From patchwork Tue Sep 6 14:32:01 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 666620 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 3sT8FF1y5Wz9sBR; Wed, 7 Sep 2016 00:32:17 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical-com.20150623.gappssmtp.com header.i=@canonical-com.20150623.gappssmtp.com header.b=hxQn2lNo; dkim-atps=neutral Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1bhHQ5-0004qG-Mh; Tue, 06 Sep 2016 14:32:13 +0000 Received: from mail-oi0-f50.google.com ([209.85.218.50]) by huckleberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1bhHPy-0004pN-PL for kernel-team@lists.ubuntu.com; Tue, 06 Sep 2016 14:32:06 +0000 Received: by mail-oi0-f50.google.com with SMTP id s131so36883654oie.2 for ; Tue, 06 Sep 2016 07:32:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references; bh=xcvkhRqwg/CSfQH5MsJj7JqSTlJLGMt/uTa0tYNxwq4=; b=hxQn2lNoIMyShxL8XdxUYJ+vm5692FQrC+/Evj7LT5ZW0Tq91K0bWgR9Ddkfxd3wQN 4cDv0jIPNHu3emikA37Aq/fOBvKnQMGHxKnhPTUY+k/wbrSlmpmTlO9b3mwbjio7busA JhZXf5lUzL8F6WUG/lA8Aau20wF71tkKPfJjvh2zMWXQLMRBGDhngZVaDVMOXIJYB+zD d+b1W85D9gkJ14/hNFEyO5DYiL98kWZuhfVgcDJJHze3kS8y4TBFVoCZ5p5NGmZrSHAP TT+7vtAO2lPUpwGwn8bEixBVkNVJmasaOQbmmWKMW8/D7ghBkt8jthFyAM8QUe/wyRx4 cQcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=xcvkhRqwg/CSfQH5MsJj7JqSTlJLGMt/uTa0tYNxwq4=; b=B1QrsJuLI3v5su2g2ux7ksm+T5B+rFEPBZtOERNAeJPpB16bqXwn8Qm7WQVNR+sOG0 ahuGU6p0hAboQ1Mi8+fCn1xB2JKMAQjL2xJ8stOyWhrJ//u1ZC+F7eoSPDLt0LgF17u9 IOOHB5pbRS9kWZg5DvLgSC162FR6Uo5OVBDJn8UqlH+ub/9rfkd4gPG2F1GKm//wEQbu rptCFmJ0+zkTqsrYHd+OWIxbjQIEHV0HeCbdJuMkSqheqNMg0p42Z03S4/ZSLA3vK1Xl XV3zy1spGoh8mqaN0seUhcMWlMccP5TSXZY9ClZtcDitvLWdJd1TtWng9mEToWW4zKCA Yr5g== X-Gm-Message-State: AE9vXwPuEmVoV7+NxC5d47AMIV/mgXhjCmAzMxxkr38EhCGVkAQMloI2236KNLv1iq490SEn X-Received: by 10.157.45.138 with SMTP id g10mr36242574otb.88.1473172325331; Tue, 06 Sep 2016 07:32:05 -0700 (PDT) Received: from localhost ([2605:a601:aa9:6620:f195:4c7f:b580:58e9]) by smtp.gmail.com with ESMTPSA id w7sm3392968oiw.19.2016.09.06.07.32.04 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Sep 2016 07:32:04 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/2][Xenial SRU] fs: Call d_automount with the filesystems creds Date: Tue, 6 Sep 2016 09:32:01 -0500 Message-Id: <1473172321-20748-3-git-send-email-seth.forshee@canonical.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1473172321-20748-1-git-send-email-seth.forshee@canonical.com> References: <1473172321-20748-1-git-send-email-seth.forshee@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com From: "Eric W. Biederman" BugLink: http://bugs.launchpad.net/bugs/1612135 Seth Forshee reported a mount regression in nfs autmounts with "fs: Add user namespace member to struct super_block". It turns out that the assumption that current->cred is something reasonable during mount while necessary to improve support of unprivileged mounts is wrong in the automount path. To fix the existing filesystems override current->cred with the init_cred before calling d_automount and restore current->cred after d_automount completes. To support unprivileged mounts would require a more nuanced cred selection, so fail on unprivileged mounts for the time being. As none of the filesystems that currently set FS_USERNS_MOUNT implement d_automount this check is only good for preventing future problems. Fixes: 6e4eab577a0c ("fs: Add user namespace member to struct super_block") Tested-by: Seth Forshee Signed-off-by: "Eric W. Biederman" (backported from commit aeaa4a79ff6a5ed912b7362f206cf8576fca538b) Signed-off-by: Seth Forshee --- fs/namei.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/namei.c b/fs/namei.c index 3132aab..ec06605 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include "internal.h" @@ -1084,6 +1085,7 @@ static int follow_automount(struct path *path, struct nameidata *nd, bool *need_mntput) { struct vfsmount *mnt; + const struct cred *old_cred; int err; if (!path->dentry->d_op || !path->dentry->d_op->d_automount) @@ -1105,11 +1107,16 @@ static int follow_automount(struct path *path, struct nameidata *nd, path->dentry->d_inode) return -EISDIR; + if (path->dentry->d_sb->s_user_ns != &init_user_ns) + return -EACCES; + nd->total_link_count++; if (nd->total_link_count >= 40) return -ELOOP; + old_cred = override_creds(&init_cred); mnt = path->dentry->d_op->d_automount(path); + revert_creds(old_cred); if (IS_ERR(mnt)) { /* * The filesystem is allowed to return -EISDIR here to indicate