[PATCH v2 07/39] mount: attach mappings to mounts
Christian Brauner
christian.brauner at ubuntu.com
Tue Nov 24 12:30:35 UTC 2020
On Mon, Nov 23, 2020 at 11:24:28AM -0500, Tycho Andersen wrote:
> On Mon, Nov 23, 2020 at 10:47:19AM -0500, Tycho Andersen wrote:
> > On Sun, Nov 15, 2020 at 11:36:46AM +0100, Christian Brauner wrote:
> > > +static inline struct user_namespace *mnt_user_ns(const struct vfsmount *mnt)
> > > +{
> > > + return mnt->mnt_user_ns;
> > > +}
> >
> > I think you might want a READ_ONCE() here. Right now it seems ok, since the
> > mnt_user_ns can't change, but if we ever allow it to change (and I see you have
> > a idmapped_mounts_wip_v2_allow_to_change_idmapping branch on your public tree
> > :D), the pattern of,
> >
> > user_ns = mnt_user_ns(path->mnt);
> > if (mnt_idmapped(path->mnt)) {
> > uid = kuid_from_mnt(user_ns, uid);
> > gid = kgid_from_mnt(user_ns, gid);
> > }
> >
> > could race.
>
> Actually, isn't a race possible now?
>
> kuid_from_mnt(mnt_user_ns(path->mnt) /* &init_user_ns */);
> WRITE_ONCE(mnt->mnt.mnt_user_ns, user_ns);
> WRITE_ONCE(m->mnt.mnt_flags, flags);
> kgid_from_mnt(mnt_user_ns(path->mnt) /* the right user ns */);
>
> So maybe it should be:
>
> if (mnt_idmapped(path->mnt)) {
> barrier();
> user_ns = mnt_user_ns(path->mnt);
> uid = kuid_from_mnt(user_ns, uid);
> gid = kgid_from_mnt(user_ns, gid);
> }
>
> since there's no data dependency between mnt_idmapped() and
> mnt_user_ns()?
I think I had something to handle this case in another branch of mine.
The READ_ONCE() you mentioned in another patch I had originally dropped
because I wasn't sure whether it works on pointers but after talking to
Jann and David it seems that it handles pointers fine.
Let me take a look and fix it in the next version. I just finished
porting the test suite to xfstests as Christoph requested and I'm
looking at this now.
Thanks!
Christian
More information about the Linux-security-module-archive
mailing list