From patchwork Fri Jun 17 20:20:48 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Vagin X-Patchwork-Id: 9184923 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C356B6075F for ; Fri, 17 Jun 2016 20:21:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 95F2027F07 for ; Fri, 17 Jun 2016 20:21:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8A40A280DE; Fri, 17 Jun 2016 20:21:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E320827EED for ; Fri, 17 Jun 2016 20:21:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754991AbcFQUVA (ORCPT ); Fri, 17 Jun 2016 16:21:00 -0400 Received: from mail-pa0-f66.google.com ([209.85.220.66]:34820 "EHLO mail-pa0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753479AbcFQUU7 (ORCPT ); Fri, 17 Jun 2016 16:20:59 -0400 Received: by mail-pa0-f66.google.com with SMTP id hf6so6342733pac.2; Fri, 17 Jun 2016 13:20:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=79/lSRSQbbk2qM4haW9UZShdfxEmPcbquG0v6qUHQ84=; b=VuQcmd4z+/rTJyoCm9tTCW5SjteK8L1IuHhBUGTOXnOOZDk7zMsPmzLwRY6GT6GsGo 5pf9ytqRg4fbE5jRf0gspg88TJ8ygmuEEMWUR7x9OClGzYukCDF2deA+9CNg+oGI3uGS Wiyqq8mgHCojDZoejZZ8dJCjHKc4rySUqK7y8nKGLwysvC9d1oSRO2Cvkj+UAfpOhutD LtFW403jVJczP7xuB7yUFdYeIaqx/xutWWQwCQg9tAVO45Di6k4OGfXpiJrbRQsopyNq 372d2glWph1UAbeOr/9M2gAbHbBybEM24TTSC/9S0swL6638nPf8SNVJv+wUy+Xwonvk ja+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=79/lSRSQbbk2qM4haW9UZShdfxEmPcbquG0v6qUHQ84=; b=c1hMr4bTVP86dWlQq79bBAdI4s9W2q8uwQNhBLYk6G8f96hzq6LB7NDQyJnkrAXObl wuE0NdaKX47KK8nqWLU975YiaMDaHWlw73s3ai4Uuc13HWPYPNUOOwlLQK+mOvKbc3xd WRpxaJmnfBqyETTedEo31d2CQjpd5m93xT0pg/18Cb6BXCtxdtSYS8DHa3pm+dJc7CaJ mns+zNqb4JLL6JztMzLepyXrzTDMs2poqAW1/saePRVuqQIdr+O6EMGd8gqfnD1jni6O tyfb+FHH2QevGqVGWhHZu2NVWosCZ9HHUiCDXMzb4+O6U6M7SuHFLd/rBpEHNqdTk9Ab v3zg== X-Gm-Message-State: ALyK8tKPicapfPa42tJ/KZqadhi3BSfKnfMUl62xRFbONobyfWSFB31eUeTg6Pc2Xp4qjA== X-Received: by 10.66.246.133 with SMTP id xw5mr4298782pac.5.1466194858364; Fri, 17 Jun 2016 13:20:58 -0700 (PDT) Received: from laptop.vz.com ([162.246.95.100]) by smtp.gmail.com with ESMTPSA id s86sm70280827pfi.69.2016.06.17.13.20.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Jun 2016 13:20:57 -0700 (PDT) From: Andrey Vagin To: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Andrey Vagin , Alexander Viro , "Eric W. Biederman" Subject: [PATCH 2/2] fs: allow to use dirfd as root for openat and other *at syscalls Date: Fri, 17 Jun 2016 13:20:48 -0700 Message-Id: <1466194848-13824-3-git-send-email-avagin@openvz.org> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1466194848-13824-1-git-send-email-avagin@openvz.org> References: <1466194848-13824-1-git-send-email-avagin@openvz.org> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The problem is that a pathname can contain absolute symlinks and now they are resolved relative to the current root. If you want to open a file in another mount namespaces and you have a file descriptor to its root directory, you probably want that the pathname is resolved in the target mount namespace and in this case you can use a new flag O_ATROOT or AT_FDROOT. Signed-off-by: Andrey Vagin --- fs/exec.c | 4 +++- fs/namei.c | 10 ++++++---- fs/open.c | 6 +++++- fs/stat.c | 4 +++- fs/utimes.c | 4 +++- include/uapi/asm-generic/fcntl.h | 3 +++ include/uapi/linux/fcntl.h | 1 + 7 files changed, 24 insertions(+), 8 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 887c1c9..473b709 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -775,12 +775,14 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) .lookup_flags = LOOKUP_FOLLOW, }; - if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) + if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH | AT_FDROOT)) != 0) return ERR_PTR(-EINVAL); if (flags & AT_SYMLINK_NOFOLLOW) open_exec_flags.lookup_flags &= ~LOOKUP_FOLLOW; if (flags & AT_EMPTY_PATH) open_exec_flags.lookup_flags |= LOOKUP_EMPTY; + if (flags & AT_FDROOT) + open_exec_flags.lookup_flags |= LOOKUP_DFD_ROOT; file = do_filp_open(fd, name, &open_exec_flags); if (IS_ERR(file)) diff --git a/fs/namei.c b/fs/namei.c index 5f08b69..696c9ae 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3577,7 +3577,7 @@ static struct dentry *filename_create(int dfd, struct filename *name, * Note that only LOOKUP_REVAL and