Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp2826347rdb; Wed, 4 Oct 2023 12:38:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHPvn/fa5g8x7vHeg9/f2c3YtAI8yB9dRqH31+WbQMgMfnWheUo7LC1zLm8YLE9l3k8Aan7 X-Received: by 2002:a17:90b:1b4c:b0:274:9823:b481 with SMTP id nv12-20020a17090b1b4c00b002749823b481mr3113004pjb.9.1696448291505; Wed, 04 Oct 2023 12:38:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696448291; cv=none; d=google.com; s=arc-20160816; b=nBL6/VPvnsTEeOQ66tVkQXt+b7Vez3gk+ORBpV+8K04ThNTdavs1/THu10WFAQ3diX X+gyut/QTuHqz5j0hZx7jncurLt+oN3UrUMAifLWf5gxm6yNj3T6lu5Xrmr3wsfad8eU 9P1p5y1cNonClhDDUOHlMVL65dVz5SEkH8dzOtDYneVl7fGpxb2JwZopGhwHl6qa7Nyn AjaAnneAF+pU7x4dgfhw2G3WLU6/jYL/Tv1gVLE7VEXn4mgHDx+FPDV2HoaYdPeyVnHA J0qnjStwsV6PGAl+A6UNVduuv/ze080GxbkUuTOY5Ao8SK9rD+85QEmYTo/R5fBHtv4e OHKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=mQGn2Phe0RwYW5SGubGGOv+c/hAGSSs2LrA09w+wOG8=; fh=FRS6TtsOApCRuQn9ejjIal19YWugzSeP78Wwn/sUxBg=; b=dZ0Q6owAatXNG1BBNqvrYD4vp5KaWoQVJXzJSLTPQoK1vyxRoW6O9mQfxqoWIsQNzi 6Xxwz83SBG5mab1NDTS25nbJfwzRxFeMlz9HaIukUDvCu1V3K6Wrk/xeHLbp2JiMEJw3 JjIg7i1cJuSEc991/rNruKXH7UNfa5e3S9g2uQgmcL4SksdAeKMSNpjuLtLnhbxFOa4+ VtC3/RRH1r3Glr4VIAzRa3v36elspTTk2xezPKXNQXeAAjbSQkKIe4uNf7w7IBacbXWJ bZOWS52hwPT1qUXew5Gsaux4779SEJtopWRvmuM8xHJHPUB/uTpHnG3T4GNhIKqg46Ew yPEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=TilTgkhZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id u4-20020a17090a6a8400b00277624ffa82si2144986pjj.86.2023.10.04.12.38.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 12:38:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=TilTgkhZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id F406081F322F; Wed, 4 Oct 2023 12:38:08 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243494AbjJDTiA (ORCPT + 99 others); Wed, 4 Oct 2023 15:38:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54216 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233578AbjJDTh7 (ORCPT ); Wed, 4 Oct 2023 15:37:59 -0400 Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB46598 for ; Wed, 4 Oct 2023 12:37:55 -0700 (PDT) Received: by mail-yb1-xb33.google.com with SMTP id 3f1490d57ef6-d84c24a810dso240441276.2 for ; Wed, 04 Oct 2023 12:37:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1696448275; x=1697053075; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=mQGn2Phe0RwYW5SGubGGOv+c/hAGSSs2LrA09w+wOG8=; b=TilTgkhZouIPuv7GuwoG4+G6t7andK6GaOW7wftIFaIREBfgJYPJjkN6KSK+Avay1v okj2r3PfUPtWwxcVfYzuc5MIEkhfTszqWOo4sILSQ+TwvnDqz3vm/FRq/pTgPApIJcuR xeu8lYuf4TL5C3DOHXnWsxMwLmJ8NFRWzBd9dMgzmLbzx2UVGMEkHFAy7LdbgWhwznu9 q4MPPTMc+XkAxik+CKCeMKAMl6Ppmmh6L4Fb2iaAJqVXH69Q8w9yDfPkAQh5pDn7RGoo QKUSyOL5Kit6+OQz+MneFcrB66bi0fLGTNflIfkoKvSCaS7dbthDD6qpSpwI/e+ED9en /4fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696448275; x=1697053075; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mQGn2Phe0RwYW5SGubGGOv+c/hAGSSs2LrA09w+wOG8=; b=C5Fjcm9Eky2WEh1UPgwxkOd+m8kYWv8VW1KRxe2OnQuiAkHhneVwq9sT9Wfd8sW791 cysbtCIWSpjAmgssPVHS4TgdvtSqm2U6ZQ7HwrYBvZaU1bcszHfazl9aQwMGdr2DabVv OsKaUaNOSgc40da47FUiJ0ENGgT32/WG89iiGmApklzt7bTnq3z8yFA70iO2omwunkde +XHDXf7OuExDLnXm9Vhv7O0s+gtcfbLP9y4QaE6Hf5S0cK3ZJ0NVauInTnpGQt+UHLkr SqiAK9kUrrivoYQE91UV990L8e8JPtbhHOjrD5T8dRgl7GUa2a+ytIwUC46Hm0vax2tC 0QsA== X-Gm-Message-State: AOJu0Yz9xQS5q8F4A54I86T+V8hwEwv7mGqElJKwmiYtXxGisPcShEG4 