From: Amir Goldstein <amir73il@gmail.com>
To: Jeff Layton <jlayton@kernel.org>
Cc: Christian Brauner <brauner@kernel.org>,
Aleksa Sarai <cyphar@cyphar.com>,
Chuck Lever <chuck.lever@oracle.com>,
linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org
Subject: [PATCH v2 2/2] fs: open_by_handle_at() support for decoding "explicit connectable" file handles
Date: Mon, 23 Sep 2024 10:28:29 +0200 [thread overview]
Message-ID: <20240923082829.1910210-3-amir73il@gmail.com> (raw)
In-Reply-To: <20240923082829.1910210-1-amir73il@gmail.com>
Teach open_by_handle_at(2) about the type format of "explicit connectable"
file handles that were created using the AT_HANDLE_CONNECTABLE flag to
name_to_handle_at(2).
When decoding an "explicit connectable" file handles, name_to_handle_at(2)
should fail if it cannot open a "connected" fd with known path, which is
accessible (to capable user) from mount fd path.
Note that this does not check if the path is accessible to the calling
user, just that it is accessible wrt the mount namesapce, so if there
is no "connected" alias, or if parts of the path are hidden in the
mount namespace, open_by_handle_at(2) will return -ESTALE.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
fs/fhandle.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/fs/fhandle.c b/fs/fhandle.c
index 6c87f1764235..68e59141f67b 100644
--- a/fs/fhandle.c
+++ b/fs/fhandle.c
@@ -247,7 +247,13 @@ static int vfs_dentry_acceptable(void *context, struct dentry *dentry)
if (!(ctx->flags & HANDLE_CHECK_SUBTREE) || d == root)
retval = 1;
- WARN_ON_ONCE(d != root && d != root->d_sb->s_root);
+ /*
+ * exportfs_decode_fh_raw() does not call acceptable() callback with
+ * a disconnected directory dentry, so we should have reached either
+ * mount fd directory or sb root.
+ */
+ if (ctx->fh_flags & EXPORT_FH_DIR_ONLY)
+ WARN_ON_ONCE(d != root && d != root->d_sb->s_root);
dput(d);
return retval;
}
@@ -346,10 +352,19 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
retval = -EINVAL;
goto out_path;
}
- if (f_handle.handle_flags) {
+ if (f_handle.handle_flags & ~EXPORT_FH_USER_FLAGS) {
retval = -EINVAL;
goto out_path;
}
+ /*
+ * If handle was encoded with AT_HANDLE_CONNECTABLE, verify that we
+ * are decoding an fd with connected path, which is accessible from
+ * the mount fd path.
+ */
+ ctx.fh_flags |= f_handle.handle_flags;
+ if (ctx.fh_flags & EXPORT_FH_CONNECTABLE)
+ ctx.flags |= HANDLE_CHECK_SUBTREE;
+
handle = kmalloc(struct_size(handle, f_handle, f_handle.handle_bytes),
GFP_KERNEL);
if (!handle) {
--
2.34.1
next prev parent reply other threads:[~2024-09-23 8:28 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-23 8:28 [PATCH v2 0/2] API for exporting connectable file handles to userspace Amir Goldstein
2024-09-23 8:28 ` [PATCH v2 1/2] fs: name_to_handle_at() support for "explicit connectable" file handles Amir Goldstein
2024-09-23 8:28 ` Amir Goldstein [this message]
2024-09-25 9:13 ` [PATCH v2 0/2] API for exporting connectable file handles to userspace Christian Brauner
2024-10-07 15:26 ` Amir Goldstein
2024-10-07 18:09 ` Chuck Lever III
2024-10-08 10:43 ` Amir Goldstein
2024-10-08 11:07 ` Jeff Layton
2024-10-08 13:11 ` Amir Goldstein
2024-10-08 13:43 ` Jeff Layton
2024-10-08 14:50 ` Amir Goldstein
2024-10-09 9:40 ` Jan Kara
2024-10-09 15:16 ` Amir Goldstein
2024-10-09 15:47 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240923082829.1910210-3-amir73il@gmail.com \
--to=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=cyphar@cyphar.com \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox