Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp859609imm;
        Fri, 12 Oct 2018 07:51:51 -0700 (PDT)
X-Google-Smtp-Source: ACcGV60lCFffmY+MFXkfoh40a+HNhyyGTbcAyM4VbOIwBpPz6A5W0soUz2rttUlWvY5ACesJGC4V
X-Received: by 2002:a62:6643:: with SMTP id a64-v6mr6389668pfc.202.1539355911307;
        Fri, 12 Oct 2018 07:51:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539355911; cv=none;
        d=google.com; s=arc-20160816;
        b=eQhsR2obEbaeysLCZSIAarmqLtSC6bNGQlwtWM5B3ndbClet1P6C8Ip11dV0XKoEQe
         0Q1QFhi8PrlJRyRR5WMv+ljJxN4NpkRCuiwSvhW+J2lgU9lKlnS057aEyGvDNUz/y61S
         N7jXOVILxXHiUUVo0Xp6pfADP2pyj334NDdGI5ejMsjhmcu2uUzyv5WxRXhCrF4vHr9w
         patYB2/eBMpyt1kZNEHEhnjNIk4clGakqlC7WhwFB9+25O+Rn0DTaDBuKSjFro2b6Jfe
         88F0Qr3JFl0BLk8ZcssG6YtlzmHEKDWo2f15nR0WiSysk2mEJM1vQ6iUnIBsK/aMMuNI
         CQbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=URJ9cAc5Hfi0QMR9lhmKp6UO9+S24BzXUI/kJ3VFHC4=;
        b=Gr+UzdvBVGL5gey2HdJVAfbTdIytICGabrFeoaqixPRNRnRO9aTBUGKAX1yvkWv4/N
         Q5N86UuIfkWl2c255mjkwxkHyE39vYPjpB614y25sQPzDJ5t0raGtYKYszcQNFKjqzVl
         S2fCMv1HOWf051gJBYvzVSQQ7uMJepdUnLKLpMvJwgq06FGBSsuJXdeJI5PKjhIvrxcK
         YIdyzU/hwGVreXP384yP6OzimIh0kFWWYem51Ss472iz39THPrUUA6yk0EafC5MXvTkz
         4VDNNviRqwhCM5KdWb0yCO2QI/WqtsN92Ax3b3GjKfa7h5z2q+doA1W5NNAPKSqAAjUi
         jJUw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=W3DCMLff;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 190-v6si1427813pfc.95.2018.10.12.07.51.36;
        Fri, 12 Oct 2018 07:51:51 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=W3DCMLff;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728939AbeJLWWm (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Fri, 12 Oct 2018 18:22:42 -0400
Received: from mail-wr1-f65.google.com ([209.85.221.65]:45370 "EHLO
        mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728720AbeJLWWl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 12 Oct 2018 18:22:41 -0400
Received: by mail-wr1-f65.google.com with SMTP id q5-v6so13748098wrw.12;
        Fri, 12 Oct 2018 07:49:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-transfer-encoding:content-language;
        bh=URJ9cAc5Hfi0QMR9lhmKp6UO9+S24BzXUI/kJ3VFHC4=;
        b=W3DCMLffVkRnV7Mmcmiqh7f3VKIHTzmbQuESIfMKFul5rCvmjGEi+TtNgT15XWD8YE
         JY+cgjfTDD5eKQpmwN1x32/nq+8eMJfP4WTB+bi0kuWbp+6vtOxVUS7VwXePFmb+hU3s
         gC/18ge/Y5bhorzwxaJOIBFFHf6b+6iAmGrTc1Sb9wOKNXhpAQAlzof4FpIAOdzYlAAr
         Q+3YUYA4fUk5KXZxksbeNxxvyNLGTLVkVZ1wEgY/sGM3rxepwrxrzPVCQgwn0n7jnAZL
         ckCjeb2Wy0nyHBZ2LBTE94GqKC/NrHpazCk+2PqxnLL4EuizSUrVm4tzZMz/mpytKhAz
         ZmRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding
         :content-language;
        bh=URJ9cAc5Hfi0QMR9lhmKp6UO9+S24BzXUI/kJ3VFHC4=;
        b=UgOJv+wydAhJR1jLvCoT2XmEclZ5nnxyQNmLg1V7iu2naUNSYWoW98+sstx4F9xQxT
         GAu5u8d/xs45RBved6lHTqLnVhZUS91FsyWMepQhhrlUiwKTi2YBh0YF5kIzSF7RjbL7
         5W7MRiZT5Y8V6S4V/+sVHJu7q9Rz+adJpLxduMbghS8+voTlSKYE/gfK6ukOHitOOf1q
         2QqZjAmc9TnPJBMXRC0psKle6qdaf51nDD2avNDYx8/zH8UVvV56UnKts/TxYXANGq1q
         eeuJ5Qe0iJUNeg+XOM6cqA1Z+6KdqrMhCPzX6YZZUxXlQYOvqJiUpgTtqWl4vYwlJDXM
         xhOA==
X-Gm-Message-State: ABuFfojl0GJE5GVl8+s3wF8Tew/SvpxPBOOr3I/DKyJsv5JSKKHdAZ1e
        pCl2Jm1xMM4yaAYs6x2ebmM=
X-Received: by 2002:adf:f111:: with SMTP id r17-v6mr5817604wro.303.1539355792018;
        Fri, 12 Oct 2018 07:49:52 -0700 (PDT)
Received: from [172.16.1.192] (host-89-243-172-161.as13285.net. [89.243.172.161])
        by smtp.gmail.com with ESMTPSA id s10-v6sm1214607wmf.15.2018.10.12.07.49.50
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 12 Oct 2018 07:49:51 -0700 (PDT)
Subject: Re: [PATCH 31/34] vfs: syscall: Add fspick() to select a superblock
 for reconfiguration [ver #12]
To:     David Howells <dhowells@redhat.com>, viro@zeniv.linux.org.uk
