| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250322-vfs-mount-b08c842965f4@brauner>
Date: Sat, 22 Mar 2025 11:13:18 +0100
From: Christian Brauner <brauner@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christian Brauner <brauner@...nel.org>,
linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [GIT PULL] vfs mount
Hey Linus,
/* Summary */
This contains the first batch of mount updates for this cycle:
- Mount notifications
The day has come where we finally provide a new api to listen for
mount topology changes outside of /proc/<pid>/mountinfo. A mount
namespace file descriptor can be supplied and registered with fanotify
to listen for mount topology changes.
Currently notifications for mount, umount and moving mounts are
generated. The generated notification record contains the unique mount
id of the mount.
The listmount() and statmount() api can be used to query detailed
information about the mount using the received unique mount id.
This allows userspace to figure out exactly how the mount topology
changed without having to generating diffs of /proc/<pid>/mountinfo in
userspace.
- Support O_PATH file descriptors with FSCONFIG_SET_FD in the new mount api.
- Support detached mounts in overlayfs.
Since last cycle we support specifying overlayfs layers via file
descriptors. However, we don't allow detached mounts which means
userspace cannot user file descriptors received via
open_tree(OPEN_TREE_CLONE) and fsmount() directly. They have to attach
them to a mount namespace via move_mount() first. This is cumbersome
and means they have to undo mounts via umount(). This allows them to
directly use detached mounts.
- Allow to retrieve idmappings with statmount.
Currently it isn't possible to figure out what idmapping has been
attached to an idmapped mount. Add an extension to statmount() which
allows to read the idmapping from the mount.
- Allow creating idmapped mounts from mounts that are already idmapped.
So far it isn't possible to allow the creation of idmapped mounts from
already idmapped mounts as this has significant lifetime implications.
Make the creation of idmapped mounts atomic by allow to pass struct
mount_attr together with the open_tree_attr() system call allowing to
solve these issues without complicating VFS lookup in any way.
The system call has in general the benefit that creating a detached
mount and applying mount attributes to it becomes an atomic operation
for userspace.
- Add a way to query statmount() for supported options.
Allow userspace to query which mount information can be retrieved
through statmount().
- Allow superblock owners to force unmount.
/* Testing */
gcc version 14.2.0 (Debian 14.2.0-6)
Debian clang version 16.0.6 (27+b1)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
No known conflicts.
Merge conflicts with other trees
================================
This contains a merge conflict with the vfs-6.15.misc pull request:
diff --cc fs/internal.h
index 82127c69e641,db6094d5cb0b..000000000000
--- a/fs/internal.h
+++ b/fs/internal.h
@@@ -337,4 -338,4 +337,5 @@@ static inline bool path_mounted(const s
return path->mnt->mnt_root == path->dentry;
}
void file_f_owner_release(struct file *file);
+bool file_seek_cur_needs_f_lock(struct file *file);
+ int statmount_mnt_idmap(struct mnt_idmap *idmap, struct seq_file *seq, bool uid_map);
The following changes since commit 2014c95afecee3e76ca4a56956a936e23283f05b:
Linux 6.14-rc1 (2025-02-02 15:39:26 -0800)
are available in the Git repository at:
git@...olite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-6.15-rc1.mount
for you to fetch changes up to e1ff7aa34dec7e650159fd7ca8ec6af7cc428d9f:
umount: Allow superblock owners to force umount (2025-03-19 09:19:04 +0100)
Please consider pulling these changes from the signed vfs-6.15-rc1.mount tag.
Thanks!
