lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YEVm+KH/R5y2rU7K@zeniv-ca.linux.org.uk>
Date:   Sun, 7 Mar 2021 23:51:20 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Alexander Mikhalitsyn <alexander.mikhalitsyn@...tuozzo.com>
Cc:     Ian Kent <raven@...maw.net>, Matthew Wilcox <willy@...radead.org>,
        Pavel Tikhomirov <ptikhomirov@...tuozzo.com>,
        Kirill Tkhai <ktkhai@...tuozzo.com>, autofs@...r.kernel.org,
        linux-kernel@...r.kernel.org, Miklos Szeredi <mszeredi@...hat.com>,
        Christian Brauner <christian.brauner@...ntu.com>,
        Ross Zwisler <zwisler@...gle.com>,
        Aleksa Sarai <cyphar@...har.com>,
        Eric Biggers <ebiggers@...gle.com>,
        Mattias Nissler <mnissler@...omium.org>,
        linux-fsdevel@...r.kernel.org, alexander@...alicyn.com
Subject: Re: [RFC PATCH] autofs: find_autofs_mount overmounted parent support

On Thu, Mar 04, 2021 at 01:11:33PM +0300, Alexander Mikhalitsyn wrote:

> That problem connected with CRIU (Checkpoint-Restore in Userspace) project.
> In CRIU we have support of autofs mounts C/R. To acheive that we need to use
> ioctl's from /dev/autofs to get data about mounts, restore mount as catatonic
> (if needed), change pipe fd and so on. But the problem is that during CRIU
> dump we may meet situation when VFS subtree where autofs mount present was
> overmounted as whole.
> 
> Simpliest example is /proc/sys/fs/binfmt_misc. This mount present on most
> GNU/Linux distributions by default. For instance on my Fedora 33:
> 
> trigger automount of binfmt_misc
> $ ls /proc/sys/fs/binfmt_misc
> 
> $ cat /proc/1/mountinfo | grep binfmt
> 35 24 0:36 / /proc/sys/fs/binfmt_misc rw,relatime shared:16 - autofs systemd-1 rw,...,direct,pipe_ino=223
> 632 35 0:56 / /proc/sys/fs/binfmt_misc rw,...,relatime shared:315 - binfmt_misc binfmt_misc rw
> 
> $ sudo unshare -m -p --fork --mount-proc sh
> # cat /proc/self/mountinfo | grep "/proc"
> 828 809 0:23 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
> 829 828 0:36 / /proc/sys/fs/binfmt_misc rw,relatime - autofs systemd-1 rw,...,direct,pipe_ino=223
> 943 829 0:56 / /proc/sys/fs/binfmt_misc rw,...,relatime - binfmt_misc binfmt_misc rw
> 949 828 0:57 / /proc rw...,relatime - proc proc rw
> 
> As we can see now autofs mount /proc/sys/fs/binfmt_misc is inaccessible.
> If we do something like:
> 
> struct autofs_dev_ioctl *param;
> param = malloc(...);
> devfd = open("/dev/autofs", O_RDONLY);
> init_autofs_dev_ioctl(param);
> param->size = size;
> strcpy(param->path, "/proc/sys/fs/binfmt_misc");
> param->openmount.devid = 36;
> err = ioctl(devfd, AUTOFS_DEV_IOCTL_OPENMOUNT, param)
> 
> now we get err = -ENOENT.

Where does that -ENOENT come from?  AFAICS, pathwalk ought to succeed and
return you the root of overmounting binfmt_misc.  Why doesn't the loop in
find_autofs_mount() locate anything it would accept?

I really dislike the patch - the whole "normalize path" thing is fundamentally
bogus, not to mention the iterator over all mounts, etc., so I would like to
understand what the hell is going on before even thinking of *not* NAKing
it on sight.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