From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AF32C433F5 for ; Thu, 28 Apr 2022 04:45:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242734AbiD1Es1 (ORCPT ); Thu, 28 Apr 2022 00:48:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57302 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241924AbiD1EsY (ORCPT ); Thu, 28 Apr 2022 00:48:24 -0400 Received: from zeniv-ca.linux.org.uk (zeniv-ca.linux.org.uk [IPv6:2607:5300:60:148a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3FFCF674D8; Wed, 27 Apr 2022 21:45:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=PKck+ahOM9JYfjxEvY1h8doWdu47MA0NkSVDcynutLE=; b=etijgdrfsUmnOgdRbR9BCXfDkx S+h4q9WlUjltQhgk6O7EQeJOAVVKvDnhlta2vXI8f+7GTcZkijOQhrhRD3NGEmXxCad3PHAHtNuyz msCVuWH6fLTq2oh16p6CQ71pfB26kDT8aMgdnYJtkGIKZh6Se+frROc2qT26tUyuU44SHgHPgrqRE fojw5QHR1mO2rp27+CS7Zj9hg2viCrDd2aclUt0qLM5JVrcJqpHPTSTpiYSUZkn2ffmfTSe/Zl/VS HEnIGbL8IVeiaXMivZ2zxKGtoMjKDqJ4IhdrFWdG6ao8T43jj/Iun9mbn+nDYwVqrn9SM3vtg25gh /CDdvpSA==; Received: from viro by zeniv-ca.linux.org.uk with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1njw1Z-00A80A-Jq; Thu, 28 Apr 2022 04:45:05 +0000 Date: Thu, 28 Apr 2022 04:45:05 +0000 From: Al Viro To: Christian Brauner Cc: Yang Xu , Dave Chinner , "Darrick J. Wong" , Matthew Wilcox , Jeff Layton , Miklos Szeredi , Amir Goldstein , linux-fsdevel , ceph-devel Subject: Re: [PATCH v8 3/4] fs: move S_ISGID stripping into the vfs Message-ID: References: <1650971490-4532-1-git-send-email-xuyang2018.jy@fujitsu.com> <1650971490-4532-3-git-send-email-xuyang2018.jy@fujitsu.com> <20220426103846.tzz66f2qxcxykws3@wittgenstein> <20220426145349.zxmahoq2app2lhip@wittgenstein> <20220427092201.wvsdjbnc7b4dttaw@wittgenstein> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220427092201.wvsdjbnc7b4dttaw@wittgenstein> Sender: Al Viro Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Wed, Apr 27, 2022 at 11:22:01AM +0200, Christian Brauner wrote: > +static inline umode_t vfs_prepare_mode(struct user_namespace *mnt_userns, > + const struct inode *dir, umode_t mode, > + umode_t mask_perms, umode_t type) > +{ > + /* > + * S_ISGID stripping depends on the mode of the new file so make sure > + * that the caller gives us this information and splat if we miss it. > + */ > + WARN_ON_ONCE((mode & S_IFMT) == 0); First of all, what happens if you call mknod("/tmp/blah", 0, 0)? And the only thing about type bits we care about is "is it a directory" - the sensitive stuff is in the low 12 bits... What is that check about? > + mode = mode_strip_sgid(mnt_userns, dir, mode); > + mode = mode_strip_umask(dir, mode); > + > + /* > + * Apply the vfs mandated allowed permission mask and set the type of > + * file to be created before we call into the filesystem. > + */ > + mode &= (mask_perms & ~S_IFMT); > + mode |= (type & S_IFMT); > + > + return mode;