Received: by 2002:a05:7412:518d:b0:e2:908c:2ebd with SMTP id fn13csp349851rdb; Thu, 5 Oct 2023 07:46:13 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHjfp7Pou0cpfDUTm0KBWQB3sGEN9c1Vx2mSR4vr11INrh4H9DL+xfHZVNBg5mHKhmvgXj1 X-Received: by 2002:a17:902:aa48:b0:1c0:bcbc:d5d with SMTP id c8-20020a170902aa4800b001c0bcbc0d5dmr5096574plr.61.1696517173121; Thu, 05 Oct 2023 07:46:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696517173; cv=none; d=google.com; s=arc-20160816; b=kEFf999WReE3vVM0KPaVj3Z6hKxxt3R/ziUMIvMt0S9w2UkjlLlHQi2GVWfM/3Zhqc BUDz9z/ZFbUcsIOh7vLjQMOA8KrmMGwMQvuxvxVagiWTR5vnXdI9L/1VDAQln9nuTavI NwjSuC+gQojeNHD+phtE6YoVHzCcPv2XZIMS2uYT0PK1J8vfHAUnKIkZXdeoVhdJ+lxX YOHd/rFQfA5eQ/2ifvSNk6rDgQems2g+XxJSeuMFWDaEFWT+ufXQ+257dAgObJcvbGZp oGz3sTrYWWlm72A8Ds+AqBVPndbba+yhN4LJmKqcnQdCnnxrnI2Dn4KbZiOYnDorlbT0 GNog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:feedback-id:dkim-signature:dkim-signature; bh=Z9/BddHtqtTSTcngqikz3LcXGL1B2ri4Bu8DyrtBFpA=; fh=AW6tFsMoM8dtWI27h7NHMP2EX29J3YyTFvPdWjaFrZI=; b=SbcKTyfWcOp5AVL2xvR3ztFd5TtONN5NNshF2dmOkqEwF1oasAQL2TKWGphpmr4bGQ TPe2GQAkYAu2wdky95gzqiENAxYs51AW14n7UNRgbJAlq5yCQK30vqP76YU9sPxledC7 sROImZYUi8QqwAVUCq/IRoME8z3/HIphJa8t5dCrQDkA1NMoFlMjmKVtr9+1f93n/iGy HkMfBgqdtN26ADFvlfCqIgEKN5vbOe3tPhYYBeTlVqQOw3e/mUTS8GpiHQfeq8M6q6F5 Fk6nW7fy1VNkedUtdTqGDzPurB8wklkjqfQeJMu6aN+595IP6TXxFOaOvnUhRlqgYJlR ZDtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@themaw.net header.s=fm1 header.b=ZATk2PEG; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=l1tqXNRK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id lg3-20020a170902fb8300b001c61025448bsi1488769plb.8.2023.10.05.07.46.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 07:46:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@themaw.net header.s=fm1 header.b=ZATk2PEG; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=l1tqXNRK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id AD38080569A0; Thu, 5 Oct 2023 07:45:27 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238555AbjJEOkl (ORCPT + 99 others); Thu, 5 Oct 2023 10:40:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49620 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236232AbjJEOhD (ORCPT ); Thu, 5 Oct 2023 10:37:03 -0400 Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D0B73F016; Thu, 5 Oct 2023 07:02:52 -0700 (PDT) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 08D525C025F; Thu, 5 Oct 2023 00:23:41 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Thu, 05 Oct 2023 00:23:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=themaw.net; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm1; t= 1696479821; x=1696566221; bh=Z9/BddHtqtTSTcngqikz3LcXGL1B2ri4Bu8 DyrtBFpA=; b=ZATk2PEGSVbByPxxMHhCET54U+sK7GsAptaPN938K3RVWhuGZ5y 1MPF+9p64wEAdmCwLrRQXrxD/Z8DVIFcnUnqWreXfhPid6+S7dKJ/TEGIN/wGi+b w7UeuMfX/bLTSQO+fVc34VBq1wO1dUgJOvxF0tpJTnyQf5cE3IPdC2sYfKA0jAjG 5+IYUWyKC3qnAOwJfJdm5vsBkqiziGe+7EGb5i4r5JXCRTl9hWca88GkjTghPVez acMX6X1LbL2muWnR1934QI1V9CGQfyDgJAgufvqQ2Kw6mzMfrzzzygVbLH2Ee0dr 54v+p6eYw+ouexAq5fVz/hwiI28hqHXDmsQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1696479821; x=1696566221; bh=Z9/BddHtqtTSTcngqikz3LcXGL1B2ri4Bu8 DyrtBFpA=; b=l1tqXNRK10fDiiVcNwtJA0uOc/5R0o5gnOO61e6/GXPLBmaxAmP Oes8qYtqeVZfnPgVVCdc+RXPh8Gw9bfax7tqiszQxZsc85fSVpprBRMLvFkJmvnH AhuqzooUTZ3Ah1sL4WvIfKU7IApqwjqXF/qoM9FYe9hU9wotxuQwckbMOMgEs8JM TWOrzse4ZMt0lJw+bjUgBvNWj8zsbaiaoj4aFj16uOh6cmN1xnxFqsMEU0vEg1qx BnLb9yq7cETJbSx70aGg7piPq5Ve5NY2TfQmWSplWeVPXzqFIsG5cJ8txrx7Ofi+ zpApTEwfl5TEODfW27Y5c9DHpS3Oza52BjQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrgeefgdekvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefkffggfgfuvfevfhfhjggtgfesthekredttdefjeenucfhrhhomhepkfgrnhcu mfgvnhhtuceorhgrvhgvnhesthhhvghmrgifrdhnvghtqeenucggtffrrghtthgvrhhnpe