Commit 2527b284 authored by Al Viro's avatar Al Viro
Browse files

move the capability checks from sget_userns() to legacy_get_tree() 



1) all call chains leading to sget_userns() pass through ->mount()
instances.
2) none of ->mount() instances is ever called directly - the only
call site is legacy_get_tree()
3) all remaining ->mount() instances end up calling sget_userns()

IOW, we might as well do the capability checks just before calling
->mount().  As for the arguments passed to mount_capable(),
in case of call chains to sget_userns() going through sget(),
we either don't call mount_capable() at all, or pass current_user_ns()
to it.  The call chains going through mount_pseudo_xattr() don't
call mount_capable() at all (SB_KERNMOUNT in flags on those).

That could've been split into smaller steps (lifting the checks
into sget(), then callers of sget(), then all the way to the
entries of every ->mount() out there, then to the sole caller),
but that would be too much churn for little benefit...

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent bb7b6b2b

fs/fs_context.c

+5 −0
Original line number Diff line number Diff line
@@ -662,6 +662,11 @@ static int legacy_get_tree(struct fs_context *fc) 
	struct super_block *sb;

	struct dentry *root;



	if (!(fc->sb_flags & (SB_KERNMOUNT|SB_SUBMOUNT))) {

		if (!mount_capable(fc->fs_type, current_user_ns()))

			return -EPERM;

	}



	root = fc->fs_type->mount(fc->fs_type, fc->sb_flags,

				      fc->source, ctx->legacy_data);

	if (IS_ERR(root))

fs/internal.h

+2 −0
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ struct path; 
struct mount;

struct shrink_control;

struct fs_context;

struct user_namespace;



/*

 * block_dev.c
@@ -113,6 +114,7 @@ extern struct file *alloc_empty_file_noaccount(int, const struct cred *); 
extern int reconfigure_super(struct fs_context *);

extern bool trylock_super(struct super_block *sb);

extern struct super_block *user_get_super(dev_t);

extern bool mount_capable(struct file_system_type *, struct user_namespace *);



/*

 * open.c

fs/super.c

+0 −4
Original line number Diff line number Diff line
@@ -583,10 +583,6 @@ struct super_block *sget_userns(struct file_system_type *type, 
	struct super_block *old;

	int err;



	if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT))) {

		if (!mount_capable(type, user_ns))

			return ERR_PTR(-EPERM);

	}

retry:

	spin_lock(&sb_lock);

	if (test) {

CRA Git | Maintained and supported by SUSTech CRA and CCSE