Re: [PATCH v4 3/5] arch: Register fchmodat2, usually as syscall 452

On 2023-07-27, Christian Brauner wrote: > On Wed, Jul 26, 2023 at 02:43:41AM +1000, Aleksa Sarai wrote: > > On 2023-07-11, Alexey Gladkov wrote: > > > From: Palmer Dabbelt > > > > > > This registers the new fchmodat2 syscall in most places as nuber 452,

Re: [PATCH v4 2/5] fs: Add fchmodat2()

On 2023-07-28, Aleksa Sarai wrote: > On 2023-07-26, Alexey Gladkov wrote: > > On Wed, Jul 26, 2023 at 02:36:25AM +1000, Aleksa Sarai wrote: > > > On 2023-07-11, Alexey Gladkov wrote: > > > > On the userspace side fchmodat(3) is implemented as a wrapper > &g

Re: [PATCH v4 2/5] fs: Add fchmodat2()

On 2023-07-26, Alexey Gladkov wrote: > On Wed, Jul 26, 2023 at 02:36:25AM +1000, Aleksa Sarai wrote: > > On 2023-07-11, Alexey Gladkov wrote: > > > On the userspace side fchmodat(3) is implemented as a wrapper > > > function which implements the POSIX-specified inte

Re: Add fchmodat2() - or add a more general syscall?

dition (and it also would resolve the AT_EMPTY_PATH issue for chmod as well as simplify the glibc wrapper), I think it makes sense to take this and we can do set_statx(2) separately? -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/> signature.asc Description: PGP signature

Re: [PATCH v4 2/5] fs: Add fchmodat2()

gned int fd, umode_t mode); > asmlinkage long sys_fchmodat(int dfd, const char __user *filename, >umode_t mode); > +asmlinkage long sys_fchmodat2(int dfd, const char __user *filename, > + umode_t mode, int flags); > asmlinkage long sy

Re: [PATCH v4 3/5] arch: Register fchmodat2, usually as syscall 452

> +452 common fchmodat2 sys_fchmodat2 > diff --git a/include/uapi/asm-generic/unistd.h > b/include/uapi/asm-generic/unistd.h > index fd6c1cb585db..abe087c53b4b 100644 > --- a/include/uapi/asm-generic/unistd.h > +++ b/include/uapi/asm-generic/unistd.h > @@ -820,8 +820,11 @@ __SYSCALL(__NR_set_mempolicy_home_node, > sys_set_mempolicy_home_node) > #define __NR_cachestat 451 > __SYSCALL(__NR_cachestat, sys_cachestat) > > +#define __NR_fchmodat2 452 > +__SYSCALL(__NR_fchmodat2, sys_fchmodat2) > + > #undef __NR_syscalls > -#define __NR_syscalls 452 > +#define __NR_syscalls 453 > > /* > * 32 bit systems traditionally used different > -- > 2.33.8 > -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/> signature.asc Description: PGP signature

Re: [PATCH v18 11/13] open: introduce openat2(2) syscall

t(2)). */ > > > > #endif /* _UAPI_LINUX_FCNTL_H */ > > Would it be possible to move these to a new UAPI header? > > In glibc, we currently do not #include . We need some of > the AT_* constants in POSIX mode, and the header is not necessarily > namespace-clean.

[PATCH v18 13/13] Documentation: path-lookup: include new LOOKUP flags

Now that we have new LOOKUP flags, we should document them in the relevant path-walking documentation. And now that we've settled on a common name for nd_jump_link() style symlinks ("magic links"), use that term where magic-link semantics are described. Signed-off-b

[PATCH v18 12/13] selftests: add openat2(2) selftests

veral CVEs (and likely will be responsible for several more). Cc: Shuah Khan Signed-off-by: Aleksa Sarai --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/openat2/.gitignore| 1 + tools/testing/selftests/openat2/Makefile | 8 + tools/testing/selftes

[PATCH v18 11/13] open: introduce openat2(2) syscall

.gmail.com [3]: commit 629e014bb834 ("fs: completely ignore unknown open flags") [4]: https://sourceware.org/bugzilla/show_bug.cgi?id=17523 [5]: https://lore.kernel.org/lkml/20190930183316.10190-2-cyp...@cyphar.com/ Suggested-by: Christian Brauner Signed-off-by: Aleksa Sarai ---

