From nobody Sat Nov 23 09:13:37 2024 Received: from fout-b7-smtp.messagingengine.com (fout-b7-smtp.messagingengine.com [202.12.124.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05B80202650; Wed, 13 Nov 2024 17:55:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.150 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731520533; cv=none; b=NxQRUSX3kfraYsetyDDddkUL7JUQaWQ83XtFd9uvjL06kOtTyQ+lWH6+B4sZR6sh3OECh7zINwGQHevXd4WjpHiUZJadojK9xlNoDCuUqalX1Qys7vIGnCuizmqyRbtVe/q5J+3H7UmbeiwfYDvVu02v3ppE2BgpTlut+mjLqc0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731520533; c=relaxed/simple; bh=SLg3Nvd2Ng6Z3O2BakSqNJpdSY8Mjm5+k/iUlOERlV0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=KD4XaRTMIge8yYq8F3QJ0yy+ftvXq3Wpv1cgec72/wd1vTni/PkPhWIEMrAdWXp8bdGl3p22tqR69Xfh+6lkoE1ZkTB5/DBgmvKDI2d+GW8pNdMsCWbKl0Obr57x5id/x9llMU0LUwaQPmgBZm5JW/Tht0Fc4sV/YISZsY5IE2k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=e43.eu; spf=pass smtp.mailfrom=e43.eu; dkim=pass (2048-bit key) header.d=e43.eu header.i=@e43.eu header.b=ja2Ublu5; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=HVMJRe7b; arc=none smtp.client-ip=202.12.124.150 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=e43.eu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=e43.eu Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=e43.eu header.i=@e43.eu header.b="ja2Ublu5"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="HVMJRe7b" Received: from phl-compute-08.internal (phl-compute-08.phl.internal [10.202.2.48]) by mailfout.stl.internal (Postfix) with ESMTP id C8207114009D; Wed, 13 Nov 2024 12:55:29 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-08.internal (MEProxy); Wed, 13 Nov 2024 12:55:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=e43.eu; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1731520529; x=1731606929; bh=JLHWSuoD9LDVViaWJnWQUHzrViCI5wNYkPdZg2ABbyQ=; b= ja2Ublu5wGcgzQYXqoBkO591VZ12L67g+RR6TBTcouTpjWU1lWSz48zavD7BnJU2 fmYGfMjpMhJAybRD3nIIS0YJUN2UPefBCSmkoaKZyBXMKckgEter9NsrL01bj1Gi di9OSOP48/H68DxnXe9bVxRzKjOgdDD/vjpC99lMcASUGEX5vF6zFh0lAdexENQ+ oq61qmWUX2FshXkkvvzoAb0RtretwbP8XzBC8jG5cGdFfIEihkL7pNacBEoqGhgd JXp8a1vxrAJtG/o1Y1QR/qLuAorSsPVM6iiumoT95zmTMBlGSLmaY7hONBhK5CKw HudXBJ9lkVigAmlK4xH2JQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1731520529; x= 1731606929; bh=JLHWSuoD9LDVViaWJnWQUHzrViCI5wNYkPdZg2ABbyQ=; b=H VMJRe7bbVq6IHTGhIoes/TG+TZCqa4zgIzlbs7ixvFvw6VVdYEml52FtCc2YnZCC 7XxCzDp8p7OiNWUXqd+/aHvEwcwM1kMHAyUlzRrICtIYqEs0cSMbrsyGd9wOVTOk 2joW6mfZq5d2H9vkm6Dtf1KGToyngu8xu8w5jYAQx8WA4SRdeXZUeW+uY72W+PnS tImZilyIkwpuAqPfT3oioZSqmTszTjSLS3Mo40dLaG1ag8AGEhrILB2g9EWwEFSL DEp71oajH5j25dg8XZTCKc2gY8A9clnlvK9yQOQj8Gja8YwrkNUSlmj+bG6GirHE ubRjLbrr5DTLsydHuUquA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrvddtgddutdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhephfffufggtgfgkfhfjgfvvefosehtjeertdertdej necuhfhrohhmpefgrhhinhcuufhhvghphhgvrhguuceovghrihhnrdhshhgvphhhvghrug esvgegfedrvghuqeenucggtffrrghtthgvrhhnpeegvdffgedugfeiveeifffggefhvddu