Received: by 2002:a05:7412:518d:b0:e2:908c:2ebd with SMTP id fn13csp327968rdb; Thu, 5 Oct 2023 07:12:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHigTts2qjtK0xK04JJ7OEyUP3dkTVuyBHFA3rbtMXslTYl9gX0W1zGAtFjaPi5YPCGVZWS X-Received: by 2002:a05:6a21:33a1:b0:169:3769:2739 with SMTP id yy33-20020a056a2133a100b0016937692739mr3570429pzb.14.1696515133775; Thu, 05 Oct 2023 07:12:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696515133; cv=none; d=google.com; s=arc-20160816; b=lDbphgAe5TnX4fwf1B54I9Oc2o2kjFRfFNWArJbMvhBGvbyXqRZxEzW4RKqwe810q3 4Xek4CF5MqRq3X1mqhe84KhZGArG8YM7tkqcycoeMdHg1oXjomH/RzuFitQF4nfCQ6d+ wUFLxP5SVMzSWL0inLRCnKhJMMyNygS9Awboczj3+LmIcsy/EeTfrBLfpgHeYgJdeE15 12LVI8/Ogga9Q86wCEcVWOHKz+Rtgd9CUes7z1/fvwEznDYiumbovwNhbcyMYfBvYHcl 8EBtmF6kQGgTA+No1wjg9W8uo0KT3IC6AQV6InHWlJbPcEyzvL1UvC6LAWAfZSF82W8I fVYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=YKeghe/h+8V01N3C5F/CD+J6nuH9c3jaxycLuVcqFqY=; fh=debHc6C3uJbHGWTvSLyAS3bSbJVce8BmhSUK4bW4irA=; b=CNsVQAubtBU4b5q5gNXKG78sNThFg4qsckQ8hk+h+Tw7/V2l7Qwmwqbc7UnE7PNUmO r7iCNuxayGbkoRylsqH+uEI20C/6dWwhsTfvN2fS1b2MOZFIjF0mOjWAAS1NKbAjPp8b c3e7/mvjPqeToQXhnQ8hEWb/2dSESgMOXJBVwGLH7bmCj/vVnH0iAbNV97H9AWONB6k8 gQqb111MD/qXG3+wSjCuDxJOv1+hEVsSNWVPDvglDJ17geahP0sCF2Q/4m3VDWTaDCg3 3g/AaBt7h7bxoATR8G1wLNyQ4qwPj9W13gOQ5j4jUISXcaZRpytmgXmm3WeQ7kp6KGa5 bMTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=czzNcLA+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id u4-20020a17090a6a8400b00277624ffa82si3861992pjj.86.2023.10.05.07.12.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 07:12:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=czzNcLA+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id CA81380ECF3B; Thu, 5 Oct 2023 07:12:12 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233036AbjJEOLh (ORCPT + 99 others); Thu, 5 Oct 2023 10:11:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233088AbjJEOJd (ORCPT ); Thu, 5 Oct 2023 10:09:33 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C7252101 for ; Wed, 4 Oct 2023 21:02:07 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-9ad8a822508so101518266b.0 for ; Wed, 04 Oct 2023 21:02:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; t=1696478526; x=1697083326; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=YKeghe/h+8V01N3C5F/CD+J6nuH9c3jaxycLuVcqFqY=; b=czzNcLA+d+be0YPPWCPcNRUQoH1t4/dkWhRiG9G2yNOnf29Kl9fM5DQ2C9x87AFSTa 0LTFH4kmOAto8XZpPNnnHygxbhNwcaEXXewyJ7ZGx9eRsEizdjIYoYqPX4daYrM56kmO qK05bYILCCpxLlHkHgqIjFT84HCTO30ZkV5OI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696478526; x=1697083326; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YKeghe/h+8V01N3C5F/CD+J6nuH9c3jaxycLuVcqFqY=; b=i1SzBvq+Helv/0/7cYluZEwueu68mIa8pdmlTtDHbdLUH9+XPelIGOaAoEaG21wsXR G87x5ucfJWzBUPBTRLes+iWXMLRK/bbTg01mjLKU/XMviQDOl0LcLPomDOvM1Ou8QLjL H4uECKSSg1scOhCc2Zc6Y0LrKY94bbkesjDjUVxaqUXWKPo00lgVpdpSQge68Y65dvUY EEVuImJZW7abxWC/kLjhX/3rLUF9Qp/rOrldCJBrnYBOuEkK1P/1unYAVOgmEuFcHif1 2ZVwdmhs8zB/DFVBJq8OXHyEsFuUd7STVxf2j0GlaZYjCZqzJABtYxoNP3jhwub7C8h0 SCiQ== X-Gm-Message-State: AOJu0YzYHS2TjrZPmMkO2/Fkt3UdG1aPej9F0jf7BnBCgQptq8a0lBfe f5CIfRssdDZuwjaZG3t6xn+oZO5cReItuFuNagbLNQ== X-Received: by 2002:a17:906:ce:b0:9a6:426f:7dfd with SMTP id 14-20020a17090600ce00b009a6426f7dfdmr3358227eji.66.1696478525910; Wed, 