From patchwork Sun Jul  8 21:01:48 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 10513345
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	66FAB603D7 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sun,  8 Jul 2018 21:07:34 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 58290289DC
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sun,  8 Jul 2018 21:07:34 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 4C927289E0; Sun,  8 Jul 2018 21:07:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EDFA4289DC
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sun,  8 Jul 2018 21:07:33 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933232AbeGHVHX (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Sun, 8 Jul 2018 17:07:23 -0400
Received: from mail-pg1-f181.google.com ([209.85.215.181]:35972 "EHLO
	mail-pg1-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S933368AbeGHVFn (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Sun, 8 Jul 2018 17:05:43 -0400
Received: by mail-pg1-f181.google.com with SMTP id m19-v6so845643pgv.3;
	Sun, 08 Jul 2018 14:05:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=DQT+lxbnzZ/5JAfVa5mau1dvb6l8qMsV5xYDJNwj17U=;
	b=YAUrVSowZSn3psE8Nqd1Nzss26L+xRYVcO773Py4LV5eKHBFM/cUzJyu7ujSxxoRoi
	YDJNXVyLey+HZBez9TAml2pLpdFV1AeC9NVM+3GeM8wypbdw8RyEu1QAdnCiIgvLxwnG
	eqpSzky41Y54PWhl074kiwxdiU10Z/WLHUVij3ZN0DEJCwE4mkoZaIQ3FiZ1rIQ2dAn1
	X6JbCd0BacI2Qzi9byzFDGSn9h7msIR0VLoeJEnM7u/juAxKuUsX11Z0tvo4UTHTL44U
	mLlR48azxlHge/gzp8DgRZY7b6PveZY5OYb6NJxIE5edzhal4Yp5VSZ2GaFW4v/Mb589
	4XEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=DQT+lxbnzZ/5JAfVa5mau1dvb6l8qMsV5xYDJNwj17U=;
	b=O/JLhiSEzYkLu7l5WtYsSkr56rwLCUud3Hq3k6GbSauZx91QZ/slEBnhAzB9nHWTro
	R0QvcvblkK7zfE5OTddx/X+DaHL5OJ3UhIMVbxEk470DXQAwQBnw6icMQsYE+14hcHSL
	holfw3IXBLLgLdhDGk12s6rp87FNQ71lLKfen7dlb+vfNJKqO8sUX1+oDO6aZW/Nd1ZB
	JR2EOga30Ec8byDrWLH9CFYzY8S1JVLQnDPzn9ZByg3TXQsjpxYTGQTtvMwAp66zieG4
	VyRPNZ2oBhqgvB6wFfS8WkAtGPwofJ9YR2s8oCIdXZqycK8i662SvCRlv4mXu5ZTHyMv
	UgAQ==
X-Gm-Message-State: APt69E3BtnQCJqOb+vYFzi36xYH1z5SRT2w2/yWChY78vXZ6bykfWREg
	VNudguVAWVmVBNFojhA3zYw=
X-Google-Smtp-Source: 
 AAOMgpcAedktP1Gi8pQNsiG4iY5dh7wuqPWLROEdjZzm3GZRIAlN/ruLa5H9IphwE4WOgH/b/9mQCA==
X-Received: by 2002:a62:42d7:: with SMTP id
	h84-v6mr18648787pfd.146.1531083942842;
	Sun, 08 Jul 2018 14:05:42 -0700 (PDT)
Received: from sol.localdomain (c-67-185-97-198.hsd1.wa.comcast.net.
	[67.185.97.198]) by smtp.gmail.com with ESMTPSA id
	x68-v6sm23355681pfb.138.2018.07.08.14.05.42
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sun, 08 Jul 2018 14:05:42 -0700 (PDT)
From: Eric Biggers <ebiggers3@gmail.com>
To: David Howells <dhowells@redhat.com>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@google.com>
Subject: [PATCH 12/18] fspick: add missing permission check
Date: Sun,  8 Jul 2018 14:01:48 -0700
Message-Id: <20180708210154.10423-13-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180708210154.10423-1-ebiggers3@gmail.com>
References: <20180708210154.10423-1-ebiggers3@gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Eric Biggers <ebiggers@google.com>

Fixes: 99f8421020ac ("vfs: Implement fspick() to select a superblock for reconfiguration")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/fsopen.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/fsopen.c b/fs/fsopen.c
index 3e439299ddf79..b3a22848f8eec 100644
--- a/fs/fsopen.c
+++ b/fs/fsopen.c
@@ -282,6 +282,9 @@ SYSCALL_DEFINE3(fspick, int, dfd, const char __user *, path, unsigned int, flags
 	unsigned int lookup_flags;
 	int ret;
 
+	if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN))
+		return -EPERM;
+
 	if ((flags & ~(FSPICK_CLOEXEC |
 		       FSPICK_SYMLINK_NOFOLLOW |
 		       FSPICK_NO_AUTOMOUNT |