From: Christian Brauner <brauner@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Christian Brauner <brauner@kernel.org>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [GIT PULL] vfs fixes
Date: Sat, 27 Jul 2024 11:05:08 +0200 [thread overview]
Message-ID: <20240727-vfs-fixes-c054317e0d77@brauner> (raw)
/* Summary */
This contains two fixes for this merge window:
VFS:
- I noticed that it is possible for a privileged user to mount most filesystems
with a non-initial user namespace in sb->s_user_ns. When fsopen() is called
in a non-init namespace the caller's namespace is recorded in
fs_context->user_ns. If the returned file descriptor is then passed to a
process privileged in init_user_ns, that process can call
fsconfig(fd_fs, FSCONFIG_CMD_CREATE*), creating a new superblock with
sb->s_user_ns set to the namespace of the process which called fsopen().
This is problematic as only filesystems that raise FS_USERNS_MOUNT are known
to be able to support a non-initial s_user_ns. Others may suffer security
issues, on-disk corruption or outright crash the kernel. Prevent that by
restricting such delegation to filesystems that allow FS_USERNS_MOUNT.
Note, that this delegation requires a privileged process to actually create
the superblock so either the privileged process is cooperaing or someone must
have tricked a privileged process into operating on a fscontext file
descriptor whose origin it doesn't know (a stupid idea).
The bug dates back to about 5 years afaict.
misc:
- Fix hostfs parsing when the mount request comes in via the legacy mount api.
In the legacy mount api hostfs allows to specify the host directory mount
without any key. Restore that behavior.
/* Testing */
clang: Debian clang version 16.0.6 (27)
gcc: (Debian 13.2.0-25) 13.2.0
/* Conflicts */
No known conflicts.
The following changes since commit c33ffdb70cc6df4105160f991288e7d2567d7ffa:
Merge tag 'phy-for-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy (2024-07-24 13:11:28 -0700)
are available in the Git repository at:
git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-6.11-rc1.fixes.3
for you to fetch changes up to ef9ca17ca458ac7253ae71b552e601e49311fc48:
hostfs: fix the host directory parse when mounting. (2024-07-27 09:56:33 +0200)
Please consider pulling these changes from the signed vfs-6.11-rc1.fixes.3 tag.
Thanks!
Christian
----------------------------------------------------------------
vfs-6.11-rc1.fixes.3
----------------------------------------------------------------
Hongbo Li (1):
hostfs: fix the host directory parse when mounting.
Seth Forshee (DigitalOcean) (1):
fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
fs/hostfs/hostfs_kern.c | 65 +++++++++++++++++++++++++++++++++++++++++--------
fs/super.c | 11 +++++++++
2 files changed, 66 insertions(+), 10 deletions(-)
next reply other threads:[~2024-07-27 9:05 UTC|newest]
Thread overview: 191+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-27 9:05 Christian Brauner [this message]
2024-07-27 22:37 ` [GIT PULL] vfs fixes pr-tracker-bot
-- strict thread matches above, loose matches on Subject: below --
2025-09-08 9:45 Christian Brauner
2025-09-08 14:58 ` Linus Torvalds
2025-09-08 15:41 ` pr-tracker-bot
2025-08-19 12:46 Christian Brauner
2025-08-19 17:33 ` pr-tracker-bot
2025-07-25 8:54 Christian Brauner
