[PATCH v2 07/39] mount: attach mappings to mounts

Christian Brauner christian.brauner at ubuntu.com
Tue Nov 24 12:30:35 UTC 2020


On Mon, Nov 23, 2020 at 11:24:28AM -0500, Tycho Andersen wrote:
> On Mon, Nov 23, 2020 at 10:47:19AM -0500, Tycho Andersen wrote:
> > On Sun, Nov 15, 2020 at 11:36:46AM +0100, Christian Brauner wrote:
> > > +static inline struct user_namespace *mnt_user_ns(const struct vfsmount *mnt)
> > > +{
> > > +	return mnt->mnt_user_ns;
> > > +}
> > 
> > I think you might want a READ_ONCE() here. Right now it seems ok, since the
> > mnt_user_ns can't change, but if we ever allow it to change (and I see you have
> > a idmapped_mounts_wip_v2_allow_to_change_idmapping branch on your public tree
> > :D), the pattern of,
> > 
> >         user_ns = mnt_user_ns(path->mnt);
> >         if (mnt_idmapped(path->mnt)) {
> >                 uid = kuid_from_mnt(user_ns, uid);
> >                 gid = kgid_from_mnt(user_ns, gid);
> >         }
> > 
> > could race.
> 
> Actually, isn't a race possible now?
> 
> kuid_from_mnt(mnt_user_ns(path->mnt) /* &init_user_ns */);
> WRITE_ONCE(mnt->mnt.mnt_user_ns, user_ns);
> WRITE_ONCE(m->mnt.mnt_flags, flags);
> kgid_from_mnt(mnt_user_ns(path->mnt) /* the right user ns */);
> 
> So maybe it should be:
> 
>          if (mnt_idmapped(path->mnt)) {
>                  barrier();
>                  user_ns = mnt_user_ns(path->mnt);
>                  uid = kuid_from_mnt(user_ns, uid);
>                  gid = kgid_from_mnt(user_ns, gid);
>          }
> 
> since there's no data dependency between mnt_idmapped() and
> mnt_user_ns()?

I think I had something to handle this case in another branch of mine.
The READ_ONCE() you mentioned in another patch I had originally dropped
because I wasn't sure whether it works on pointers but after talking to
Jann and David it seems that it handles pointers fine.
Let me take a look and fix it in the next version. I just finished
porting the test suite to xfstests as Christoph requested and I'm
looking at this now.

Thanks!
Christian



More information about the Linux-security-module-archive mailing list