6LgRGmNYMG5Fwbf1XzrW7Qm50UaWO6FvuD0WPa7Y X-Received: by 2002:a05:6902:18c9:b0:d1a:955f:304d with SMTP id ck9-20020a05690218c900b00d1a955f304dmr3631465ybb.64.1696448274671; Wed, 04 Oct 2023 12:37:54 -0700 (PDT) MIME-Version: 1.0 References: <20230928130147.564503-1-mszeredi@redhat.com> <20230928130147.564503-5-mszeredi@redhat.com> In-Reply-To: <20230928130147.564503-5-mszeredi@redhat.com> From: Paul Moore Date: Wed, 4 Oct 2023 15:37:43 -0400 Message-ID: Subject: Re: [PATCH v3 4/4] add listmount(2) syscall To: Miklos Szeredi Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , Ian Kent , David Howells , Linus Torvalds , Al Viro , Christian Brauner , Amir Goldstein , Matthew House , Florian Weimer , Arnd Bergmann Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=2.7 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 04 Oct 2023 12:38:09 -0700 (PDT) X-Spam-Level: ** On Thu, Sep 28, 2023 at 9:04=E2=80=AFAM Miklos Szeredi wrote: > > Add way to query the children of a particular mount. This is a more > flexible way to iterate the mount tree than having to parse the complete > /proc/self/mountinfo. > > Lookup the mount by the new 64bit mount ID. If a mount needs to be queri= ed > based on path, then statx(2) can be used to first query the mount ID > belonging to the path. > > Return an array of new (64bit) mount ID's. Without privileges only mount= s > are listed which are reachable from the task's root. > > Signed-off-by: Miklos Szeredi > --- > arch/x86/entry/syscalls/syscall_32.tbl | 1 + > arch/x86/entry/syscalls/syscall_64.tbl | 1 + > fs/namespace.c | 69 ++++++++++++++++++++++++++ > include/linux/syscalls.h | 3 ++ > include/uapi/asm-generic/unistd.h | 5 +- > include/uapi/linux/mount.h | 3 ++ > 6 files changed, 81 insertions(+), 1 deletion(-) ... > diff --git a/fs/namespace.c b/fs/namespace.c > index 3326ba2b2810..050e2d2af110 100644 > --- a/fs/namespace.c > +++ b/fs/namespace.c > @@ -4970,6 +4970,75 @@ SYSCALL_DEFINE4(statmount, const struct __mount_ar= g __user *, req, > return ret; > } > > +static long do_listmount(struct vfsmount *mnt, u64 __user *buf, size_t b= ufsize, > + const struct path *root, unsigned int flags) > +{ > + struct mount *r, *m =3D real_mount(mnt); > + struct path rootmnt =3D { > + .mnt =3D root->mnt, > + .dentry =3D root->mnt->mnt_root > + }; > + long ctr =3D 0; > + bool reachable_only =3D true; > + int err; > + > + err =3D security_sb_statfs(mnt->mnt_root); > + if (err) > + return err; > + > + if (flags & LISTMOUNT_UNREACHABLE) { > + if (!capable(CAP_SYS_ADMIN)) > + return -EPERM; > + reachable_only =3D false; > + } > + > + if (reachable_only && !is_path_reachable(m, mnt->mnt_root, &rootm= nt)) > + return capable(CAP_SYS_ADMIN) ? 0 : -EPERM; > + > + list_for_each_entry(r, &m->mnt_mounts, mnt_child) { > + if (reachable_only && > + !is_path_reachable(r, r->mnt.mnt_root, root)) > + continue; I believe we would want to move the security_sb_statfs() call from above to down here; something like this I think ... err =3D security_sb_statfs(r->mnt.mnt_root); if (err) /* if we can't access the mount, pretend it doesn't exist */ continue; > + if (ctr >=3D bufsize) > + return -EOVERFLOW; > + if (put_user(r->mnt_id_unique, buf + ctr)) > + return -EFAULT; > + ctr++; > + if (ctr < 0) > + return -ERANGE; > + } > + return ctr; > +} --=20 paul-moore.com