| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1487352280.4351.19.camel@HansenPartnership.com>
Date: Fri, 17 Feb 2017 09:24:40 -0800
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Al Viro <viro@...IV.linux.org.uk>
Cc: Djalal Harouni <tixxdz@...il.com>, Chris Mason <clm@...com>,
Theodore Tso <tytso@....edu>,
Josh Triplett <josh@...htriplett.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Andy Lutomirski <luto@...nel.org>,
Seth Forshee <seth.forshee@...onical.com>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
Dongsu Park <dongsu@...ocode.com>,
David Herrmann <dh.herrmann@...glemail.com>,
Miklos Szeredi <mszeredi@...hat.com>,
Alban Crequy <alban.crequy@...il.com>,
"Serge E. Hallyn" <serge@...lyn.com>, Phil Estes <estesp@...il.com>
Subject: Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
On Fri, 2017-02-17 at 02:29 +0000, Al Viro wrote:
> On Sat, Feb 04, 2017 at 11:19:32AM -0800, James Bottomley wrote:
>
> > +static const struct dentry_operations shiftfs_dentry_ops = {
> > + .d_release = shiftfs_d_release,
> > + .d_real = shiftfs_d_real,
> > +};
>
> In other words, those dentries are *never* revalidated. Nevermind
> that underlying fs might be mounted elsewhere and be actively
> modified under you.
>
> > +static struct dentry *shiftfs_lookup(struct inode *dir, struct
> > dentry *dentry,
> > + unsigned int flags)
> > +{
> > + struct dentry *real = dir->i_private, *new;
> > + struct inode *reali = real->d_inode, *newi;
> > + const struct cred *oldcred, *newcred;
> > +
> > + inode_lock(reali);
> > + oldcred = shiftfs_new_creds(&newcred, dentry->d_sb);
> > + new = lookup_one_len(dentry->d_name.name, real, dentry
> > ->d_name.len);
> > + shiftfs_old_creds(oldcred, &newcred);
> > + inode_unlock(reali);
> > +
> > + if (IS_ERR(new))
> > + return new;
> > +
> > + dentry->d_fsdata = new;
> > +
> > + if (!new->d_inode)
> > + return NULL;
>
> What happens when somebody comes along and creates the damn thing on
> the underlying fs? _Not_ via your code, that is - using the
> underlying fs mounted elsewhere.
Point taken. This, I think fixes the dcache revalidation issue.
James
---
diff --git a/fs/shiftfs.c b/fs/shiftfs.c
index a4a1f98..1e71efe 100644
--- a/fs/shiftfs.c
+++ b/fs/shiftfs.c
@@ -118,9 +118,43 @@ static struct dentry *shiftfs_d_real(struct dentry *dentry,
return real;
}
+static int shiftfs_d_weak_revalidate(struct dentry *dentry, unsigned int flags)
+{
+ struct dentry *real = dentry->d_fsdata;
+
+ if (d_unhashed(real))
+ return 0;
+
+ if (!(real->d_flags & DCACHE_OP_WEAK_REVALIDATE))
+ return 1;
+
+ return real->d_op->d_weak_revalidate(real, flags);
+}
+
+static int shiftfs_d_revalidate(struct dentry *dentry, unsigned int flags)
+{
+ struct dentry *real = dentry->d_fsdata;
+ int ret;
+
+ if (d_unhashed(real))
+ return 0;
+
+ if (!(real->d_flags & DCACHE_OP_REVALIDATE))
+ return 1;
+
+ ret = real->d_op->d_revalidate(real, flags);
+
+ if (ret == 0 && !(flags & LOOKUP_RCU))
+ d_invalidate(real);
+
+ return ret;
+}
+
static const struct dentry_operations shiftfs_dentry_ops = {
.d_release = shiftfs_d_release,
.d_real = shiftfs_d_real,
+ .d_revalidate = shiftfs_d_revalidate,
+ .d_weak_revalidate = shiftfs_d_weak_revalidate,
};
static int shiftfs_readlink(struct dentry *dentry, char __user *data,
@@ -431,9 +465,7 @@ static struct dentry *shiftfs_lookup(struct inode *dir, struct dentry *dentry,
return ERR_PTR(-ENOMEM);
}
- d_splice_alias(newi, dentry);
-
- return NULL;
+ return d_splice_alias(newi, dentry);
}
static int shiftfs_permission(struct inode *inode, int mask)
Powered by blists - more mailing lists