Cc:     linux-api@vger.kernel.org, torvalds@linux-foundation.org,
        ebiederm@xmission.com, linux-fsdevel@vger.kernel.org,
        linux-kernel@vger.kernel.org, mszeredi@redhat.com
References: <153754740781.17872.7869536526927736855.stgit@warthog.procyon.org.uk>
 <153754766004.17872.9829232103614083565.stgit@warthog.procyon.org.uk>
From:   Alan Jenkins <alan.christopher.jenkins@gmail.com>
Message-ID: <9b8bf436-65de-13b9-0002-0479d11c18ca@gmail.com>
Date:   Fri, 12 Oct 2018 15:49:50 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.0
MIME-Version: 1.0
In-Reply-To: <153754766004.17872.9829232103614083565.stgit@warthog.procyon.org.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 21/09/2018 17:34, David Howells wrote:
> Provide an fspick() system call that can be used to pick an existing
> mountpoint into an fs_context which can thereafter be used to reconfigure a
> superblock (equivalent of the superblock side of -o remount).
>
> This looks like:
>
> 	int fd = fspick(AT_FDCWD, "/mnt",
> 			FSPICK_CLOEXEC | FSPICK_NO_AUTOMOUNT);
> 	fsconfig(fd, FSCONFIG_SET_FLAG, "intr", NULL, 0);
> 	fsconfig(fd, FSCONFIG_SET_FLAG, "noac", NULL, 0);
> 	fsconfig(fd, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0);
>
> At the point of fspick being called, the file descriptor referring to the
> filesystem context is in exactly the same state as the one that was created
> by fsopen() after fsmount() has been successfully called.
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: linux-api@vger.kernel.org
> ---
>
>   arch/x86/entry/syscalls/syscall_32.tbl |    1 +
>   arch/x86/entry/syscalls/syscall_64.tbl |    1 +
>   fs/fsopen.c                            |   54 ++++++++++++++++++++++++++++++++
>   include/linux/syscalls.h               |    1 +
>   include/uapi/linux/fs.h                |    5 +++
>   5 files changed, 62 insertions(+)
>
> diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl
> index c78b68256f8a..d1eb6c815790 100644
> --- a/arch/x86/entry/syscalls/syscall_32.tbl
> +++ b/arch/x86/entry/syscalls/syscall_32.tbl
> @@ -403,3 +403,4 @@
>   389	i386	fsopen			sys_fsopen			__ia32_sys_fsopen
>   390	i386	fsconfig		sys_fsconfig			__ia32_sys_fsconfig
>   391	i386	fsmount			sys_fsmount			__ia32_sys_fsmount
> +392	i386	fspick			sys_fspick			__ia32_sys_fspick
> diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl
> index d44ead5d4368..d3ab703c02bb 100644
> --- a/arch/x86/entry/syscalls/syscall_64.tbl
> +++ b/arch/x86/entry/syscalls/syscall_64.tbl
> @@ -348,6 +348,7 @@
>   337	common	fsopen			__x64_sys_fsopen
>   338	common	fsconfig		__x64_sys_fsconfig
>   339	common	fsmount			__x64_sys_fsmount
> +340	common	fspick			__x64_sys_fspick
>   
>   #
>   # x32-specific system call numbers start at 512 to avoid cache impact
> diff --git a/fs/fsopen.c b/fs/fsopen.c
> index 5955a6b65596..9ead9220e2cb 100644
> --- a/fs/fsopen.c
> +++ b/fs/fsopen.c
> @@ -155,6 +155,60 @@ SYSCALL_DEFINE2(fsopen, const char __user *, _fs_name, unsigned int, flags)
>   	return ret;
>   }
>   
> +/*
> + * Pick a superblock into a context for reconfiguration.
> + */
> +SYSCALL_DEFINE3(fspick, int, dfd, const char __user *, path, unsigned int, flags)
> +{
> +	struct fs_context *fc;
> +	struct path target;
> +	unsigned int lookup_flags;
> +	int ret;
> +
> +	if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN))
> +		return -EPERM;


This seems to accept basically any mount.  Specifically: are you sure 
it's OK to return a handle to a SB_NO_USER superblock?

# strace -f -v -e trace=154 \
     ./fspick 3</proc/self/ns/mnt 3 \
     stat -f /dev/fd/3

syscall_0x154(0x3, 0x4009a1, 0x8, ...) = 0x4
   File: "/dev/fd/3"
     ID: 0        Namelen: 255     Type: anon-inode FS
Block size: 4096       Fundamental block size: 4096
Blocks: Total: 0          Free: 0          Available: 0
Inodes: Total: 0          Free: 0
+++ exited with 0 +++