Re: mount_pseudo(), sget() and MS_KERNMOUNT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Luis Ressel <aranea@aixah.de>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: mount_pseudo(), sget() and MS_KERNMOUNT
Date: Wed, 04 Jan 2017 17:20:11 +1300	[thread overview]
Message-ID: <87a8b7318k.fsf@xmission.com> (raw)
In-Reply-To: <20161227112037.015dc5ac@gentp.lnet> (Luis Ressel's message of "Tue, 27 Dec 2016 11:20:37 +0100")

Luis Ressel <aranea@aixah.de> writes:

> Hello,
>
> With Linux 4.8, the sget() function in fs/super.c got a new permission
> check: It now returns -EPERM if
> (!(flags & MS_KERNMOUNT) && !ns_capable(user_ns, CAP_SYS_ADMIN)) .
>
> I presume the first half is intented to detect in-kernel mounts? If so,
> why doesn't mount_pseudo() (in fs/libfs.c) pass the MS_KERNMOUNT flag
> to sget()?

It looks like an oversight that has simply not mattered.

> This behaviour has caused a problem for me: During graphics driver
> initalization, drm_fs_inode_new() (in drivers/gpu/drm/drm_drv.c) calls
> simple_pin_fs(). The MS_KERNMOUNT flag is indeed passed down the
> call chain from there, but it is lost when mount_pseudo() is called, as
> that function doesn't take a 'flags' argument.
>
> Hence, the first part of the above permission check fails. (The second
> part also fails under some cicumstances due to a SELinux quirk, and
> therefore the initalization of my graphics driver doesn't succeed.)

I am concerned that perhaps there is some wrong context in here that is
causing SELinux to have problems.

Does this correct your symptoms?

Eric

diff --git a/fs/libfs.c b/fs/libfs.c
index e973cd51f126..28d6f35feed6 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -245,7 +245,8 @@ struct dentry *mount_pseudo_xattr(struct file_system_type *fs_type, char *name,
 	struct inode *root;
 	struct qstr d_name = QSTR_INIT(name, strlen(name));
 
-	s = sget(fs_type, NULL, set_anon_super, MS_NOUSER, NULL);
+	s = sget_userns(fs_type, NULL, set_anon_super, MS_KERNMOUNT|MS_NOUSER,
+			&init_user_ns, NULL);
 	if (IS_ERR(s))
 		return ERR_CAST(s);

     prev parent reply	other threads:[~2017-01-04  4:24 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-27 10:20 mount_pseudo(), sget() and MS_KERNMOUNT Luis Ressel
2017-01-04  4:20 ` Eric W. Biederman [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e973cd51f12 dfblob:28d6f35feed )
 OR (
bs:"Re: mount_pseudo(), sget() and MS_KERNMOUNT" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87a8b7318k.fsf@xmission.com \
    --to=ebiederm@xmission.com \
    --cc=aranea@aixah.de \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.