04 Oct 2023 21:02:05 -0700 (PDT) MIME-Version: 1.0 References: <20230928130147.564503-1-mszeredi@redhat.com> <20230928130147.564503-5-mszeredi@redhat.com> In-Reply-To: From: Miklos Szeredi Date: Thu, 5 Oct 2023 06:01:53 +0200 Message-ID: Subject: Re: [PATCH v3 4/4] add listmount(2) syscall To: Paul Moore Cc: Miklos Szeredi , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , Ian Kent , David Howells , Linus Torvalds , Al Viro , Christian Brauner , Amir Goldstein , Matthew House , Florian Weimer , Arnd Bergmann Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 05 Oct 2023 07:12:12 -0700 (PDT) On Wed, 4 Oct 2023 at 21:38, Paul Moore wrote: > > On Thu, Sep 28, 2023 at 9:04=E2=80=AFAM Miklos Szeredi wrote: > > > > Add way to query the children of a particular mount. This is a more > > flexible way to iterate the mount tree than having to parse the complet= e > > /proc/self/mountinfo. > > > > Lookup the mount by the new 64bit mount ID. If a mount needs to be que= ried > > based on path, then statx(2) can be used to first query the mount ID > > belonging to the path. > > > > Return an array of new (64bit) mount ID's. Without privileges only mou= nts > > are listed which are reachable from the task's root. > > > > Signed-off-by: Miklos Szeredi > > --- > > arch/x86/entry/syscalls/syscall_32.tbl | 1 + > > arch/x86/entry/syscalls/syscall_64.tbl | 1 + > > fs/namespace.c | 69 ++++++++++++++++++++++++++ > > include/linux/syscalls.h | 3 ++ > > include/uapi/asm-generic/unistd.h | 5 +- > > include/uapi/linux/mount.h | 3 ++ > > 6 files changed, 81 insertions(+), 1 deletion(-) > > ... > > > diff --git a/fs/namespace.c b/fs/namespace.c > > index 3326ba2b2810..050e2d2af110 100644 > > --- a/fs/namespace.c > > +++ b/fs/namespace.c > > @@ -4970,6 +4970,75 @@ SYSCALL_DEFINE4(statmount, const struct __mount_= arg __user *, req, > > return ret; > > } > > > > +static long do_listmount(struct vfsmount *mnt, u64 __user *buf, size_t= bufsize, > > + const struct path *root, unsigned int flags) > > +{ > > + struct mount *r, *m =3D real_mount(mnt); > > + struct path rootmnt =3D { > > + .mnt =3D root->mnt, > > + .dentry =3D root->mnt->mnt_root > > + }; > > + long ctr =3D 0; > > + bool reachable_only =3D true; > > + int err; > > + > > + err =3D security_sb_statfs(mnt->mnt_root); > > + if (err) > > + return err; > > + > > + if (flags & LISTMOUNT_UNREACHABLE) { > > + if (!capable(CAP_SYS_ADMIN)) > > + return -EPERM; > > + reachable_only =3D false; > > + } > > + > > + if (reachable_only && !is_path_reachable(m, mnt->mnt_root, &roo= tmnt)) > > + return capable(CAP_SYS_ADMIN) ? 0 : -EPERM; > > + > > + list_for_each_entry(r, &m->mnt_mounts, mnt_child) { > > + if (reachable_only && > > + !is_path_reachable(r, r->mnt.mnt_root, root)) > > + continue; > > I believe we would want to move the security_sb_statfs() call from > above to down here; something like this I think ... > > err =3D security_sb_statfs(r->mnt.mnt_root); > if (err) > /* if we can't access the mount, pretend it doesn't exist */ > continue; Hmm. Why is this specific to listing mounts (i.e. why doesn't readdir have a similar filter)? Also why hasn't this come up with regards to the proc interfaces that list mounts? I just want to understand the big picture here. Thanks, Miklos