[PATCH v18 10/13] namei: LOOKUP_{IN_ROOT, BENEATH}: permit limited ".." resolution

2]: https://lore.kernel.org/lkml/cag48ez30wjhbsro2hoc_dr7v91m+hnfzbp5ogrmzaxbaorv...@mail.gmail.com/ Cc: Christian Brauner Suggested-by: Jann Horn Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c | 43 +++ 1 file changed, 27 ins

[PATCH v18 09/13] namei: LOOKUP_IN_ROOT: chroot-like scoped resolution

if they want to ensure that magic-link crossing is entirely disabled. /* Testing. */ LOOKUP_IN_ROOT is tested as part of the openat2(2) selftests. [1]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ Cc: Christian Brauner Signed-off-by: Aleksa Sara

[PATCH v18 08/13] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution

mail-drysd...@google.com/ [6]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ Cc: Christian Brauner Suggested-by: David Drysdale Suggested-by: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds

[PATCH v18 07/13] namei: LOOKUP_NO_XDEV: block mountpoint crossing

inus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 31 +++ include/linux/namei.h | 1 + 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 415a897729c8..321c8ad5d6b3 100644 --- a/fs/namei.c +++ b/fs/

[PATCH v18 06/13] namei: LOOKUP_NO_MAGICLINKS: block magic-link resolution

y: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 10 +- include/linux/namei.h | 1 + 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 303731935eb2..415a897729c8 100644 ---

[PATCH v18 05/13] namei: LOOKUP_NO_SYMLINKS: block symlink resolution

l.org/lkml/1415094884-18349-1-git-send-email-drysd...@google.com/ [4]: https://lore.kernel.org/lkml/1404124096-21445-1-git-send-email-drysd...@google.com/ Cc: Christian Brauner Suggested-by: Al Viro Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 3 +++ inc

[PATCH v18 04/13] namei: allow set_root() to produce errors

: Aleksa Sarai --- fs/namei.c | 35 --- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 1024a641f075..74574a69a614 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -798,7 +798,7 @@ static int complete_walk(struct nameidata *nd

[PATCH v18 03/13] namei: allow nd_jump_link() to produce errors

In preparation for LOOKUP_NO_MAGICLINKS, it's necessary to add the ability for nd_jump_link() to return an error which the corresponding get_link() caller must propogate back up to the VFS. Suggested-by: Al Viro Signed-off-by: Aleksa Sarai --- fs/namei.c | 3 ++- fs

[PATCH v18 02/13] nsfs: clean-up ns_get_path() signature to return int

te fs") Signed-off-by: Aleksa Sarai --- fs/nsfs.c | 29 ++--- fs/proc/namespaces.c| 6 +++--- include/linux/proc_ns.h | 4 ++-- kernel/bpf/offload.c| 12 ++-- kernel/events/core.c| 2 +- 5 files changed, 26 insertions(+), 27 deletions(-)

[PATCH v18 01/13] namei: only return -ECHILD from follow_dotdot_rcu()

reachable from their mnt_root") Suggested-by: Al Viro Signed-off-by: Aleksa Sarai --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 671c3c1a3425..5a47d9c09581 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1359,7 +1359,7 @@

[PATCH v18 00/13] open: introduce openat2(2) syscall

al handling of extensions. However, if a userspace program wishes to determine what extensions the running kernel supports, they may conduct a binary search on size (to find the largest value which doesn't produce an error of E2BIG.) SEE ALSO openat(2), path_resolutio

Re: [PATCH v17 10/13] namei: LOOKUP_{IN_ROOT,BENEATH}: permit limited ".." resolution

On 2019-11-26, Aleksa Sarai wrote: > On 2019-11-25, Al Viro wrote: > > On Sun, Nov 17, 2019 at 12:17:10PM +1100, Aleksa Sarai wrote: > > > + if (unlikely(nd->flags & LOOKUP_IS_SCOPED)) { > > > + /* > > > + * If t

Re: [PATCH v17 10/13] namei: LOOKUP_{IN_ROOT,BENEATH}: permit limited ".." resolution

