Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp1435568lqp; Fri, 22 Mar 2024 15:08:09 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX3g1CkBgXMuy5uWtYyAz/M/Z20C0lN93nJ/VMd47Xgm0hBTFHso58BzawOcXTocZKrTH41QXHZ0KjpiuCWM3bcfAW87XtcdNOSzZXCIg== X-Google-Smtp-Source: AGHT+IFflJcYqnfnbgCKs+V2Ww7n4l5xEUBvJNpQZ1QanxwR6oddQlXY32ChB8ehJoTo7TDHViW8 X-Received: by 2002:a19:c213:0:b0:514:e5a7:10a8 with SMTP id l19-20020a19c213000000b00514e5a710a8mr454040lfc.40.1711145289074; Fri, 22 Mar 2024 15:08:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711145289; cv=pass; d=google.com; s=arc-20160816; b=eajoHUBldJvWRQRezU8IZHts0ziuWID2U3WpApOju1hBYDerSGDZ9olpdmhjGMCGIj f5y6RTT9LTFOC9gWEGgaBJsqqZ0iJTNqYkBOVperRZ1UzPPjndHHq43XexbQu66Qww2i 96F+qp8SaitKnvX4AKkQDDXjALPDq0jZdbIQP1pfVUXYUVrb3h8eAD6etPynF86AOEB/ pNaPgyaNj/F/Lryg7xiIK17og4/7UVkfjbQ7YYIZEJA3lnP9FUfcEr3VcCsUNdG5jD15 G/s0wHN5887+NsXZ0asj4JfCDA2vvN40BfEB2vzhDKGp1vLXZuxRB/Cec4Xx+PgYupiO PkPg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=h/WOCoJGg/LvM9qqN1EvQhSNHgEtToPxH0fvwMToOoI=; fh=kLHHCzbmRz3zQRt3TlCjtkujAuEeQUh63qKzPcoUDMg=; b=vTdwUMlZhCZOuB3nOW2/yslJ1r7C28onyEzU9/dZTEdkEiQ54wRwyItavYdkAtuqLz adXvQa4ZtnEilIRvtaLts1blYc4MY8rzkJ/haZC8d+JKsjSSiXaa9JEDSii0coMNXvWl e8KHXikFwSULZRfAD3eVmWdkpXntHmTD4fY+7XzqRCu1KnDf1nGHDAdBsTDNGzMmF/c0 9eI7Cd8yHcGYMBZuDV5sKCzqgiF5GYtehNXYporP2666WTAS9uQLp+CwvOHQIcJJWMmI DYvVm/GGPE8yY/xoJNMRl0d/HcwVPVnxOQSBeyj1jng+p5qJOVd3jkAjAh5NdH9iw/DY KBUA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b="borZRU/G"; arc=pass (i=1 spf=pass spfdomain=amazon.co.jp dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com); spf=pass (google.com: domain of linux-kernel+bounces-112059-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112059-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id b2-20020a170906d10200b00a47304b993fsi216972ejz.496.2024.03.22.15.08.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 15:08:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-112059-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b="borZRU/G"; arc=pass (i=1 spf=pass spfdomain=amazon.co.jp dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com); spf=pass (google.com: domain of linux-kernel+bounces-112059-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112059-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id ABA2A1F227EC for ; Fri, 22 Mar 2024 22:08:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 57EB981753; Fri, 22 Mar 2024 22:07:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="borZRU/G" Received: from smtp-fw-80009.amazon.com (smtp-fw-80009.amazon.com [99.78.197.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA23680629; Fri, 22 Mar 2024 22:07:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=99.78.197.220 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711145277; cv=none; b=WNcD/eH7wEXoU1Jv95hBdJzohyn5tXIFG9No/jJXYmbfh5VGxzW5sQTHlfBLT9xi6b8d2qoC+JyJWVs54+tcRQHvJ5hlPy9Vrr3TcxygIj46eyM5wmS6aS+k1Vl18A4SLSenPrEeDDdJy3WB22vb+Qeej5DRxfT3dwxVZto9P9w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711145277; c=relaxed/simple; bh=6hrbMTOU1EYyulynZyTwGilqoefgMexug9LPZylnaWg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=BMKyV54M8MmPBLvxgN8mkjmo87J49qrD2hlWT+4V3kXCEVf7+z1tFycHIIQDtUzPnHhKTJJLoEvB9PrwmVG5WxfGE1t5rDWFh7MzGISM3bbk3dmjoT8NgADqQ6dLSlJ/G7p07gPfS2mQqPSYuGvl6RwtA9HGlaGLyw6HUN0WFD8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.co.jp; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=borZRU/G; arc=none smtp.client-ip=99.78.197.220 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.co.jp DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1711145272; x=1742681272; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=h/WOCoJGg/LvM9qqN1EvQhSNHgEtToPxH0fvwMToOoI=; b=borZRU/GF7TZu7uxHo6uS6nBDZG1DkpLAK6YnfAgNHENLrSABMOSCIBn waPvSrn1+sOxT6FjK9ax2NgZzAFrIngAqhrakzwy+ofgbxgLVFz3nH7vc uX4r6wdtOhai/WUTNBhR9uX4BlmXofZdiQt3DoWwQb40GtmMvYZ7A7X8c 0=; X-IronPort-AV: E=Sophos;i="6.07,147,1708387200"; d="scan'208";a="75530079" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.25.36.210]) by smtp-border-fw-80009.