uedvkefgvdduueeuheffgffftddtffeuveenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpegvrhhinhdrshhhvghphhgvrhgusegvgeefrdgvuhdp nhgspghrtghpthhtohepuddtpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegrmh hirhejfehilhesghhmrghilhdrtghomhdprhgtphhtthhopehlihhnuhigqdhkvghrnhgv lhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehjlhgrhihtohhnsehkvg hrnhgvlhdrohhrghdprhgtphhtthhopegthhhutghkrdhlvghvvghrsehorhgrtghlvgdr tghomhdprhgtphhtthhopehlihhnuhigqdhfshguvghvvghlsehvghgvrhdrkhgvrhhnvg hlrdhorhhgpdhrtghpthhtohepvhhirhhoseiivghnihhvrdhlihhnuhigrdhorhhgrdhu khdprhgtphhtthhopegvrhhinhdrshhhvghphhgvrhgusegvgeefrdgvuhdprhgtphhtth hopehlihhnuhigqdhnfhhssehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtohep jhgrtghksehsuhhsvgdrtgii X-ME-Proxy: Feedback-ID: i313944f9:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 13 Nov 2024 12:55:28 -0500 (EST) From: Erin Shepherd Date: Wed, 13 Nov 2024 17:55:23 +0000 Subject: [PATCH v2 1/3] pseudofs: add support for export_ops Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241113-pidfs_fh-v2-1-9a4d28155a37@e43.eu> References: <20241113-pidfs_fh-v2-0-9a4d28155a37@e43.eu> In-Reply-To: <20241113-pidfs_fh-v2-0-9a4d28155a37@e43.eu> To: Christian Brauner , Alexander Viro , Jan Kara , Chuck Lever Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Jeff Layton , Amir Goldstein , linux-nfs@vger.kernel.org, Erin Shepherd X-Mailer: b4 0.14.2 Pseudo-filesystems might reasonably wish to implement the export ops (particularly for name_to_handle_at/open_by_handle_at); plumb this through pseudo_fs_context Reviewed-by: Amir Goldstein Signed-off-by: Erin Shepherd --- fs/libfs.c | 1 + include/linux/pseudo_fs.h | 1 + 2 files changed, 2 insertions(+) diff --git a/fs/libfs.c b/fs/libfs.c index 46966fd8bcf9f042e85d0b66134e59fbef83abfd..698a2ddfd0cb94a8927d1d8a3bb= 3b3226d6d5476 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -669,6 +669,7 @@ static int pseudo_fs_fill_super(struct super_block *s, = struct fs_context *fc) s->s_blocksize_bits =3D PAGE_SHIFT; s->s_magic =3D ctx->magic; s->s_op =3D ctx->ops ?: &simple_super_operations; + s->s_export_op =3D ctx->eops; s->s_xattr =3D ctx->xattr; s->s_time_gran =3D 1; root =3D new_inode(s); diff --git a/include/linux/pseudo_fs.h b/include/linux/pseudo_fs.h index 730f77381d55f1816ef14adf7dd2cf1d62bb912c..2503f7625d65e7b1fbe9e64d5ab= f06cd8f017b5f 100644 --- a/include/linux/pseudo_fs.h +++ b/include/linux/pseudo_fs.h @@ -5,6 +5,7 @@ =20 struct pseudo_fs_context { const struct super_operations *ops; + const struct export_operations *eops; const struct xattr_handler * const *xattr; const struct dentry_operations *dops; unsigned long magic; --=20 2.46.1 From nobody Sat Nov 23 09:13:37 2024 Received: from fhigh-b1-smtp.messagingengine.com (fhigh-b1-smtp.messagingengine.com [202.12.124.