Christian
----------------------------------------------------------------
vfs-6.15-rc1.mount
----------------------------------------------------------------
Arnd Bergmann (1):
samples/vfs: fix printf format string for size_t
Christian Brauner (18):
Merge patch series "mount notification"
fs: support O_PATH fds with FSCONFIG_SET_FD
selftests/overlayfs: test specifying layers as O_PATH file descriptors
Merge patch series "ovl: allow O_PATH file descriptor when specifying layers"
fs: allow detached mounts in clone_private_mount()
uidgid: add map_id_range_up()
statmount: allow to retrieve idmappings
samples/vfs: check whether flag was raised
selftests: add tests for using detached mount with overlayfs
samples/vfs: add STATMOUNT_MNT_{G,U}IDMAP
Merge patch series "fs: allow detached mounts in clone_private_mount()"
fs: add vfs_open_tree() helper
fs: add copy_mount_setattr() helper
fs: add open_tree_attr()
fs: add kflags member to struct mount_kattr
fs: allow changing idmappings
Merge patch series "statmount: allow to retrieve idmappings"
Merge patch series "fs: allow changing idmappings"
Jeff Layton (1):
statmount: add a new supported_mask field
Miklos Szeredi (5):
fsnotify: add mount notification infrastructure
fanotify: notify on mount attach and detach
vfs: add notifications for mount attach and detach
selinux: add FILE__WATCH_MOUNTNS
selftests: add tests for mount notification
Trond Myklebust (1):
umount: Allow superblock owners to force umount
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/tools/syscall_32.tbl | 1 +
arch/m68k/kernel/syscalls/syscall.tbl | 1 +
arch/microblaze/kernel/syscalls/syscall.tbl | 1 +
arch/mips/kernel/syscalls/syscall_n32.tbl | 1 +
arch/mips/kernel/syscalls/syscall_n64.tbl | 1 +
arch/mips/kernel/syscalls/syscall_o32.tbl | 1 +
arch/parisc/kernel/syscalls/syscall.tbl | 1 +
arch/powerpc/kernel/syscalls/syscall.tbl | 1 +
arch/s390/kernel/syscalls/syscall.tbl | 1 +
arch/sh/kernel/syscalls/syscall.tbl | 1 +
arch/sparc/kernel/syscalls/syscall.tbl | 1 +
arch/x86/entry/syscalls/syscall_32.tbl | 1 +
arch/x86/entry/syscalls/syscall_64.tbl | 1 +
arch/xtensa/kernel/syscalls/syscall.tbl | 1 +
fs/autofs/autofs_i.h | 2 +
fs/fsopen.c | 2 +-
fs/internal.h | 1 +
fs/mnt_idmapping.c | 51 ++
fs/mount.h | 26 ++
fs/namespace.c | 485 ++++++++++++++-----
fs/notify/fanotify/fanotify.c | 38 +-
fs/notify/fanotify/fanotify.h | 18 +
fs/notify/fanotify/fanotify_user.c | 89 +++-
fs/notify/fdinfo.c | 5 +
fs/notify/fsnotify.c | 47 +-
fs/notify/fsnotify.h | 11 +
fs/notify/mark.c | 14 +-
fs/pnode.c | 4 +-
include/linux/fanotify.h | 12 +-
include/linux/fsnotify.h | 20 +
include/linux/fsnotify_backend.h | 42 ++
include/linux/mnt_idmapping.h | 5 +
include/linux/syscalls.h | 4 +
include/linux/uidgid.h | 6 +
include/uapi/asm-generic/unistd.h | 4 +-
include/uapi/linux/fanotify.h | 10 +
include/uapi/linux/mount.h | 10 +-
kernel/user_namespace.c | 26 +-
samples/vfs/samples-vfs.h | 14 +-
samples/vfs/test-list-all-mounts.c | 35 +-
scripts/syscall.tbl | 1 +
security/selinux/hooks.c | 3 +
security/selinux/include/classmap.h | 2 +-
tools/testing/selftests/Makefile | 1 +
.../selftests/filesystems/mount-notify/.gitignore | 2 +
.../selftests/filesystems/mount-notify/Makefile | 6 +
.../filesystems/mount-notify/mount-notify_test.c | 516 +++++++++++++++++++++
.../filesystems/overlayfs/set_layers_via_fds.c | 195 ++++++++
.../selftests/filesystems/overlayfs/wrappers.h | 17 +
.../selftests/filesystems/statmount/statmount.h | 2 +-
52 files changed, 1567 insertions(+), 175 deletions(-)
create mode 100644 tools/testing/selftests/filesystems/mount-notify/.gitignore
create mode 100644 tools/testing/selftests/filesystems/mount-notify/Makefile
create mode 100644 tools/testing/selftests/filesystems/mount-notify/mount-notify_test.c
Powered by blists - more mailing lists