On 2019-11-25, Al Viro wrote: > On Sun, Nov 17, 2019 at 12:17:10PM +1100, Aleksa Sarai wrote: > > + if (unlikely(nd->flags & LOOKUP_IS_SCOPED)) { > > + /* > > +* If there was a racing rename or mount along our > >

Re: [PATCH v17 08/13] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution

On 2019-11-25, Al Viro wrote: > On Sun, Nov 17, 2019 at 12:17:08PM +1100, Aleksa Sarai wrote: > > > + if (unlikely(nd->flags & LOOKUP_IS_SCOPED)) { > > + /* > > +* Do a final check to ensure that the path didn't escape. Note > >

[PATCH RESEND v17 13/13] Documentation: path-lookup: include new LOOKUP flags

Now that we have new LOOKUP flags, we should document them in the relevant path-walking documentation. And now that we've settled on a common name for nd_jump_link() style symlinks ("magic links"), use that term where magic-link semantics are described. Signed-off-b

[PATCH RESEND v17 12/13] selftests: add openat2(2) selftests

veral CVEs (and likely will be responsible for several more). Cc: Shuah Khan Signed-off-by: Aleksa Sarai --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/openat2/.gitignore| 1 + tools/testing/selftests/openat2/Makefile | 8 + tools/testing/selftes

[PATCH RESEND v17 11/13] open: introduce openat2(2) syscall

.gmail.com [3]: commit 629e014bb834 ("fs: completely ignore unknown open flags") [4]: https://sourceware.org/bugzilla/show_bug.cgi?id=17523 [5]: https://lore.kernel.org/lkml/20190930183316.10190-2-cyp...@cyphar.com/ Suggested-by: Christian Brauner Signed-off-by: Aleksa Sarai ---

[PATCH RESEND v17 10/13] namei: LOOKUP_{IN_ROOT, BENEATH}: permit limited ".." resolution

2]: https://lore.kernel.org/lkml/cag48ez30wjhbsro2hoc_dr7v91m+hnfzbp5ogrmzaxbaorv...@mail.gmail.com/ Cc: Christian Brauner Suggested-by: Jann Horn Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c | 37 - 1 file changed, 24 insertions

[PATCH RESEND v17 09/13] namei: LOOKUP_IN_ROOT: chroot-like scoped resolution

if they want to ensure that magic-link crossing is entirely disabled. /* Testing. */ LOOKUP_IN_ROOT is tested as part of the openat2(2) selftests. [1]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ Cc: Christian Brauner Signed-off-by: Aleksa Sara

[PATCH RESEND v17 08/13] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution

mail-drysd...@google.com/ [6]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ Cc: Christian Brauner Suggested-by: David Drysdale Suggested-by: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds

[PATCH RESEND v17 07/13] namei: LOOKUP_NO_XDEV: block mountpoint crossing

inus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 31 +++ include/linux/namei.h | 1 + 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 415a897729c8..321c8ad5d6b3 100644 --- a/fs/namei.c +++ b/fs/

[PATCH RESEND v17 06/13] namei: LOOKUP_NO_MAGICLINKS: block magic-link resolution

y: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 10 +- include/linux/namei.h | 1 + 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 303731935eb2..415a897729c8 100644 ---

[PATCH RESEND v17 05/13] namei: LOOKUP_NO_SYMLINKS: block symlink resolution

l.org/lkml/1415094884-18349-1-git-send-email-drysd...@google.com/ [4]: https://lore.kernel.org/lkml/1404124096-21445-1-git-send-email-drysd...@google.com/ Cc: Christian Brauner Suggested-by: Al Viro Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 3 +++ inc

[PATCH RESEND v17 04/13] namei: allow set_root() to produce errors

: Aleksa Sarai --- fs/namei.c | 35 --- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 1024a641f075..74574a69a614 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -798,7 +798,7 @@ static int complete_walk(struct nameidata *nd

[PATCH RESEND v17 03/13] namei: allow nd_jump_link() to produce errors

In preparation for LOOKUP_NO_MAGICLINKS, it's necessary to add the ability for nd_jump_link() to return an error which the corresponding get_link() caller must propogate back up to the VFS. Suggested-by: Al Viro Signed-off-by: Aleksa Sarai --- fs/namei.c | 3 ++- fs