2025-07-25 15:39 ` pr-tracker-bot
2025-07-19 10:59 Christian Brauner
2025-07-19 18:29 ` pr-tracker-bot
2025-07-04 8:36 Christian Brauner
2025-07-04 17:36 ` pr-tracker-bot
2025-06-16 8:20 Christian Brauner
2025-06-16 16:12 ` pr-tracker-bot
2025-06-02 9:02 Christian Brauner
2025-06-02 22:58 ` pr-tracker-bot
2025-05-23 10:26 Christian Brauner
2025-05-23 14:56 ` pr-tracker-bot
2025-05-12 11:01 Christian Brauner
2025-05-13 3:33 ` pr-tracker-bot
2025-04-25 21:22 Christian Brauner
2025-04-25 23:35 ` pr-tracker-bot
2025-04-19 21:04 Christian Brauner
2025-04-19 21:38 ` pr-tracker-bot
2025-04-14 10:44 Christian Brauner
2025-04-14 17:41 ` pr-tracker-bot
2025-04-02 15:46 Christian Brauner
2025-04-03 0:11 ` pr-tracker-bot
2025-03-20 15:22 Christian Brauner
2025-03-20 21:21 ` pr-tracker-bot
2025-03-13 9:13 Christian Brauner
2025-03-13 19:04 ` pr-tracker-bot
2025-03-06 10:13 Christian Brauner
2025-03-06 18:20 ` pr-tracker-bot
2025-02-25 11:51 Christian Brauner
2025-02-25 17:52 ` pr-tracker-bot
2025-02-17 10:37 Christian Brauner
2025-02-17 18:44 ` pr-tracker-bot
2025-02-07 10:52 Christian Brauner
2025-02-07 22:25 ` pr-tracker-bot
2025-01-10 15:16 Christian Brauner
2025-01-10 18:12 ` pr-tracker-bot
2025-01-06 15:32 Christian Brauner
2025-01-06 18:40 ` pr-tracker-bot
2024-11-27 15:41 Christian Brauner
2024-11-27 16:14 ` Linus Torvalds
2024-11-27 16:15 ` pr-tracker-bot
2024-11-01 12:43 Christian Brauner
2024-11-01 17:48 ` pr-tracker-bot
2024-10-21 11:46 Christian Brauner
2024-10-21 18:27 ` pr-tracker-bot
2024-10-03 9:00 Christian Brauner
2024-10-03 16:53 ` pr-tracker-bot
2024-09-30 13:46 Christian Brauner
2024-09-30 20:21 ` pr-tracker-bot
2024-09-04 12:03 Christian Brauner
2024-09-04 16:46 ` pr-tracker-bot
2024-08-26 15:25 Christian Brauner
2024-08-27 5:04 ` pr-tracker-bot
2024-08-14 13:29 Christian Brauner
2024-08-14 16:28 ` pr-tracker-bot
2024-07-24 9:19 Christian Brauner
2024-07-24 17:19 ` pr-tracker-bot
2024-07-18 9:01 Christian Brauner
2024-07-19 1:04 ` pr-tracker-bot
2024-07-11 5:09 Christian Brauner
2024-07-11 19:24 ` pr-tracker-bot
2024-07-02 19:44 Christian Brauner
2024-07-02 20:56 ` pr-tracker-bot
2024-07-01 11:53 Christian Brauner
2024-07-01 16:49 ` pr-tracker-bot
2024-06-10 14:09 Christian Brauner
2024-06-11 19:15 ` Linus Torvalds
2024-06-12 11:30 ` Christian Brauner
2024-06-11 23:42 ` pr-tracker-bot
2024-05-27 11:55 Christian Brauner
2024-05-27 15:30 ` pr-tracker-bot
2024-04-26 14:59 Christian Brauner
2024-04-26 18:09 ` pr-tracker-bot
2024-04-05 11:22 Christian Brauner
2024-04-05 17:09 ` pr-tracker-bot
2024-03-18 12:19 Christian Brauner
2024-03-18 16:48 ` pr-tracker-bot
2024-03-18 19:14 ` Linus Torvalds
2024-03-18 19:41 ` Linus Torvalds
2024-03-19 6:58 ` Christian Brauner
2024-03-20 10:21 ` Christian Brauner
2024-03-06 15:45 Christian Brauner
2024-03-06 16:33 ` pr-tracker-bot
2024-03-01 12:45 Christian Brauner
2024-03-01 20:37 ` pr-tracker-bot
2024-02-22 14:03 Christian Brauner
2024-02-22 18:18 ` pr-tracker-bot
2024-02-12 13:00 Christian Brauner
2024-02-12 17:03 ` pr-tracker-bot
2024-01-13 12:31 Christian Brauner
2024-01-17 20:03 ` pr-tracker-bot
2023-11-24 10:27 Christian Brauner
2023-11-24 18:25 ` Linus Torvalds
2023-11-24 18:52 ` Linus Torvalds
2023-11-24 20:12 ` Linus Torvalds
2023-11-25 13:05 ` Christian Brauner
2023-11-25 13:10 ` Christian Brauner
