lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240712-vfs-pidfs-18bf3ec8bde5@brauner>
Date: Fri, 12 Jul 2024 16:01:45 +0200
From: Christian Brauner <brauner@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christian Brauner <brauner@...nel.org>,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [GIT PULL for v6.11] vfs pidfs

Hey Linus,

/* Summary */
This contains work to make it possible to derive namespace file descriptors
from pidfd file descriptors.

Right now it is already possible to use a pidfd with setns() to atomically
change multiple namespaces at the same time. In other words, it is possible to
switch to the namespace context of a process using a pidfd. There is no need to
first open namespace file descriptors via procfs.

The work included here is an extension of these abilities by allowing to open
namespace file descriptors using a pidfd. This means it is now possible to
interact with namespaces without ever touching procfs.

To this end a new set of ioctls() on pidfds is introduced covering all
supported namespace types.

/* Testing */
clang: Debian clang version 16.0.6 (26)
gcc: (Debian 13.2.0-24)

All patches are based on v6.10-rc1 and have been sitting in linux-next.
No build failures or warnings were observed.

/* Conflicts */
[1]: This contains a merge conflict with the vfs-6.11.misc pull request
     https://lore.kernel.org/r/20240712-vfs-misc-c1dbbc5eaf82@brauner

     After conflict resolution the merge diff looks like this:

diff --cc fs/internal.h
index f26454c60a98,24346cf765dd..a5e9a2f5b30d
--- a/fs/internal.h
+++ b/fs/internal.h
@@@ -323,15 -322,4 +324,16 @@@ struct stashed_operations
  int path_from_stashed(struct dentry **stashed, struct vfsmount *mnt, void *data,
                      struct path *path);
  void stashed_dentry_prune(struct dentry *dentry);
 +/**
 + * path_mounted - check whether path is mounted
 + * @path: path to check
 + *
 + * Determine whether @path refers to the root of a mount.
 + *
 + * Return: true if @path is the root of a mount, false if not.
 + */
 +static inline bool path_mounted(const struct path *path)
 +{
 +      return path->mnt->mnt_root == path->dentry;
 +}
+ int open_namespace(struct ns_common *ns);

The following changes since commit 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0:

  Linux 6.10-rc1 (2024-05-26 15:20:12 -0700)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-6.11.pidfs

for you to fetch changes up to 5b08bd408534bfb3a7cf5778da5b27d4e4fffe12:

  pidfs: allow retrieval of namespace file descriptors (2024-06-28 10:37:29 +0200)

Please consider pulling these changes from the signed vfs-6.11.pidfs tag.

Thanks!
Christian

----------------------------------------------------------------
vfs-6.11.pidfs

----------------------------------------------------------------
Christian Brauner (6):
      path: add cleanup helper
      file: add take_fd() cleanup helper
      nsproxy: add a cleanup helper for nsproxy
      nsproxy: add helper to go from arbitrary namespace to ns_common
      nsfs: add open_namespace()
      pidfs: allow retrieval of namespace file descriptors

 fs/internal.h              |  2 ++
 fs/nsfs.c                  | 55 +++++++++++++++-------------
 fs/pidfs.c                 | 90 ++++++++++++++++++++++++++++++++++++++++++++++
 include/linux/cleanup.h    | 13 ++++---
 include/linux/file.h       | 20 +++++++++++
 include/linux/nsproxy.h    | 13 +++++++
 include/linux/path.h       |  9 +++++
 include/uapi/linux/pidfd.h | 14 ++++++++
 8 files changed, 187 insertions(+), 29 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