[1/2] fs: refuse mnt id requests with invalid ids early

Message ID	20240704-work-mount-fixes-v1-1-d007c990de5f@kernel.org (mailing list archive)
State	New
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 642B71AC45C for <linux-fsdevel@vger.kernel.org>; Thu, 4 Jul 2024 08:58:49 +0000 (UTC) From: Christian Brauner <brauner@kernel.org> Date: Thu, 04 Jul 2024 10:58:34 +0200 Subject: [PATCH 1/2] fs: refuse mnt id requests with invalid ids early Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20240704-work-mount-fixes-v1-1-d007c990de5f@kernel.org> References: <20240704-work-mount-fixes-v1-0-d007c990de5f@kernel.org> In-Reply-To: <20240704-work-mount-fixes-v1-0-d007c990de5f@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Josef Bacik <josef@toxicpanda.com>, Miklos Szeredi <miklos@szeredi.hu>, Jeff Layton <jlayton@kernel.org>, Karel Zak <kzak@redhat.com>, Christian Brauner <brauner@kernel.org>
Series	Reject invalid mount id values early \| expand [0/2] Reject invalid mount id values early [1/2] fs: refuse mnt id requests with invalid ids early [2/2] fs: reject invalid last mount id early

Message ID

20240704-work-mount-fixes-v1-1-d007c990de5f@kernel.org (mailing list archive)

State

New

Headers

From: Christian Brauner <brauner@kernel.org>
Date: Thu, 04 Jul 2024 10:58:34 +0200
Subject: [PATCH 1/2] fs: refuse mnt id requests with invalid ids early
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20240704-work-mount-fixes-v1-1-d007c990de5f@kernel.org>
References: <20240704-work-mount-fixes-v1-0-d007c990de5f@kernel.org>
In-Reply-To: <20240704-work-mount-fixes-v1-0-d007c990de5f@kernel.org>
To: linux-fsdevel@vger.kernel.org
Cc: Josef Bacik <josef@toxicpanda.com>, Miklos Szeredi <miklos@szeredi.hu>,
 Jeff Layton <jlayton@kernel.org>, Karel Zak <kzak@redhat.com>,
 Christian Brauner <brauner@kernel.org>

Series

Reject invalid mount id values early | expand

Commit Message

Christian Brauner July 4, 2024, 8:58 a.m. UTC

Unique mount ids start past the last valid old mount id value to not
confuse the two so reject invalid values early in copy_mnt_id_req().

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/namespace.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index c53a0ee748c6..a0266a8389d0 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -70,7 +70,8 @@  static DEFINE_IDA(mnt_id_ida);
 static DEFINE_IDA(mnt_group_ida);
 
 /* Don't allow confusion with old 32bit mount ID */
-static atomic64_t mnt_id_ctr = ATOMIC64_INIT(1ULL << 32);
+#define MNT_UNIQUE_ID_OFFSET (1ULL << 32)
+static atomic64_t mnt_id_ctr = ATOMIC64_INIT(MNT_UNIQUE_ID_OFFSET);
 
 static struct hlist_head *mount_hashtable __ro_after_init;
 static struct hlist_head *mountpoint_hashtable __ro_after_init;
@@ -5235,6 +5236,9 @@  static int copy_mnt_id_req(const struct mnt_id_req __user *req,
 		return ret;
 	if (kreq->spare != 0)
 		return -EINVAL;
+	/* The first valid unique mount id is MNT_UNIQUE_ID_OFFSET + 1. */
+	if (kreq->mnt_id <= MNT_UNIQUE_ID_OFFSET)
+		return -EINVAL;
 	return 0;
 }

[1/2] fs: refuse mnt id requests with invalid ids early

Commit Message

Patch