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Mar 2024 22:07:50 +0000 Received: from EX19MTAUWB002.ant.amazon.com [10.0.7.35:49113] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.15.55:2525] with esmtp (Farcaster) id d4817f84-8b84-4d23-be95-419932aa795a; Fri, 22 Mar 2024 22:07:50 +0000 (UTC) X-Farcaster-Flow-ID: d4817f84-8b84-4d23-be95-419932aa795a Received: from EX19D004ANA001.ant.amazon.com (10.37.240.138) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Fri, 22 Mar 2024 22:07:49 +0000 Received: from 88665a182662.ant.amazon.com (10.106.101.48) by EX19D004ANA001.ant.amazon.com (10.37.240.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Fri, 22 Mar 2024 22:07:46 +0000 From: Kuniyuki Iwashima To: CC: , , , , , , , , , , , Subject: Re: [PATCH v2] fs/proc/proc_sysctl.c: always initialize i_uid/i_gid Date: Fri, 22 Mar 2024 15:07:36 -0700 Message-ID: <20240322220736.77465-1-kuniyu@amazon.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20240322-sysctl-net-ownership-v2-1-a8b4a3306542@weissschuh.net> References: <20240322-sysctl-net-ownership-v2-1-a8b4a3306542@weissschuh.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-ClientProxiedBy: EX19D046UWA003.ant.amazon.com (10.13.139.18) To EX19D004ANA001.ant.amazon.com (10.37.240.138) From: "Thomas Weißschuh" Date: Fri, 22 Mar 2024 20:51:11 +0100 > Commit e79c6a4fc923 ("net: make net namespace sysctls belong to container's owner") > added default values for i_uid/i_gid. The commit that added the default is 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") > These however are only used when ctl_table_root->set_ownership is not > implemented. > But the callbacks themselves could fail to compute i_uid/i_gid and they > all need to have the same fallback logic for this case. > > This is unnecessary code duplication and prone to errors. > For example net_ctl_set_ownership() missed the fallback. > > Instead always initialize i_uid/i_gid inside the sysfs core so > set_ownership() can safely skip setting them. > > Fixes: e79c6a4fc923 ("net: make net namespace sysctls belong to container's owner") > Cc: stable@vger.kernel.org > Signed-off-by: Thomas Weißschuh > --- > Changes in v2: > - Move the fallback logic to the sysctl core > - Link to v1: https://lore.kernel.org/r/20240315-sysctl-net-ownership-v1-1-2b465555a292@weissschuh.net > --- > fs/proc/proc_sysctl.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c > index 37cde0efee57..9e34ab9c21e4 100644 > --- a/fs/proc/proc_sysctl.c > +++ b/fs/proc/proc_sysctl.c > @@ -479,12 +479,10 @@ static struct inode *proc_sys_make_inode(struct super_block *sb, > make_empty_dir_inode(inode); > } > > + inode->i_uid = GLOBAL_ROOT_UID; > + inode->i_gid = GLOBAL_ROOT_GID; > if (root->set_ownership) > root->set_ownership(head, table, &inode->i_uid, &inode->i_gid); > - else { > - inode->i_uid = GLOBAL_ROOT_UID; > - inode->i_gid = GLOBAL_ROOT_GID; > - } > > return inode; > } > > --- > base-commit: ff9c18e435b042596c9d48badac7488e3fa76a55 > change-id: 20240315-sysctl-net-ownership-bc4e17eaeea6 > > Best regards, > -- > Thomas Weißschuh