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 487842AE69; Wed, 13 Nov 2024 17:55:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.152 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731520534; cv=none; b=GJ9tbrimqw05Dr3ZB3sXHCbfFQ2Xs8e2Bcw8+y5lt7oKYsZiHQ+jeGkyr/O4kvynWWdYtCzrg7nmUicJqY5M4ige7+8XP447bZHN/tvHl5iqMzYEdyVCTMaAyXYFxtPyyO6yO5q5veTUw5jasdbqeINrP7jZQxYuc3H4xR/NalQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731520534; c=relaxed/simple; bh=MtJUEuROc9m9XnoE+OOWZZpv9KV2K7Zmu5eVLlF9w2k=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=u3zso3Eq3jNxIBuTNWH2ADJT3vEQ3YYouubAV6be4dQzPGgxaOiCf3vKaOq1xqeLF5IgBZXkLq+ATr1t11p3r1pgCpV+qk7KjuCxr3loX1uG63jtfER97yAcc69VN703HwT8efzW8T7ab7GiqTITDQE+GPA7JL9nl/bck9UCn/4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=e43.eu; spf=pass smtp.mailfrom=e43.eu; dkim=pass (2048-bit key) header.d=e43.eu header.i=@e43.eu header.b=PrumJXcy; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=dWUdvWf9; arc=none smtp.client-ip=202.12.124.152 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=e43.eu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=e43.eu Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=e43.eu header.i=@e43.eu header.b="PrumJXcy"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="dWUdvWf9" Received: from phl-compute-02.internal (phl-compute-02.phl.internal [10.202.2.42]) by mailfhigh.stl.internal (Postfix) with ESMTP id 3C66F25401EE; Wed, 13 Nov 2024 12:55:32 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-02.internal (MEProxy); Wed, 13 Nov 2024 12:55:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=e43.eu; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1731520532; x=1731606932; bh=H4mUvZK1UHDTuk+P/f3KKymsaUVeOckX9jzAr9bIhAE=; b= PrumJXcyV7sUnHgM/YV/iIdjGBkok+DMoHnpLnaUEKgcPqFP+egaAm+8PTSX+olW zY9Du9NIlzFrI/40zC2DXS2upMPSEN+WKGgzPseoazxwMv3gUeDfIUe6PbeRbGI+ GpOZs9ZcuRVDa7FY1pbHhzpr84EqKs45P3+NOccyMAA4NcUMbSDrgmJUE44topUy lk7MFglKwq9X6zdqYDohM/b9qNAxD5sEjWzmWjGSDiGPSNIWvZiq35s0Mk8t+h8N kicNhkzL0q1cp/qZQIhyEKt2WIj/3cSjjUy6bRYDfnbVPAQ0McQf4AuOIH2JVFwm hb1IcXEFrRRKvWhN3Se1rQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1731520532; x= 1731606932; bh=H4mUvZK1UHDTuk+P/f3KKymsaUVeOckX9jzAr9bIhAE=; b=d WUdvWf9o20g19ar97IpZdywHeKROEF0myEUR6JNlAdj38tQDCDkpvlTkWNM+BVkN LaD68MVqq/izCGWz4Uf8TxJYNhwEhwQfOpEug7OuozSG01XgIA68kNE5vIY93rUQ P3iU/mbJpcS1IkpowXTahMgfIz+nIZ6azVRd0DrZ2thvIe17jY0I8pqnEw4RNpiU YPOcC+bOo2CfME9iRCXDiDTRW1X8ycXGhaFwcWjPtdYcLkV/zB973oLWIBNKXG3O tRSEVGEYQAkfoCUq7HdVsvNxnAvJSyXCWJUimoTqa4PLZ8+gcRY8a2SRo7+dK+ak 5+jsBoHty3A3fGZYW+5Mw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrvddtgddutdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhephfffufggtgfgkfhfjgfvvefosehtjeertdertdej necuhfhrohhmpefgrhhinhcuufhhvghphhgvrhguuceovghrihhnrdhshhgvphhhvghrug esvgegfedrvghuqeenucggtffrrghtthgvrhhnpeegvdffgedugfeiveeifffggefhvddu uedvkefgvdduueeuheffgffftddtffeuveenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpegvrhhinhdrshhhvghphhgvrhgusegvgeefrdgvuhdp nhgspghrtghpthhtohepuddtpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegrmh hirhejfehilhesghhmrghilhdrtghomhdprhgtphhtthhopehlihhnuhigqdhkvghrnhgv lhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehjlhgrhihtohhnsehkvg hrnhgvlhdrohhrghdprhgtphhtthhopegthhhutghkrdhlvghvvghrsehorhgrtghlvgdr tghomhdprhgtphhtthhopehlihhnuhigqdhfshguvghvvghlsehvghgvrhdrkhgvrhhnvg hlrdhorhhgpdhrtghpthhtohepvhhirhhoseiivghnihhvrdhlihhnuhigrdhorhhgrdhu khdprhgtphhtthhopegvrhhinhdrshhhvghphhgvrhgusegvgeefrdgvuhdprhgtphhtth hopehlihhnuhigqdhnfhhssehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtohep jhgrtghksehsuhhsvgdrtgii X-ME-Proxy: Feedback-ID: i313944f9:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 13 Nov 2024 12:55:31 -0500 (EST) From: Erin Shepherd Date: Wed, 13 Nov 2024 17:55:24 +0000 Subject: [PATCH v2 2/3] exportfs: allow fs to disable CAP_DAC_READ_SEARCH check Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241113-pidfs_fh-v2-2-9a4d28155a37@e43.eu> References: <20241113-pidfs_fh-v2-0-9a4d28155a37@e43.eu> In-Reply-To: <20241113-pidfs_fh-v2-0-9a4d28155a37@e43.eu> To: Christian Brauner , Alexander Viro , Jan Kara , Chuck Lever Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Jeff Layton , Amir Goldstein , linux-nfs@vger.kernel.org, Erin Shepherd X-Mailer: b4 0.14.2 For pidfs, there is no reason to restrict file handle decoding by CAP_DAC_READ_SEARCH. Introduce an export_ops flag that can indicate this Signed-off-by: Erin Shepherd --- fs/fhandle.c | 36 +++++++++++++++++++++--------------- include/linux/exportfs.h | 3 +++ 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/fs/fhandle.c b/fs/fhandle.c index 82df28d45cd70a7df525f50bbb398d646110cd99..056116e58f43983bc7bb86da170= fb554c7a2fac7 100644 --- a/fs/fhandle.c +++ b/fs/fhandle.c @@ -235,26 +235,32 @@ static int do_handle_to_path(struct file_handle *hand= le, struct path *path, return 0; } =20 -/* - * Allow relaxed permissions of file handles if the caller has the - * ability to mount the filesystem or create a bind-mount of the - * provided @mountdirfd. - * - * In both cases the caller may be able to get an unobstructed way to - * the encoded file handle. If the caller is only able to create a - * bind-mount we need to verify that there are no locked mounts on top - * of it that could prevent us from getting to the encoded file. - * - * In principle, locked mounts can prevent the caller from mounting the - * filesystem but that only applies to procfs and sysfs neither of which - * support decoding file handles. - */ static inline bool may_decode_fh(struct handle_to_path_ctx *ctx, unsigned int o_flags) { struct path *root =3D &ctx->root; + struct export_operations *nop =3D root->mnt->mnt_sb->s_export_op; + + if (nop && nop->flags & EXPORT_OP_UNRESTRICTED_OPEN) + return true; + + if (capable(CAP_DAC_READ_SEARCH)) + return true; =20 /* + * Allow relaxed permissions of file handles if the caller has the + * ability to mount the filesystem or create a bind-mount of the + * provided @mountdirfd. + * + * In both cases the caller may be able to get an unobstructed way to + * the