Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp6280734imd; Wed, 31 Oct 2018 09:21:37 -0700 (PDT) X-Google-Smtp-Source: AJdET5dDYHT1aODynBUsDPnTdMISNfXODpr5zXOIsfQPt7IJzt+7HnQtAg9lWaRQnV3Xx/HbEKd8 X-Received: by 2002:a17:902:584:: with SMTP id f4-v6mr4076559plf.132.1541002897352; Wed, 31 Oct 2018 09:21:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541002897; cv=none; d=google.com; s=arc-20160816; b=gznitbl3cGX1P2mnyGBs4Vnqr7WTKVtUxIR609YMVrUYx3rjaV0twTHQPC9MT0+gCd Y9YyZdUE4abDV9AZWf/0JrJuQGHBhOxlKYD7ovaTpT91dcBgFGVvU4WjO4nKnzcEJUB8 8cvaVCSTFi+HCe2Vv4AqfHLXddTxwZKs68RwFpch1KKX/oQbfQWXoP8y8Qxlx3lpag22 o+HUtsaVLHgxJGi96kz0Eqw3lo96ralQyQToPfLCDHAuaJJcWsXKJijPsT34dlpKJQmV n2QviuGorGyqb1PiIjD+DfrIPNU8Ou1Iuy21FzuHkPvnap0AKPKq1+h0/nePKObxg15O wrqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from; bh=KsswImaagpClf3LUrMvJlQivyKLscHdeRn8M9l0RIt0=; b=Rs1inYJ4g4e4/n3Kgmw0/CntaD5Cmnr7qkszXjgFCVKj4k4t3uKSIM8dodCccohJ7R bw63pWenjMNWwuisyMN53Qv6yRVjT9JqLZTYEkvnm4pF3nmRCJjIC1VBQA6ohayAaZvc 74aZX/7iCyHQFfYB0zsL2ilSEZAC/sK2bDy2rXI279UrAW5hOg/j/XXXsH0bRDUN7EcH wiHo/edAjQW3dQ86X7i2wnfQjZ1FIx8CeeAm/ZuveGGc5aOGBs4U/kPwSHYK+lU2O+B1 3F7M435yBs+mhpNl7hlgLEAT3ky2XwtBJO8KoNOue6FfbAhMAzZCIdWavPfz6bqnMF5X ZbeQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 134-v6si27804273pfu.273.2018.10.31.09.21.21; Wed, 31 Oct 2018 09:21:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729696AbeKABRx (ORCPT + 99 others); Wed, 31 Oct 2018 21:17:53 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:59055 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729103AbeKABRx (ORCPT ); Wed, 31 Oct 2018 21:17:53 -0400 Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1gHtD5-0006Sv-Kl; Wed, 31 Oct 2018 10:19:11 -0600 Received: from 67-3-154-154.omah.qwest.net ([67.3.154.154] helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1gHtCp-0008Nr-8q; Wed, 31 Oct 2018 10:19:11 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Al Viro Cc: Linus Torvalds , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org References: <20181031053355.GQ32577@ZenIV.linux.org.uk> <87a7mut9cm.fsf@xmission.com> Date: Wed, 31 Oct 2018 11:18:24 -0500 In-Reply-To: <87a7mut9cm.fsf@xmission.com> (Eric W. Biederman's message of "Wed, 31 Oct 2018 10:38:17 -0500") Message-ID: <87d0rqqecv.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1gHtCp-0008Nr-8q;;;mid=<87d0rqqecv.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=67.3.154.154;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1+hXy997IJhcJu94YVdw0aXyeQZAL7lzeQ= X-SA-Exim-Connect-IP: 67.3.154.154 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on sa03.xmission.com X-Spam-Level: ** X-Spam-Status: No, score=2.1 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,TVD_RCVD_IP,T_TM2_M_HEADER_IN_MSG,XMSubMetaSxObfu_03, XMSubMetaSx_00 autolearn=disabled version=3.4.0 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4977] * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa03 1397; Body=1 Fuz1=1 Fuz2=1] * 1.2 XMSubMetaSxObfu_03 Obfuscated Sexy Noun-People * 1.0 XMSubMetaSx_00 1+ Sexy Words X-Spam-DCC: XMission; sa03 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: **;Al Viro X-Spam-Relay-Country: X-Spam-Timing: total 3135 ms - load_scoreonly_sql: 0.07 (0.0%), signal_user_changed: 39 (1.3%), b_tie_ro: 31 (1.0%), parse: 1.32 (0.0%), extract_message_metadata: 192 (6.1%), get_uri_detail_list: 26 (0.8%), tests_pri_-1000: 100 (3.2%), tests_pri_-950: 31 (1.0%), tests_pri_-900: 23 (0.7%), tests_pri_-90: 167 (5.3%), check_bayes: 147 (4.7%), b_tokenize: 50 (1.6%), b_tok_get_all: 34 (1.1%), b_comp_prob: 20 (0.6%), b_tok_touch_all: 15 (0.5%), b_finish: 4.5 (0.1%), tests_pri_0: 2440 (77.8%), check_dkim_signature: 25 (0.8%), check_dkim_adsp: 36 (1.2%), tests_pri_10: 16 (0.5%), tests_pri_500: 94 (3.0%), rewrite_mail: 0.00 (0.0%) Subject: Re: [git pull] mount API series X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ebiederm@xmission.com (Eric W. Biederman) writes: > I am going to stop there. I believe there are more issues in the code. > I am relieved that I am not seeing the loss of some of the security > hooks that I thought I saw last time I looked at the code. Bah. Now I see the missing security hook. There are a set of security hooks that allow security modules to parse mount options. On a good day they look like: security_mnt_opts opts; char *secdata; secdata = alloc_secdata(); security_sb_copy_data("a,mount,options,string", secdata); security_init_mnt_opts(&opts); security_parse_opts_str(secdata, &opts); security_set_mnt_opts(sb, &opts, 0, NULL); security_free_mnt_opts(&opts); In practice however things are not that explicit. With security_sb_kern_mount performing all of the mnt_opts work. However after the rewrite in the patchset. The function sb_kern_mount no longer exists and it's replacement sb_get_tree out of necessity does not call parse_opts_str. This is because the mount options can no longer be passed as a string. The legacy compatibility code also does not call sb_parse_opts_str. The result is using the existing apis all of the security module command line parsing except for (btrfs and nfs) no longer works. The changes are not structured in a way that makes any of this easy to find. Which is why I have been saying I wouldn't do it that way. It also is the case that this pattern repeats through out the patches. Replacing code with something brand new, instead of evolving what is there. That makes it easy for this kind of thing to slip through. Eric