[PATCH RESEND v17 02/13] nsfs: clean-up ns_get_path() signature to return int

te fs") Signed-off-by: Aleksa Sarai --- fs/nsfs.c | 29 ++--- fs/proc/namespaces.c| 6 +++--- include/linux/proc_ns.h | 4 ++-- kernel/bpf/offload.c| 12 ++-- kernel/events/core.c| 2 +- 5 files changed, 26 insertions(+), 27 deletions(-)

[PATCH RESEND v17 01/13] namei: only return -ECHILD from follow_dotdot_rcu()

reachable from their mnt_root") Suggested-by: Al Viro Signed-off-by: Aleksa Sarai --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 671c3c1a3425..5a47d9c09581 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1359,7 +1359,7 @@

[PATCH RESEND v17 00/13] open: introduce openat2(2) syscall

special handling of exten- sions. However, if a userspace program wishes to determine what extensions the running kernel supports, they may conduct a binary search on size (to find the largest value which doesn't produce an error of E2BIG.) SEE ALSO openat(2)

[PATCH v17 13/13] Documentation: path-lookup: include new LOOKUP flags

Now that we have new LOOKUP flags, we should document them in the relevant path-walking documentation. And now that we've settled on a common name for nd_jump_link() style symlinks ("magic links"), use that term where magic-link semantics are described. Signed-off-b

[PATCH v17 12/13] selftests: add openat2(2) selftests

veral CVEs (and likely will be responsible for several more). Cc: Shuah Khan Signed-off-by: Aleksa Sarai --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/openat2/.gitignore| 1 + tools/testing/selftests/openat2/Makefile | 8 + tools/testing/selftes

[PATCH v17 11/13] open: introduce openat2(2) syscall

.gmail.com [3]: commit 629e014bb834 ("fs: completely ignore unknown open flags") [4]: https://sourceware.org/bugzilla/show_bug.cgi?id=17523 [5]: https://lore.kernel.org/lkml/20190930183316.10190-2-cyp...@cyphar.com/ Suggested-by: Christian Brauner Signed-off-by: Aleksa Sarai ---

[PATCH v17 10/13] namei: LOOKUP_{IN_ROOT, BENEATH}: permit limited ".." resolution

2]: https://lore.kernel.org/lkml/cag48ez30wjhbsro2hoc_dr7v91m+hnfzbp5ogrmzaxbaorv...@mail.gmail.com/ Cc: Christian Brauner Suggested-by: Jann Horn Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c | 37 - 1 file changed, 24 insertions

[PATCH v17 09/13] namei: LOOKUP_IN_ROOT: chroot-like scoped resolution

if they want to ensure that magic-link crossing is entirely disabled. /* Testing. */ LOOKUP_IN_ROOT is tested as part of the openat2(2) selftests. [1]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ Cc: Christian Brauner Signed-off-by: Aleksa Sara

[PATCH v17 08/13] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution

mail-drysd...@google.com/ [6]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ Cc: Christian Brauner Suggested-by: David Drysdale Suggested-by: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds

[PATCH v17 07/13] namei: LOOKUP_NO_XDEV: block mountpoint crossing

inus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 31 +++ include/linux/namei.h | 1 + 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 415a897729c8..321c8ad5d6b3 100644 --- a/fs/namei.c +++ b/fs/

[PATCH v17 06/13] namei: LOOKUP_NO_MAGICLINKS: block magic-link resolution

y: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 10 +- include/linux/namei.h | 1 + 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 303731935eb2..415a897729c8 100644 ---

[PATCH v17 05/13] namei: LOOKUP_NO_SYMLINKS: block symlink resolution

l.org/lkml/1415094884-18349-1-git-send-email-drysd...@google.com/ [4]: https://lore.kernel.org/lkml/1404124096-21445-1-git-send-email-drysd...@google.com/ Cc: Christian Brauner Suggested-by: Al Viro Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 3 +++ inc

[PATCH v17 04/13] namei: allow set_root() to produce errors

: Aleksa Sarai --- fs/namei.c | 35 --- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 1024a641f075..74574a69a614 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -798,7 +798,7 @@ static int complete_walk(struct nameidata *nd