encoded file handle. If the caller is only able to create a + * bind-mount we need to verify that there are no locked mounts on top + * of it that could prevent us from getting to the encoded file. + * + * In principle, locked mounts can prevent the caller from mounting the + * filesystem but that only applies to procfs and sysfs neither of which + * support decoding file handles. + * * Restrict to O_DIRECTORY to provide a deterministic API that avoids a * confusing api in the face of disconnected non-dir dentries. * @@ -293,7 +299,7 @@ static int handle_to_path(int mountdirfd, struct file_h= andle __user *ufh, if (retval) goto out_err; =20 - if (!capable(CAP_DAC_READ_SEARCH) && !may_decode_fh(&ctx, o_flags)) { + if (!may_decode_fh(&ctx, o_flags)) { retval =3D -EPERM; goto out_path; } diff --git a/include/linux/exportfs.h b/include/linux/exportfs.h index 893a1d21dc1c4abc7e52325d7a4cf0adb407f039..459508b53e77ed0597cee217ffe= 3d82cc7cc11a4 100644 --- a/include/linux/exportfs.h +++ b/include/linux/exportfs.h @@ -247,6 +247,9 @@ struct export_operations { */ #define EXPORT_OP_FLUSH_ON_CLOSE (0x20) /* fs flushes file data on close */ #define EXPORT_OP_ASYNC_LOCK (0x40) /* fs can do async lock request */ +#define EXPORT_OP_UNRESTRICTED_OPEN (0x80) /* FS allows open_by_handle_at + without CAP_DAC_READ_SEARCH + */ unsigned long flags; }; =20 --=20 2.46.1 From nobody Sat Nov 23 09:13:37 2024 Received: from fout-b7-smtp.messagingengine.com (fout-b7-smtp.messagingengine.com [202.12.124.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5AF02038D4; Wed, 13 Nov 2024 17:55:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.150 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731520538; cv=none; b=ng+HkfcQq4QobDUKs/5A1l9eFBpcXi54/85whN21ogxb5U6Rw0Y+e7LwXVzwmNP7pyuYlEBQUYGj+lQXHlmMyuQNrILKvX3wxPv5hha0z9RUwbKnpN4Skot+YnHbrdbty2+kRyQdnwau9hfRh5rHjDWrxbv2977wVY8QnNG2QvI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731520538; c=relaxed/simple; bh=9z0fkUawtgFOBoM9gsarHEhrMu7s9nLWUAKQBM2JJCA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=mXlR+VZYYZGpeyEfeon+sIHR7q5hM+OewO+1+5kmA6njAi30oDLWyjCixKvv55TaYAH2LScOjU775hPL+ds0Bz3f0AWKmCCtAAkIwK01Bc1HwPHzXfcAVjXh91pCLVv3bYW3ea51mRIQ//xgUUp2CEsSSXpACdkc1T00BVCn4eM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=e43.eu; spf=pass smtp.mailfrom=e43.eu; dkim=pass (2048-bit key) header.d=e43.eu header.i=@e43.eu header.b=TxHuHcLT; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=VgAfNE+C; arc=none smtp.client-ip=202.12.124.150 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=e43.eu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=e43.eu Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=e43.eu header.i=@e43.eu header.b="TxHuHcLT"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="VgAfNE+C" Received: from phl-compute-03.internal (phl-compute-03.phl.internal [10.202.2.43]) by mailfout.stl.internal (Postfix) with ESMTP id 80D6311401EC; Wed, 13 Nov 2024 12:55:34 