Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2583566imm;
        Thu, 11 Oct 2018 12:38:31 -0700 (PDT)
X-Google-Smtp-Source: ACcGV62KpID7bup6yfb+29ufOJ+y8Ec0VlF0SGdV/pZqjDVe2QPssRJHiHTjhnEJcD7YlTCJtWG0
X-Received: by 2002:a17:902:6a:: with SMTP id 97-v6mr2671105pla.276.1539286711514;
        Thu, 11 Oct 2018 12:38:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539286711; cv=none;
        d=google.com; s=arc-20160816;
        b=ofK9Rr0RMoRBfDfOpZ9U3RzYFzkheNbK309z3uxMm88IkDy/6j5gi7L16BBKbZjwWO
         NTTW6WbZT/zTyTdgaJsly/+9clcM73RPrh3kYUM5Ig2GU8FtkgowQgfQ/nAMn8Ms01KZ
         UQ4cXRqoubwrvyz0roVYVBo5hffWZuY+dm3I0PcePI9iocH3IFoHG2SfZZUnRIwZbURs
         G6n45dgT2jVT1/quo2eJtA/Uekjgsqsk8W3gQz8lhIZkB1onyR89L7SHZmWpInvPZttX
         WKQt7bx85HNh7gC9cVbSlG256+V3idKsWut3geGOK5I0Y9X1ZlwBKjNAZTyZI7NtgnU2
         4sjA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:subject:mime-version:user-agent
         :message-id:in-reply-to:date:references:cc:to:from;
        bh=r7hdvWARqWP6auaJ/RKIQzR9unGCYNrmm8a11QxQZ+g=;
        b=wHCD29taqO5Pv/zWMHaKEbqAyPJvUMTEj5L0ATJdG13PpEkNcQ/43lq8lEQVmYiJVC
         9MTl0PIyguXgX2bnb7GdtJXWgoog8CP3SnSjg8eD/xnYOFKURPeXOu/jR/YMA2jlOutr
         bcfPPnRDdZhLKiiXMPX/K1YrNTZjFjl8IHAZRc9vf2rflLQ0ly4sdLlml42ot82PdNfB
         CrB8yk3XBATM1LCDgdwbiiSKKKNZ4SqHSmYj1oetELOoNPUZo6jvfZtU97Iy0gkhQdI9
         cYrT3xs4VMfxMAB0WXcrd8tx4x6sDEDf/Fld3WNFZcU0QMcPX5eO1tARr9kmRX9Pd2eS
         EHcQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n188-v6si27343426pfn.113.2018.10.11.12.38.16;
        Thu, 11 Oct 2018 12:38:31 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729373AbeJLCHN (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Thu, 11 Oct 2018 22:07:13 -0400
Received: from out02.mta.xmission.com ([166.70.13.232]:56631 "EHLO
        out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728164AbeJLCHN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 11 Oct 2018 22:07:13 -0400
Received: from in01.mta.xmission.com ([166.70.13.51])
        by out02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1gAfrC-0005bm-Eq; Thu, 11 Oct 2018 12:38:46 -0600
Received: from 67-3-154-154.omah.qwest.net ([67.3.154.154] helo=x220.xmission.com)
        by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1gAfr8-00086b-Nu; Thu, 11 Oct 2018 12:38:46 -0600
From:   ebiederm@xmission.com (Eric W. Biederman)
To:     David Howells <dhowells@redhat.com>
Cc:     Alan Jenkins <alan.christopher.jenkins@gmail.com>,
        viro@zeniv.linux.org.uk, torvalds@linux-foundation.org,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        mszeredi@redhat.com
References: <5c6f3d62-4cec-2aea-4693-62928611c526@gmail.com>
        <153754740781.17872.7869536526927736855.stgit@warthog.procyon.org.uk>
        <153754743491.17872.12115848333103740766.stgit@warthog.procyon.org.uk>
        <de050902-f3d0-b2db-2627-983a36c87b3c@gmail.com>
        <862e36a2-2a6f-4e26-3228-8cab4b4cf230@gmail.com>
        <17405.1539272035@warthog.procyon.org.uk>
Date:   Thu, 11 Oct 2018 13:38:31 -0500
In-Reply-To: <17405.1539272035@warthog.procyon.org.uk> (David Howells's
        message of "Thu, 11 Oct 2018 16:33:55 +0100")
Message-ID: <87sh1cqqfs.fsf@xmission.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-XM-SPF: eid=1gAfr8-00086b-Nu;;;mid=<87sh1cqqfs.fsf@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=67.3.154.154;;;frm=ebiederm@xmission.com;;;spf=neutral
X-XM-AID: U2FsdGVkX18VEsie434TnCovjye8QVPcVR1KblGZ4Co=
X-SA-Exim-Connect-IP: 67.3.154.154
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on sa01.xmission.com
X-Spam-Level: ****
X-Spam-Status: No, score=4.7 required=8.0 tests=ALL_TRUSTED,BAYES_50,
        DCC_CHECK_NEGATIVE,LotsOfNums_01,TR_Symld_Words,TVD_RCVD_IP,
        T_TM2_M_HEADER_IN_MSG,T_TooManySym_01,T_TooManySym_02,T_TooManySym_03,
        XMNoVowels,XMSubLong autolearn=disabled version=3.4.0
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
        *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
        *      [score: 0.5000]
        *  1.5 TR_Symld_Words too many words that have symbols inside
        *  0.7 XMSubLong Long Subject
        *  1.5 XMNoVowels Alpha-numberic number with no vowels
        *  0.0 TVD_RCVD_IP Message was received from an IP address
        *  0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available.
        *  1.2 LotsOfNums_01 BODY: Lots of long strings of numbers
        * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
        *      [sa01 1397; Body=1 Fuz1=1 Fuz2=1]
        *  0.0 T_TooManySym_01 4+ unique symbols in subject
        *  0.0 T_TooManySym_02 5+ unique symbols in subject
        *  0.0 T_TooManySym_03 6+ unique symbols in subject
X-Spam-DCC: XMission; sa01 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: ****;David Howells <dhowells@redhat.com>
X-Spam-Relay-Country: 
X-Spam-Timing: total 3170 ms - load_scoreonly_sql: 0.05 (0.0%),
        signal_user_changed: 2.8 (0.1%), b_tie_ro: 1.85 (0.1%), parse: 1.39 (0.0%),
        extract_message_metadata: 30 (1.0%), get_uri_detail_list: 28 (0.9%),
        tests_pri_-1000: 39 (1.2%), tests_pri_-950: 2.1 (0.1%), tests_pri_-900: 22
        (0.7%), tests_pri_-400: 142 (4.5%), check_bayes: 139 (4.4%), b_tokenize: 54
        (1.7%), b_tok_get_all: 30 (0.9%), b_comp_prob: 17 (0.5%), b_tok_touch_all: 15
        (0.5%), b_finish: 4.3 (0.1%), tests_pri_0: 2738 (86.4%),
        check_dkim_signature: 17 (0.5%), check_dkim_adsp: 12 (0.4%), tests_pri_10: 16
        (0.5%), tests_pri_500: 58 (1.8%), rewrite_mail: 0.00 (0.0%)
Subject: Re: [PATCH 03/34] teach move_mount(2) to work with OPEN_TREE_CLONE [ver #12]
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