[PATCH v17 03/13] namei: allow nd_jump_link() to produce errors

In preparation for LOOKUP_NO_MAGICLINKS, it's necessary to add the ability for nd_jump_link() to return an error which the corresponding get_link() caller must propogate back up to the VFS. Suggested-by: Al Viro Signed-off-by: Aleksa Sarai --- fs/namei.c | 3 ++- fs

[PATCH v17 02/13] nsfs: clean-up ns_get_path() signature to return int

te fs") Signed-off-by: Aleksa Sarai --- fs/nsfs.c | 29 ++--- fs/proc/namespaces.c| 6 +++--- include/linux/proc_ns.h | 4 ++-- kernel/bpf/offload.c| 12 ++-- kernel/events/core.c| 2 +- 5 files changed, 26 insertions(+), 27 deletions(-)

[PATCH v17 01/13] namei: only return -ECHILD from follow_dotdot_rcu()

reachable from their mnt_root") Suggested-by: Al Viro Signed-off-by: Aleksa Sarai --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 671c3c1a3425..5a47d9c09581 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1359,7 +1359,7 @@

[PATCH v17 00/13] open: introduce openat2(2) syscall

erefore, most userspace programs will not need to have any special handling of exten- sions. However, if a userspace program wishes to determine what extensions the running kernel supports, they may conduct a binary search on size (to find the largest value which doesn

Re: [PATCH v16 02/12] namei: allow nd_jump_link() to produce errors

On 2019-11-16, Al Viro wrote: > On Sat, Nov 16, 2019 at 11:27:52AM +1100, Aleksa Sarai wrote: > > + error = nd_jump_link(&path); > > + if (error) > > + path_put(&path); > > > + error = nd_jump_link(&ns_path); > > + if (error) >

Re: [PATCH v16 06/12] namei: LOOKUP_NO_XDEV: block mountpoint crossing

On 2019-11-16, Al Viro wrote: > On Sat, Nov 16, 2019 at 11:27:56AM +1100, Aleksa Sarai wrote: > > > @@ -1383,6 +1398,8 @@ static int follow_dotdot_rcu(struct nameidata *nd) > > return -ECHILD; > > if (&

Re: [PATCH v16 09/12] namei: LOOKUP_{IN_ROOT,BENEATH}: permit limited ".." resolution

On 2019-11-16, Al Viro wrote: > On Sat, Nov 16, 2019 at 11:27:59AM +1100, Aleksa Sarai wrote: > > > + if (unlikely(nd->flags & LOOKUP_IS_SCOPED)) { > > + bool m_retry = read_seqretry(&mount_lock, nd->m_seq); > > +

[PATCH v16 12/12] Documentation: path-lookup: include new LOOKUP flags

Now that we have new LOOKUP flags, we should document them in the relevant path-walking documentation. And now that we've settled on a common name for nd_jump_link() style symlinks ("magic links"), use that term where magic-link semantics are described. Signed-off-b

[PATCH v16 11/12] selftests: add openat2(2) selftests

veral CVEs (and likely will be responsible for several more). Cc: Shuah Khan Signed-off-by: Aleksa Sarai --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/openat2/.gitignore| 1 + tools/testing/selftests/openat2/Makefile | 8 + tools/testing/selftes

[PATCH v16 10/12] open: introduce openat2(2) syscall

.gmail.com [3]: commit 629e014bb834 ("fs: completely ignore unknown open flags") [4]: https://sourceware.org/bugzilla/show_bug.cgi?id=17523 [5]: https://lore.kernel.org/lkml/20190930183316.10190-2-cyp...@cyphar.com/ Suggested-by: Christian Brauner Signed-off-by: Aleksa Sarai ---

[PATCH v16 09/12] namei: LOOKUP_{IN_ROOT, BENEATH}: permit limited ".." resolution

2]: https://lore.kernel.org/lkml/cag48ez30wjhbsro2hoc_dr7v91m+hnfzbp5ogrmzaxbaorv...@mail.gmail.com/ Cc: Christian Brauner Suggested-by: Jann Horn Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c | 38 +- 1 file changed, 25 insertions

[PATCH v16 08/12] namei: LOOKUP_IN_ROOT: chroot-like scoped resolution

if they want to ensure that magic-link crossing is entirely disabled. /* Testing. */ LOOKUP_IN_ROOT is tested as part of the openat2(2) selftests. [1]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ Cc: Christian Brauner Signed-off-by: Aleksa Sara