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Wed, 13 Nov 2024 12:55:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=e43.eu; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1731520534; x=1731606934; bh=AfsdjGskH8G9xKz2wh5f7jewD2z4hb6EP8wjUyjgt1k=; b= TxHuHcLTfRP9eZBLr3Sg/hs6Sin7aQv1OIYPVoAzkHohXmPf+1+o1zpfOlKHub/3 /MTtiCxAiOB5w/s7j0HsCFJYPThhthfcnbOwspKet/ig+wNF19ulfaYCQg/7jYo/ Rirvp/DJGwFGq/yEX+w9LvJTRe1sfmv9765i1URDnanb551K1GsgUeNNlyoj8O2R iVtRfHxUsa7D46VBFi2Q3jl8b5vHIyma9oXEtb5RcN1QYsXaW9ELmqWHQMrXFtz2 LcE+9FoD6zTwRnEdh/XKaTrYCt0GYrSTumIeQbjmynZsUuhxx9BEdhhgE3JxTKV8 LXKu7HxJfLHB5FSwNjqFaQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1731520534; x= 1731606934; bh=AfsdjGskH8G9xKz2wh5f7jewD2z4hb6EP8wjUyjgt1k=; b=V gAfNE+CzvoiRVjpQYVVsd9mo009KQ9e9JWXqRhPio4sP36u4aKu8P/+E9ljmbmjB 5Hb88YqSgUK/uWrg32jKNMaHsuVfErzJIGQg6W/b1gMylbCBZZcotjb/4NZIl84V XS1Bob76/wn9IxmPr1jCRBq1jeY8HJ9YGzlO72IqOCZtYZn+WetS9xMoipEJ0Gtv Oh3sLetNwJB8KJ6q8ryFxpvUVDTRlu7xeb1EufveSKiZosnW2gEPCDlOhW9i9var S8kU7+QWTUxLNfAB3vc8A+CIZ8pTYMieoN98z/HV51upxLmyvE7GqaA+o7F0/ca6 KhuZivgTMe6mjCe3Fd1SA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrvddtgddutdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhephfffufggtgfgkfhfjgfvvefosehtjeertdertdej necuhfhrohhmpefgrhhinhcuufhhvghphhgvrhguuceovghrihhnrdhshhgvphhhvghrug esvgegfedrvghuqeenucggtffrrghtthgvrhhnpeegvdffgedugfeiveeifffggefhvddu uedvkefgvdduueeuheffgffftddtffeuveenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpegvrhhinhdrshhhvghphhgvrhgusegvgeefrdgvuhdp nhgspghrtghpthhtohepuddtpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegrmh hirhejfehilhesghhmrghilhdrtghomhdprhgtphhtthhopehlihhnuhigqdhkvghrnhgv lhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehjlhgrhihtohhnsehkvg hrnhgvlhdrohhrghdprhgtphhtthhopegthhhutghkrdhlvghvvghrsehorhgrtghlvgdr tghomhdprhgtphhtthhopehlihhnuhigqdhfshguvghvvghlsehvghgvrhdrkhgvrhhnvg hlrdhorhhgpdhrtghpthhtohepvhhirhhoseiivghnihhvrdhlihhnuhigrdhorhhgrdhu khdprhgtphhtthhopegvrhhinhdrshhhvghphhgvrhgusegvgeefrdgvuhdprhgtphhtth hopehlihhnuhigqdhnfhhssehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtohep jhgrtghksehsuhhsvgdrtgii X-ME-Proxy: Feedback-ID: i313944f9:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 13 Nov 2024 12:55:33 -0500 (EST) From: Erin Shepherd Date: Wed, 13 Nov 2024 17:55:25 +0000 Subject: [PATCH v2 3/3] pidfs: implement file handle support Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241113-pidfs_fh-v2-3-9a4d28155a37@e43.eu> References: <20241113-pidfs_fh-v2-0-9a4d28155a37@e43.eu> In-Reply-To: <20241113-pidfs_fh-v2-0-9a4d28155a37@e43.eu> To: Christian Brauner , Alexander Viro , Jan Kara , Chuck Lever Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Jeff Layton , Amir Goldstein , linux-nfs@vger.kernel.org, Erin Shepherd X-Mailer: b4 0.14.2 On 64-bit platforms, userspace can read the pidfd's inode in order to get a never-repeated PID identifier. On 32-bit platforms this identifier is not exposed, as inodes are limited to 32 bits. Instead