LOOKUP_DIRECTORY matter here. Any * other flags passed in are ignored! */ - lookup_flags &= LOOKUP_REVAL; + lookup_flags &= LOOKUP_REVAL | LOOKUP_DFD_ROOT; name = filename_parentat(dfd, name, lookup_flags, path, &last, &type); if (IS_ERR(name)) @@ -4050,7 +4050,7 @@ slashes: SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag) { - if ((flag & ~AT_REMOVEDIR) != 0) + if ((flag & ~(AT_REMOVEDIR | AT_FDROOT)) != 0) return -EINVAL; if (flag & AT_REMOVEDIR) @@ -4212,7 +4212,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, int how = 0; int error; - if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0) + if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH | AT_FDROOT)) != 0) return -EINVAL; /* * To use null names we require CAP_DAC_READ_SEARCH @@ -4227,13 +4227,15 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, if (flags & AT_SYMLINK_FOLLOW) how |= LOOKUP_FOLLOW; + if (flags & AT_FDROOT) + how |= LOOKUP_DFD_ROOT; retry: error = user_path_at(olddfd, oldname, how, &old_path); if (error) return error; new_dentry = user_path_create(newdfd, newname, &new_path, - (how & LOOKUP_REVAL)); + (how & (LOOKUP_REVAL | LOOKUP_DFD_ROOT))); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) goto out; diff --git a/fs/open.c b/fs/open.c index 93ae3cd..e0bc8d0 100644 --- a/fs/open.c +++ b/fs/open.c @@ -613,12 +613,14 @@ SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user, int error = -EINVAL; int lookup_flags; - if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) + if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH | AT_FDROOT)) != 0) goto out; lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; if (flag & AT_EMPTY_PATH) lookup_flags |= LOOKUP_EMPTY; + if (flag & AT_FDROOT) + lookup_flags |= LOOKUP_DFD_ROOT; retry: error = user_path_at(dfd, filename, lookup_flags, &path); if (error) @@ -941,6 +943,8 @@ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *o lookup_flags |= LOOKUP_DIRECTORY; if (!(flags & O_NOFOLLOW)) lookup_flags |= LOOKUP_FOLLOW; + if (flags & O_ATROOT) + lookup_flags |= LOOKUP_DFD_ROOT; op->lookup_flags = lookup_flags; return 0; } diff --git a/fs/stat.c b/fs/stat.c index bc045c7..d71e7f2 100644 --- a/fs/stat.c +++ b/fs/stat.c @@ -95,13 +95,15 @@ int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat, unsigned int lookup_flags = 0; if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT | - AT_EMPTY_PATH)) != 0) + AT_EMPTY_PATH | AT_FDROOT)) != 0) goto out; if (!(flag & AT_SYMLINK_NOFOLLOW)) lookup_flags |= LOOKUP_FOLLOW; if (flag & AT_EMPTY_PATH) lookup_flags |= LOOKUP_EMPTY; + if (flag & AT_FDROOT) + lookup_flags |= LOOKUP_DFD_ROOT; retry: error = user_path_at(dfd, filename, lookup_flags, &path); if (error) diff --git a/fs/utimes.c b/fs/utimes.c index 85c40f4..78a9eb9 100644 --- a/fs/utimes.c +++ b/fs/utimes.c @@ -143,7 +143,7 @@ long do_utimes(int dfd, const char __user *filename, struct timespec *times, goto out; } - if (flags & ~AT_SYMLINK_NOFOLLOW) + if (flags & ~(AT_SYMLINK_NOFOLLOW | AT_FDROOT)) goto out; if (filename == NULL && dfd != AT_FDCWD) { @@ -165,6 +165,8 @@ long do_utimes(int dfd, const char __user *filename, struct timespec *times, if (!(flags & AT_SYMLINK_NOFOLLOW)) lookup_flags |= LOOKUP_FOLLOW; + if (flags & AT_FDROOT) + lookup_flags |= LOOKUP_DFD_ROOT; retry: error = user_path_at(dfd, filename, lookup_flags, &path); if (error) diff --git a/include/uapi/asm-generic/fcntl.h b/include/uapi/asm-generic/fcntl.h index e063eff..28ddbe2 100644 --- a/include/uapi/asm-generic/fcntl.h +++ b/include/uapi/asm-generic/fcntl.h @@ -61,6 +61,9 @@ #ifndef O_CLOEXEC #define O_CLOEXEC 02000000 /* set close_on_exec */ #endif +#ifndef O_ATROOT +#define O_ATROOT 04000000 /* dfd is a root */ +#endif /* * Before Linux 2.6.33 only O_DSYNC semantics were implemented, but using diff --git a/include/uapi/linux/fcntl.h b/include/uapi/linux/fcntl.h index beed138..4f3b631 100644 --- a/include/uapi/linux/fcntl.h +++ b/include/uapi/linux/fcntl.h @@ -62,6 +62,7 @@ #define AT_SYMLINK_FOLLOW 0x400 /* Follow symbolic links. */ #define AT_NO_AUTOMOUNT 0x800 /* Suppress terminal automount traversal */ #define AT_EMPTY_PATH 0x1000 /* Allow empty relative pathname */ +#define AT_FDROOT 0x2000 /* Resolve a path as if dirfd is root */ #endif /* _UAPI_LINUX_FCNTL_H */