[PATCH v16 07/12] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution

mail-drysd...@google.com/ [6]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ Cc: Christian Brauner Suggested-by: David Drysdale Suggested-by: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds

[PATCH v16 06/12] namei: LOOKUP_NO_XDEV: block mountpoint crossing

inus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 29 + include/linux/namei.h | 1 + 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index a97facc232af..854a1cbbe7b0 100644 --- a/fs/namei.c +++ b/fs/

[PATCH v16 05/12] namei: LOOKUP_NO_MAGICLINKS: block magic-link resolution

y: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 5 - include/linux/namei.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 14d6d3afb9d3..a97facc232af 100644 --- a/fs/name

[PATCH v16 04/12] namei: LOOKUP_NO_SYMLINKS: block symlink resolution

l.org/lkml/1415094884-18349-1-git-send-email-drysd...@google.com/ [4]: https://lore.kernel.org/lkml/1404124096-21445-1-git-send-email-drysd...@google.com/ Cc: Christian Brauner Suggested-by: Al Viro Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 3 +++ inc

[PATCH v16 03/12] namei: allow set_root() to produce errors

: Aleksa Sarai --- fs/namei.c | 35 --- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 965a25b2e3df..259652667881 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -798,7 +798,7 @@ static int complete_walk(struct nameidata *nd

[PATCH v16 02/12] namei: allow nd_jump_link() to produce errors

In preparation for LOOKUP_NO_MAGICLINKS, it's necessary to add the ability for nd_jump_link() to return an error which the corresponding get_link() caller must propogate back up to the VFS. Suggested-by: Al Viro Signed-off-by: Aleksa Sarai --- fs/namei.c | 3 ++- fs

[PATCH v16 01/12] nsfs: clean-up ns_get_path() signature to return int

te fs") Signed-off-by: Aleksa Sarai --- fs/nsfs.c | 29 ++--- fs/proc/namespaces.c| 6 +++--- include/linux/proc_ns.h | 4 ++-- kernel/bpf/offload.c| 12 ++-- kernel/events/core.c| 2 +- 5 files changed, 26 insertions(+), 27 deletions(-)

[PATCH v16 00/12] open: introduce openat2(2) syscall

ernel supports, they may conduct a binary search on size (to find the largest value which doesn't produce an error of E2BIG.) SEE ALSO openat(2), path_resolution(7), symlink(7) Linux 2019-11-05 OPENAT2(2) --8<---

Re: [PATCH v15 3/9] namei: LOOKUP_NO_XDEV: block mountpoint crossing

On 2019-11-14, Al Viro wrote: > On Thu, Nov 14, 2019 at 03:49:45PM +1100, Aleksa Sarai wrote: > > On 2019-11-13, Al Viro wrote: > > > On Tue, Nov 05, 2019 at 08:05:47PM +1100, Aleksa Sarai wrote: > > > > > > > @@ -862,6 +870,8 @@ static int nd_jump_r

Re: [PATCH v15 4/9] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution

On 2019-11-13, Aleksa Sarai wrote: > On 2019-11-13, Al Viro wrote: > > Minor nit here - I'd split "move the conditional call of set_root() > > into nd_jump_root()" into a separate patch before that one. Makes > > for fewer distractions in this one. I&#

Re: [PATCH v15 3/9] namei: LOOKUP_NO_XDEV: block mountpoint crossing

On 2019-11-13, Al Viro wrote: > On Tue, Nov 05, 2019 at 08:05:47PM +1100, Aleksa Sarai wrote: > > > @@ -862,6 +870,8 @@ static int nd_jump_root(struct nameidata *nd) > > void nd_jump_link(struct path *path) > > { > > struct nameidata *nd = curren

Re: [PATCH v15 6/9] namei: LOOKUP_{IN_ROOT,BENEATH}: permit limited ".." resolution

On 2019-11-13, Al Viro wrote: > On Tue, Nov 05, 2019 at 08:05:50PM +1100, Aleksa Sarai wrote: > > > One other possible alternative (which previous versions of this patch > > used) would be to check with path_is_under() if there was a racing > > rename or mount (afte