expose the identifier via export_fh, which makes it available to userspace via name_to_handle_at In addition we implement fh_to_dentry, which allows userspace to recover a pidfd from a PID file handle. We stash the process' PID in the root pid namespace inside the handle, and use that to recover the pid (validating that pid->ino matches the value in the handle, i.e. that the pid has not been reused). We use the root namespace in order to ensure that file handles can be moved across namespaces; however, we validate that the PID exists in the current namespace before returning the inode. Reviewed-by: Amir Goldstein Signed-off-by: Erin Shepherd --- fs/pidfs.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/fs/pidfs.c b/fs/pidfs.c index 80675b6bf88459c22787edaa68db360bdc0d0782..0684a9b8fe71c5205fb153b2714= bc9c672045fd5 100644 --- a/fs/pidfs.c +++ b/fs/pidfs.c @@ -1,5 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 #include +#include #include #include #include @@ -347,11 +348,69 @@ static const struct dentry_operations pidfs_dentry_op= erations =3D { .d_prune =3D stashed_dentry_prune, }; =20 +#define PIDFD_FID_LEN 3 + +struct pidfd_fid { + u64 ino; + s32 pid; +} __packed; + +static int pidfs_encode_fh(struct inode *inode, u32 *fh, int *max_len, + struct inode *parent) +{ + struct pid *pid =3D inode->i_private; + struct pidfd_fid *fid =3D (struct pidfd_fid *)fh; + + if (*max_len < PIDFD_FID_LEN) { + *max_len =3D PIDFD_FID_LEN; + return FILEID_INVALID; + } + + fid->ino =3D pid->ino; + fid->pid =3D pid_nr(pid); + *max_len =3D PIDFD_FID_LEN; + return FILEID_INO64_GEN; +} + +static struct dentry *pidfs_fh_to_dentry(struct super_block *sb, + struct fid *gen_fid, + int fh_len, int fh_type) +{ + int ret; + struct path path; + struct pidfd_fid *fid =3D (struct pidfd_fid *)gen_fid; + struct pid *pid; + + if (fh_type !=3D FILEID_INO64_GEN || fh_len < PIDFD_FID_LEN) + return NULL; + + scoped_guard(rcu) { + pid =3D find_pid_ns(fid->pid, &init_pid_ns); + if (!pid || pid->ino !=3D fid->ino || pid_vnr(pid) =3D=3D 0) + return NULL; + + pid =3D get_pid(pid); + } + + ret =3D path_from_stashed(&pid->stashed, pidfs_mnt, pid, &path); + if (ret < 0) + return ERR_PTR(ret); + + mntput(path.mnt); + return path.dentry; +} + +static const struct export_operations pidfs_export_operations =3D { + .encode_fh =3D pidfs_encode_fh, + .fh_to_dentry =3D pidfs_fh_to_dentry, + .flags =3D EXPORT_OP_UNRESTRICTED_OPEN, +}; + static int pidfs_init_inode(struct inode *inode, void *data) { inode->i_private =3D data; inode->i_flags |=3D S_PRIVATE; - inode->i_mode |=3D S_IRWXU; + inode->i_mode |=3D S_IRWXU | S_IRWXG | S_IRWXO; inode->i_op =3D &pidfs_inode_operations; inode->i_fop =3D &pidfs_file_operations; /* @@ -382,6 +441,7 @@ static int pidfs_init_fs_context(struct fs_context *fc) return -ENOMEM; =20 ctx->ops =3D &pidfs_sops; + ctx->eops =3D &pidfs_export_operations; ctx->dops =3D &pidfs_dentry_operations; fc->s_fs_info =3D (void *)&pidfs_stashed_ops; return 0; --=20 2.46.1