From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932210AbbCQCrB (ORCPT ); Mon, 16 Mar 2015 22:47:01 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:35398 "EHLO out3-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753864AbbCQCqE (ORCPT ); Mon, 16 Mar 2015 22:46:04 -0400 X-Sasl-enc: 2k4HNm5UWDveGqO77h+o0JaQhL5ThoaefctNeG9M4Cyp 1426560363 Subject: [RFC PATCH v4 09/12] nfs - cache_lib use namespace if not executing in init namespace From: Ian Kent To: Kernel Mailing List Cc: David Howells , Oleg Nesterov , Trond Myklebust , "J. Bruce Fields" , Benjamin Coddington , Al Viro , Jeff Layton , "Eric W. Biederman" Date: Tue, 17 Mar 2015 10:45:49 +0800 Message-ID: <20150317024548.24592.48219.stgit@pluto.fritz.box> In-Reply-To: <20150317022308.24592.35785.stgit@pluto.fritz.box> References: <20150317022308.24592.35785.stgit@pluto.fritz.box> User-Agent: StGit/0.17-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ian Kent If pipefs is registered within a namespace other than the root init namespace subsequent pipefs requests should be run within the init namespace of registration. Signed-off-by: Ian Kent Cc: Benjamin Coddington Cc: Al Viro Cc: J. Bruce Fields Cc: David Howells Cc: Trond Myklebust Cc: Oleg Nesterov Cc: Eric W. Biederman Cc: Jeff Layton --- fs/nfs/cache_lib.c | 7 ++++++- include/linux/sunrpc/cache.h | 2 ++ net/sunrpc/cache.c | 5 +++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/nfs/cache_lib.c b/fs/nfs/cache_lib.c index 5f7b053..4f381ad 100644 --- a/fs/nfs/cache_lib.c +++ b/fs/nfs/cache_lib.c @@ -48,7 +48,12 @@ int nfs_cache_upcall(struct cache_detail *cd, char *entry_name) if (nfs_cache_getent_prog[0] == '\0') goto out; - ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); + if (cd->u.pipefs.umh_token) { + long token = cd->u.pipefs.umh_token; + ret = call_usermodehelper_ns(argv[0], argv, envp, + UMH_WAIT_EXEC, token); + } else + ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); /* * Disable the upcall mechanism if we're getting an ENOENT or * EACCES error. The admin can re-enable it on the fly by using diff --git a/include/linux/sunrpc/cache.h b/include/linux/sunrpc/cache.h index 437ddb6..f6c1eb2 100644 --- a/include/linux/sunrpc/cache.h +++ b/include/linux/sunrpc/cache.h @@ -68,6 +68,8 @@ struct cache_detail_procfs { struct cache_detail_pipefs { struct dentry *dir; + /* Namespace token */ + long umh_token; }; struct cache_detail { diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c index 5199bb1..a635efb 100644 --- a/net/sunrpc/cache.c +++ b/net/sunrpc/cache.c @@ -1811,6 +1811,9 @@ int sunrpc_cache_register_pipefs(struct dentry *parent, if (IS_ERR(dir)) return PTR_ERR(dir); cd->u.pipefs.dir = dir; + if (cd->net != &init_net) + cd->u.pipefs.umh_token = + umh_ns_get_token(cd->u.pipefs.umh_token); return 0; } EXPORT_SYMBOL_GPL(sunrpc_cache_register_pipefs); @@ -1819,6 +1822,8 @@ void sunrpc_cache_unregister_pipefs(struct cache_detail *cd) { rpc_remove_cache_dir(cd->u.pipefs.dir); cd->u.pipefs.dir = NULL; + umh_ns_put_token(cd->u.pipefs.umh_token); + cd->u.pipefs.umh_token = 0; } EXPORT_SYMBOL_GPL(sunrpc_cache_unregister_pipefs);