-04-19 14:37 ` Christian Brauner
2021-04-09 16:24 ` [PATCH 2/3] ecryptfs: use private mount in path Christian Brauner
2021-04-10 0:31 ` Al Viro
2021-04-10 12:30 ` Christian Brauner
2021-04-12 8:53 ` Miklos Szeredi
2021-04-09 16:24 ` Christian Brauner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210409162422.1326565-4-brauner@kernel.org \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=christian.brauner@ubuntu.com \
--cc=code@tyhicks.com \
--cc=ecryptfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.