2023-11-25 13:28 ` Omar Sandoval
2023-11-25 14:04 ` Christian Brauner
2023-11-24 18:26 ` pr-tracker-bot
2023-10-19 10:07 Christian Brauner
2023-10-19 16:37 ` Linus Torvalds
2023-10-20 11:14 ` Christian Brauner
2023-10-19 18:36 ` pr-tracker-bot
2023-09-26 10:39 Christian Brauner
2023-09-26 16:14 ` pr-tracker-bot
2023-07-06 11:52 Christian Brauner
2023-07-07 2:27 ` pr-tracker-bot
2023-07-02 11:28 Christian Brauner
2023-07-02 18:53 ` pr-tracker-bot
2023-05-25 12:22 Christian Brauner
2023-05-25 18:18 ` pr-tracker-bot
2023-05-12 15:31 Christian Brauner
2023-05-12 22:14 ` pr-tracker-bot
2023-04-03 11:04 Christian Brauner
2023-04-03 16:51 ` pr-tracker-bot
2023-03-12 12:18 Christian Brauner
2023-03-12 16:20 ` pr-tracker-bot
2020-09-22 21:29 [git pull] " Al Viro
2020-09-22 22:15 ` pr-tracker-bot
[not found] <CAHk-=wgdsv1UA+QtgiJM8KQAG7N7_9iK_edchnzZYyj+nxmfLA@mail.gmail.com>
[not found] ` <20200113195448.GT8904@ZenIV.linux.org.uk>
[not found] ` <CAHk-=whn5qk-e-KnYr6HNe5hp45v+XyDbsA2+szXvK3gC06A2w@mail.gmail.com>
2020-01-15 6:41 ` Al Viro
2020-01-15 19:35 ` pr-tracker-bot
2018-07-01 12:31 Al Viro
2018-07-01 19:36 ` Linus Torvalds
2018-07-01 20:05 ` Al Viro
2018-07-01 20:25 ` Linus Torvalds
2018-04-20 15:58 Al Viro
2018-04-20 18:29 ` Andrew Morton
2018-04-20 19:09 ` Al Viro
2018-04-20 19:57 ` Andrew Morton
2017-06-17 2:56 Al Viro
2017-04-09 5:40 Al Viro
2017-04-11 6:10 ` Linus Torvalds
2017-04-11 6:48 ` Al Viro
2017-04-11 21:02 ` Andreas Dilger
2017-04-12 7:00 ` Linus Torvalds
2017-04-15 6:41 ` Vegard Nossum
2017-04-15 16:51 ` Linus Torvalds
2017-04-15 17:08 ` Al Viro
2017-04-02 17:01 Al Viro
2017-04-02 23:59 ` Linus Torvalds
2017-04-03 0:10 ` Linus Torvalds
2017-04-03 0:30 ` Al Viro
2017-04-03 0:43 ` Al Viro
2017-04-03 0:58 ` Linus Torvalds
2017-04-03 2:21 ` Al Viro
2017-04-03 6:00 ` Eric W. Biederman
2017-04-03 7:46 ` Al Viro
2017-04-04 0:22 ` Ian Kent
2017-04-04 0:47 ` Ian Kent
2017-04-03 0:20 ` Al Viro
2016-06-17 20:50 Q. hlist_bl_add_head_rcu() in d_alloc_parallel() J. R. Okajima
2016-06-17 22:16 ` Al Viro
2016-06-19 5:24 ` J. R. Okajima
2016-06-19 16:55 ` Al Viro
2016-06-20 4:34 ` J. R. Okajima
2016-06-20 5:35 ` Al Viro
2016-06-20 14:51 ` Al Viro
2016-06-20 17:14 ` [git pull] vfs fixes Al Viro
2016-06-08 2:12 Al Viro
2016-05-28 0:10 Al Viro
2016-02-28 1:09 Al Viro
2014-09-14 19:47 Al Viro
2014-09-26 20:38 ` Joachim Eastwood
2014-09-26 20:46 ` Joachim Eastwood
2014-09-26 20:58 ` Al Viro
2014-09-26 21:28 ` Joachim Eastwood
2014-09-26 21:52 ` Joachim Eastwood
2014-03-24 22:58 Imre Deak
2014-03-25 7:21 ` Sedat Dilek
2014-03-23 7:16 Al Viro
2014-03-23 10:57 ` Sedat Dilek
2014-03-23 15:35 ` Al Viro
2014-03-23 16:56 ` Al Viro
2014-03-23 16:36 ` Linus Torvalds
2014-03-23 16:45 ` Al Viro
2014-03-23 17:01 ` Linus Torvalds
2014-03-24 8:52 ` Sedat Dilek
2014-03-25 0:46 ` Linus Torvalds
2014-03-26 16:36 ` Sedat Dilek
2014-03-26 20:55 ` Linus Torvalds
2014-03-27 6:14 ` Sedat Dilek
2014-03-30 20:33 ` Al Viro
2014-03-30 20:55 ` Al Viro
2014-03-30 22:39 ` Linus Torvalds
2014-03-30 23:21 ` Al Viro
2013-06-22 7:16 Al Viro
2013-03-27 0:36 Al Viro
2012-03-10 21:30 Al Viro
2012-03-10 21:49 ` Linus Torvalds
2012-03-10 22:14 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240727-vfs-fixes-c054317e0d77@brauner \
--to=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).