egvdetvedvfeeivdeuueejgeetvdehlefhheethfekgfejueffgeeugfekudfhjeenucev lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehrrghvvghnse hthhgvmhgrfidrnhgvth X-ME-Proxy: Feedback-ID: i31e841b0:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 5 Oct 2023 00:23:33 -0400 (EDT) Message-ID: Date: Thu, 5 Oct 2023 12:23:29 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH v3 4/4] add listmount(2) syscall To: Miklos Szeredi , Paul Moore Cc: Miklos Szeredi , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , David Howells , Linus Torvalds , Al Viro , Christian Brauner , Amir Goldstein , Matthew House , Florian Weimer , Arnd Bergmann References: <20230928130147.564503-1-mszeredi@redhat.com> <20230928130147.564503-5-mszeredi@redhat.com> Content-Language: en-US From: Ian Kent In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 05 Oct 2023 07:45:30 -0700 (PDT) On 5/10/23 12:01, Miklos Szeredi wrote: > On Wed, 4 Oct 2023 at 21:38, Paul Moore wrote: >> On Thu, Sep 28, 2023 at 9:04 AM Miklos Szeredi wrote: >>> Add way to query the children of a particular mount. This is a more >>> flexible way to iterate the mount tree than having to parse the complete >>> /proc/self/mountinfo. >>> >>> Lookup the mount by the new 64bit mount ID. If a mount needs to be queried >>> based on path, then statx(2) can be used to first query the mount ID >>> belonging to the path. >>> >>> Return an array of new (64bit) mount ID's. Without privileges only mounts >>> are listed which are reachable from the task's root. >>> >>> Signed-off-by: Miklos Szeredi >>> --- >>> arch/x86/entry/syscalls/syscall_32.tbl | 1 + >>> arch/x86/entry/syscalls/syscall_64.tbl | 1 + >>> fs/namespace.c | 69 ++++++++++++++++++++++++++ >>> include/linux/syscalls.h | 3 ++ >>> include/uapi/asm-generic/unistd.h | 5 +- >>> include/uapi/linux/mount.h | 3 ++ >>> 6 files changed, 81 insertions(+), 1 deletion(-) >> ... >> >>> diff --git a/fs/namespace.c b/fs/namespace.c >>> index 3326ba2b2810..050e2d2af110 100644 >>> --- a/fs/namespace.c >>> +++ b/fs/namespace.c >>> @@ -4970,6 +4970,75 @@ SYSCALL_DEFINE4(statmount, const struct __mount_arg __user *, req, >>> return ret; >>> } >>> >>> +static long do_listmount(struct vfsmount *mnt, u64 __user *buf, size_t bufsize, >>> + const struct path *root, unsigned int flags) >>> +{ >>> + struct mount *r, *m = real_mount(mnt); >>> + struct path rootmnt = { >>> + .mnt = root->mnt, >>> + .dentry = root->mnt->mnt_root >>> + }; >>> + long ctr = 0; >>> + bool reachable_only = true; >>> + int err; >>> + >>> + err = security_sb_statfs(mnt->mnt_root); >>> + if (err) >>> + return err; >>> + >>> + if (flags & LISTMOUNT_UNREACHABLE) { >>> + if (!capable(CAP_SYS_ADMIN)) >>> + return -EPERM; >>> + reachable_only = false; >>> + } >>> + >>> + if (reachable_only && !is_path_reachable(m, mnt->mnt_root, &rootmnt)) >>> + return capable(CAP_SYS_ADMIN) ? 0 : -EPERM; >>> + >>> + list_for_each_entry(r, &m->mnt_mounts, mnt_child) { >>> + if (reachable_only && >>> + !is_path_reachable(r, r->mnt.mnt_root, root)) >>> + continue; >> I believe we would want to move the security_sb_statfs() call from >> above to down here; something like this I think ... >> >> err = security_sb_statfs(r->mnt.mnt_root); >> if (err) >> /* if we can't access the mount, pretend it doesn't exist */ >> continue; > Hmm. Why is this specific to listing mounts (i.e. why doesn't readdir > have a similar filter)? > > Also why hasn't this come up with regards to the proc interfaces that > list mounts? The proc interfaces essentially use ->list to provide the mounts that can be seen so it's filtered by mount namespace of the task that's doing the open(). See fs/namespace.c:mnt_list_next() and just below the m_start(), m_next(), etc. Ian > > I just want to understand the big picture here. > > Thanks, > Miklos