David Howells <dhowells@redhat.com> writes:

> Okay, this appears to fix the cycle-creation problem.
>
> It could probably be improved by comparing sequence numbers as Alan suggests,
> but I need to work out how to get at that.

It should just be a matter of replacing the test
"if (p->mnt.mnt_sb->s_type == &nsfs)" with "if mnt_ns_loop(p->mnt.mnt_root)"

That would allow reusing 100% of the existing logic, and remove the need
to export file_system_type nsfs;

As your test exists below it will reject a lot more than mount namespace
file descriptors.  It will reject file descriptors for every other
namespace as well.

Eric

> ---
> commit 069c3376f7849044117c866aeafbb1a525f84926
> Author: David Howells <dhowells@redhat.com>
> Date:   Thu Oct 4 23:18:59 2018 +0100
>
>     fixes
>
> diff --git a/fs/internal.h b/fs/internal.h
> index 17029b30e196..47a6c80c3c51 100644
> --- a/fs/internal.h
> +++ b/fs/internal.h
> @@ -172,6 +172,7 @@ extern void mnt_pin_kill(struct mount *m);
>   * fs/nsfs.c
>   */
>  extern const struct dentry_operations ns_dentry_operations;
> +extern struct file_system_type nsfs;
>  
>  /*
>   * fs/ioctl.c
> diff --git a/fs/namespace.c b/fs/namespace.c
> index e969ded7d54b..25ecd8b3c76b 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2388,6 +2388,27 @@ static inline int tree_contains_unbindable(struct mount *mnt)
>  	return 0;
>  }
>  
> +/*
> + * Object if there are any nsfs mounts in the specified subtree.  These can act
> + * as pins for mount namespaces that aren't checked by the mount-cycle checking
> + * code, thereby allowing cycles to be made.
> + */
> +static bool check_for_nsfs_mounts(struct mount *subtree)
> +{
> +	struct mount *p;
> +	bool ret = false;
> +
> +	lock_mount_hash();
> +	for (p = subtree; p; p = next_mnt(p, subtree))
> +		if (p->mnt.mnt_sb->s_type == &nsfs)
> +			goto out;
> +
> +	ret = true;
> +out:
> +	unlock_mount_hash();
> +	return ret;
> +}
> +
>  static int do_move_mount(struct path *old_path, struct path *new_path)
>  {
>  	struct path parent_path = {.mnt = NULL, .dentry = NULL};
> @@ -2442,6 +2463,8 @@ static int do_move_mount(struct path *old_path, struct path *new_path)
>  	if (IS_MNT_SHARED(p) && tree_contains_unbindable(old))
>  		goto out1;
>  	err = -ELOOP;
> +	if (!check_for_nsfs_mounts(old))
> +		goto out1;
>  	for (; mnt_has_parent(p); p = p->mnt_parent)
>  		if (p == old)
>  			goto out1;
> diff --git a/fs/nsfs.c b/fs/nsfs.c
> index f069eb6495b0..d3abcd5c2a23 100644
> --- a/fs/nsfs.c
> +++ b/fs/nsfs.c
> @@ -269,7 +269,7 @@ static struct dentry *nsfs_mount(struct file_system_type *fs_type,
>  	return mount_pseudo(fs_type, "nsfs:", &nsfs_ops,
>  			&ns_dentry_operations, NSFS_MAGIC);
>  }
> -static struct file_system_type nsfs = {
> +struct file_system_type nsfs = {
>  	.name = "nsfs",
>  	.mount = nsfs_mount,
>  	.kill_sb = kill_anon_super,