Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp4185937pxu; Wed, 9 Dec 2020 10:22:22 -0800 (PST) X-Google-Smtp-Source: ABdhPJzZR3Tz9ycbmNpGikl3A2ttBVb2K6lbnCLgn2uSjxl84oYArHhy84OfoIfZpCKyHJYgLsnE X-Received: by 2002:a50:ee97:: with SMTP id f23mr3097987edr.311.1607538142184; Wed, 09 Dec 2020 10:22:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607538142; cv=none; d=google.com; s=arc-20160816; b=L0IEIKGs3WWFmLkM6GNYI9FIL6fiQfsDgYiVcdNjw3ixhxL5Yh+RD6rAe8VuDb7wE+ 9rk7fZpYpca+YiydF6iSfS08RLgYFoZ8HhfgVnf6N4O/4sP+jGYPMSkCrMSo41SpgQwG ZB9cl4sg+eA9QHMQleEzINO3YsssVRCffobauFjQJTY81J9rvX35mQmAPMLOHNxnLkYl rwn1YOHaPTSKce2BNRd+G52QyhjYFUc1Z/kKC8Jx9buNAXY9dXOOWOfwhdMg8pUuatPF 4TbY9rITOXcfr+aROcgzFm1JzOIkdu3hSuYuZQ2u/I5eAXoJr+4Z7GLYHTeOzcCxll6g /dDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=0bnqZJonPm2Y5rYBHlDQYhPCxMpoVcbNGKebJQlZK0o=; b=kT2fm/j9dRnEDDUpVT7V2q68hh4djI3bd2ez4KuTUXcUZo5+OvJzvBq0+LBvtirqCf JUCw5iOM03b6Ah1gwkTSEHUWIXwiWBo9Z7E2hSVPqriKr9iTdSyCsO8TtyrLhQLE7uQQ dI/WiN6ibdkQdbKjNwmRBeqW6BG+iKtjOERMDrtYY6cD3EnhkZLbbmWQSsHiiHUKWYHV SfgwrUlv/xRXzZG4OODn60gPX5qbWis9LOHKIKtl5xA5YofCU5nxbgdquoqzS0rLoy3c f05nUDQCx8AI2WAcjV7zUgclgvzseGTw4bK1HKHl0CN0X2NlxJgBdwQGkEy/J8vl02Zq Q/wg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qkhZTAiG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f5si1158034ejd.332.2020.12.09.10.21.59; Wed, 09 Dec 2020 10:22:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qkhZTAiG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732951AbgLISRM (ORCPT + 99 others); Wed, 9 Dec 2020 13:17:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43368 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732687AbgLISRC (ORCPT ); Wed, 9 Dec 2020 13:17:02 -0500 Received: from mail-io1-xd42.google.com (mail-io1-xd42.google.com [IPv6:2607:f8b0:4864:20::d42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73A9FC0613CF; Wed, 9 Dec 2020 10:16:22 -0800 (PST) Received: by mail-io1-xd42.google.com with SMTP id z5so2568621iob.11; Wed, 09 Dec 2020 10:16:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0bnqZJonPm2Y5rYBHlDQYhPCxMpoVcbNGKebJQlZK0o=; b=qkhZTAiGze98uNr1WjA5/wLIhNSehJmfMFfgUD8xlmDDr9V5Y5ZFHpFEBWs8n3Qtkg Y9SwVVaRMH+qBNyqfLpdTWFiXNXpP0624tfi5xJoWMBwM9cuwiupVIc8yMENklBLFcrl CAZj3uSVxZqNZUO3QE9P0de9IyZiM/heJRCLkyQFvXQoJe2tog+vie3Wphrf1FsWtVQO nz6eB9kyg67GbIG+w9PSSAF600D6UfMxu2RVSn8fmUCj2WBYI44stH8X+LHqxLij0+Xh Ky/1rHICxjYGenItETlfONNeIclnT7lh+yn5OXElreSOQcv+7fdp5xlqxBNRQNI8s4zP +kXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0bnqZJonPm2Y5rYBHlDQYhPCxMpoVcbNGKebJQlZK0o=; b=hM4OEK+u8ZK304Bi3+u6YhyvneHnHSq+wezUyHS1uzj972uG7EpEvSxQfutg+mMHwa 5NdPy0LzIjMeJzRjy6FU8o1ukkAFQa0Xr2zLVCO4DUq/TN3tUeVXcJoEPWIcVowHef4Q ZdnE60ZkkktbuoUAUfdpYtwm1OLFmZ6oUsVY0TKtsndgHJDI0gQTbpwg8ygyI7tpN4tD 1iCcK2+B0whVJ8moIOAVe9CvkEDGo6IJDF2RtCGumqp7JJIX7XYq5xX05vQjFtv9Z4U6 1XBcwBhuQ81E/Vqsdo0/IukfZ+f3KN/n49SLZ+PaYFy8B8Tf4FdruO1lVqCB304B++wc Ltcg== X-Gm-Message-State: AOAM533oYGMfsl7fQq/oCHe+cRS7uTYgvzZ+PN/JwncxiEF27Kj2nja0 Fvve38YJ7gKYFseOFsCsvzc+wXYPgnlyfx7UQfM= X-Received: by 2002:a02:a60a:: with SMTP id c10mr4606978jam.123.1607537781901; Wed, 09 Dec 2020 10:16:21 -0800 (PST) MIME-Version: 1.0 References: <20201207163255.564116-1-mszeredi@redhat.com> <20201207163255.564116-4-mszeredi@redhat.com> In-Reply-To: From: Amir Goldstein Date: Wed, 9 Dec 2020 20:16:10 +0200 Message-ID: Subject: Re: [PATCH v2 03/10] ovl: check privs before decoding file handle To: Miklos Szeredi Cc: Miklos Szeredi , "Eric W . Biederman" , linux-fsdevel , overlayfs , LSM List , linux-kernel Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Dec 9, 2020 at 6:20 PM Miklos Szeredi wrote: > > On Wed, Dec 9, 2020 at 11:13 AM Miklos Szeredi wrote: > > > Hard link indexing should work without fh decoding, since it is only > > encoding the file handle to search for the index entry, and encoding > > is not privileged. > > Tested this a bit and while hard link indexing does work, inode > lookup is broken since it uses the origin inode as a key (which is not Yes, that is what I meant by ovl_check_origin() is broken. > available) instead of using the origin value directly. This is > fixable, but needs a fair amount of restructuring, so let's just Maybe it also requires on-disk changes. We should be able to use the origin fh as the key for lower inode, but we need the lower st_inode for initializing the ovl inode with correct ino. If we cannot decode lower inode from origin fh, I think we would need to store the ino in user.overlay.ino on copy up or maintain redirect, but redirect is not supported either with user ns mount... > postpone this and disable index for now, as you suggested. > Nobody seems to be enabling it anyway :-/ Thanks, Amir.