Re: [PATCH v15 4/9] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution

CHILD -- though it's not clear to me how likely a success would be in REF-walk if the parent components didn't already trigger an unlazy_walk() in RCU-walk. I guess that also means LOOKUP_NO_XDEV should trigger -ECHILD in follow_dotdot_rcu()? -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/> signature.asc Description: PGP signature

Re: [PATCH v15 5/9] namei: LOOKUP_IN_ROOT: chroot-like scoped resolution

On 2019-11-13, Al Viro wrote: > On Wed, Nov 13, 2019 at 01:44:14PM +1100, Aleksa Sarai wrote: > > On 2019-11-13, Al Viro wrote: > > > On Tue, Nov 05, 2019 at 08:05:49PM +1100, Aleksa Sarai wrote: > > > > > > > @@ -2277,12 +2277,20 @@ static const char *

Re: [PATCH v15 5/9] namei: LOOKUP_IN_ROOT: chroot-like scoped resolution

On 2019-11-13, Al Viro wrote: > On Tue, Nov 05, 2019 at 08:05:49PM +1100, Aleksa Sarai wrote: > > > @@ -2277,12 +2277,20 @@ static const char *path_init(struct nameidata *nd, > > unsigned flags) > > > > nd->m_seq = read_seqbegin(&mount_lock); > >

Re: [PATCH v15 7/9] open: introduce openat2(2) syscall

On 2019-11-13, Al Viro wrote: > On Tue, Nov 05, 2019 at 08:05:51PM +1100, Aleksa Sarai wrote: > > +/* > > + * Arguments for how openat2(2) should open the target path. If @resolve is > > + * zero, then openat2(2) operates very similarly to openat(2). > > + * >

Re: [PATCH v15 0/9] open: introduce openat2(2) syscall

On 2019-11-12, Kees Cook wrote: > On Tue, Nov 12, 2019 at 12:24:04AM +1100, Aleksa Sarai wrote: > > On 2019-11-05, Aleksa Sarai wrote: > > > This patchset is being developed here: > > > <https://github.com/cyphar/linux/tree/openat2/master> > &g

Re: [PATCH v15 0/9] open: introduce openat2(2) syscall

On 2019-11-05, Aleksa Sarai wrote: > This patchset is being developed here: > <https://github.com/cyphar/linux/tree/openat2/master> > > Patch changelog: > v15: > * Fix code style for LOOKUP_IN_ROOT handling in path_init(). [Linus > Torvalds] > * Split o

[PATCH v15 9/9] Documentation: path-lookup: mention LOOKUP_MAGICLINK_JUMPED

Now that we have a special flag to signify magic-link jumps, mention it within the path-lookup docs. And now that "magic link" is the correct term for nd_jump_link()-style symlinks, clean up references to this type of "symlink". Signed-off-by: Aleksa Sarai --- Documentat

[PATCH v15 7/9] open: introduce openat2(2) syscall

.gmail.com [3]: commit 629e014bb834 ("fs: completely ignore unknown open flags") [4]: https://sourceware.org/bugzilla/show_bug.cgi?id=17523 [5]: https://lore.kernel.org/lkml/20190930183316.10190-2-cyp...@cyphar.com/ Suggested-by: Christian Brauner Signed-off-by: Aleksa Sarai ---

[PATCH v15 8/9] selftests: add openat2(2) selftests

veral CVEs (and likely will be responsible for several more). Cc: Shuah Khan Signed-off-by: Aleksa Sarai --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/openat2/.gitignore| 1 + tools/testing/selftests/openat2/Makefile | 8 + tools/testing/selftes

[PATCH v15 6/9] namei: LOOKUP_{IN_ROOT, BENEATH}: permit limited ".." resolution

ns out a lot of people want it. [1]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ [2]: https://lore.kernel.org/lkml/cag48ez30wjhbsro2hoc_dr7v91m+hnfzbp5ogrmzaxbaorv...@mail.gmail.com/ Cc: Christian Brauner Suggested-by: Jann Horn Sugge

[PATCH v15 5/9] namei: LOOKUP_IN_ROOT: chroot-like scoped resolution

if they want to ensure that magic-link crossing is entirely disabled. /* Testing. */ LOOKUP_IN_ROOT is tested as part of the openat2(2) selftests. [1]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ Cc: Christian Brauner Signed-off-by: Aleksa Sar

