lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100917171514.GA32258@shell>
Date:	Fri, 17 Sep 2010 13:15:14 -0400
From:	Valerie Aurora <vaurora@...hat.com>
To:	Ram Pai <linuxram@...ibm.com>
Cc:	Ram Pai <ram.n.pai@...il.com>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	Miklos Szeredi <miklos@...redi.hu>,
	Christoph Hellwig <hch@...radead.org>,
	Andreas Gruenbacher <agruen@...e.de>,
	Nick Piggin <npiggin@...nel.dk>, linux-kernel@...r.kernel.org,
	linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH 03/34] VFS: Add CL_NO_SLAVE flag to clone_mnt()/copy_tree()

On Thu, Sep 16, 2010 at 09:34:01PM -0700, Ram Pai wrote:
> On Thu, Sep 16, 2010 at 05:09:58PM -0700, Ram Pai wrote:
> > On Thu, Sep 16, 2010 at 3:11 PM, Valerie Aurora <vaurora@...hat.com> wrote:
> > 
> > > Passing the CL_NO_SLAVE flag to clone_mnt() causes the clone
> > > to fail if the source mnt is a slave.
> > >
> > > Signed-off-by: Valerie Aurora <vaurora@...hat.com>
> > > ---
> > >  fs/namespace.c |    3 +++
> > >  fs/pnode.h     |    1 +
> > >  2 files changed, 4 insertions(+), 0 deletions(-)
> > >
> > > diff --git a/fs/namespace.c b/fs/namespace.c
> > > index eeb4c22..6956062 100644
> > > --- a/fs/namespace.c
> > > +++ b/fs/namespace.c
> > > @@ -565,6 +565,9 @@ static struct vfsmount *clone_mnt(struct vfsmount *old,
> > > struct dentry *root,
> > >        if ((flag & CL_NO_SHARED) && (IS_MNT_SHARED(old)))
> > >                return ERR_PTR(-EINVAL);
> > >
> > > +       if ((flag & CL_NO_SLAVE) && (IS_MNT_SLAVE(old)))
> > > +               return ERR_PTR(-EINVAL);
> > > +
> > >
> > 
> > 
> > its been a while and my memory may have corroded.  But I dont think this
> > check is needed. Because cloning a 'slave mount' makes the mount a 'private
> > mount' and not a 'slave mount'.
>
> There is one case where a 'slave mount' when cloned can generate a 'slave mount', and
> that is when the 'slave mount' is also a 'shared mount'. So the above check has to
> be
> 
>        if ((flag & CL_NO_SLAVE) && (IS_MNT_SLAVE(old) && IS_MNT_SHARED(old)))
>                return ERR_PTR(-EINVAL);

Hey Ram,

I added this flag for union mounts. Union mounts can't deal with
namespace changes in the read-only layers, so we don't allow union of
read-only mounts that are the target of propagation events (shared or
slave).

We could automatically convert all slave or shared mounts into private
mounts when we clone the mounts, but that would surprise an
administrator who carefully set up their shared or slave read-only
mounts before unioning them.  So instead of silently converting slave
or shared to private, we error out.  Does that make sense?

All that being said, I debated how to do this cleanly and I'm still
not satisfied.  My goal is to both check and clone the proposed
read-only layers in one pass.  Without these flags, I had to do four
passes:

1. Find the "lowest" read-only mount at this mountpoint.
2. Check each mount for read-only, not shared, not slave.
3. Clone the subtree starting at the "lowest" mount.
4. Recheck the cloned tree for rules in #2.

One of the reasons I had to do it this way is that you can't hold
vfsmount_lock while calling copy_tree(), so the mount flags can change
between the first check in #2 and the copy_tree() in #3.  Also
sb->s_flag can change.  One of the problems with the current code is
that it can't deal with cloning existing union mounts, which we need
if we are to make bind mounts work (see do_loopback()).

Anyway, if you have any ideas, I'm all ears.

Thanks for reviewing,

-VAL
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