[PATCH v15 4/9] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution

mail-drysd...@google.com/ [6]: https://lore.kernel.org/lkml/CAG48ez1jzNvxB+bfOBnERFGp=omm0vhwuld6eulmne3r6xa...@mail.gmail.com/ Cc: Christian Brauner Suggested-by: David Drysdale Suggested-by: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds

[PATCH v15 3/9] namei: LOOKUP_NO_XDEV: block mountpoint crossing

inus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 34 ++ include/linux/namei.h | 1 + 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 1f0d871199e5..b73ee1601bd4 100644 --- a/fs/namei.c +++ b/fs

[PATCH v15 2/9] namei: LOOKUP_NO_MAGICLINKS: block magic-link resolution

y: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 7 ++- include/linux/namei.h | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 4e85d6fa4048..1f0d871199e5 100644 ---

[PATCH v15 1/9] namei: LOOKUP_NO_SYMLINKS: block symlink resolution

l.org/lkml/1415094884-18349-1-git-send-email-drysd...@google.com/ [4]: https://lore.kernel.org/lkml/1404124096-21445-1-git-send-email-drysd...@google.com/ Cc: Christian Brauner Suggested-by: Al Viro Suggested-by: Linus Torvalds Signed-off-by: Aleksa Sarai --- fs/namei.c| 3 +++ inc

[PATCH v15 0/9] open: introduce openat2(2) syscall

en- sions. However, if a userspace program wishes to determine what extensions the running kernel supports, they may conduct a binary search on size (to find the largest value which doesn't produce an error of E2BIG.) SEE ALSO openat(2), path_resolution(

Re: [PATCH RESEND v14 2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution

On 2019-10-27, Linus Torvalds wrote: > On Sat, Oct 26, 2019 at 2:58 PM Aleksa Sarai wrote: > > > > + /* LOOKUP_IN_ROOT treats absolute paths as being relative-to-dirfd. > > */ > > + if (flags & LOOKUP_IN_ROOT) > > + while (*s

[PATCH RESEND v14 6/6] Documentation: path-lookup: mention LOOKUP_MAGICLINK_JUMPED

Now that we have a special flag to signify magic-link jumps, mention it within the path-lookup docs. And now that "magic link" is the correct term for nd_jump_link()-style symlinks, clean up references to this type of "symlink". Signed-off-by: Aleksa Sarai --- Documentat

[PATCH RESEND v14 5/6] selftests: add openat2(2) selftests

veral CVEs (and likely will be responsible for several more). Signed-off-by: Aleksa Sarai --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/openat2/.gitignore| 1 + tools/testing/selftests/openat2/Makefile | 8 + tools/testing/selftests/openat2

[PATCH RESEND v14 4/6] open: introduce openat2(2) syscall

s://sourceware.org/bugzilla/show_bug.cgi?id=17523 [4]: https://lore.kernel.org/lkml/20190930183316.10190-2-cyp...@cyphar.com/ Suggested-by: Christian Brauner Signed-off-by: Aleksa Sarai --- CREDITS | 4 +- arch/alpha/kernel/syscalls/syscall.tbl | 1 + a

[PATCH RESEND v14 3/6] namei: permit ".." resolution with LOOKUP_{IN_ROOT, BENEATH}

nstruction. [*] It may be acceptable in the future to do a path_is_under() check (as with the alternative solution for "..") for magic-links after they are resolved. However this seems unlikely to be a feature that people *really* need -- it can be added later if it turns o

[PATCH RESEND v14 2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution

iour regarding pathnames -- if the pathname is absolute then the dirfd is still used as the root of resolution of LOOKUP_IN_ROOT is specified (this is to avoid obvious foot-guns, at the cost of a minor API inconsistency). Signed-off-by: Aleksa Sarai --- fs/namei.c| 5 + include/

[PATCH RESEND v14 1/6] namei: O_BENEATH-style resolution restriction flags

d-email-drysd...@google.com/ [3]: https://lore.kernel.org/lkml/1404124096-21445-1-git-send-email-drysd...@google.com/ [4]: https://lwn.net/Articles/723057/ Cc: Christian Brauner Suggested-by: David Drysdale Suggested-by: Al Viro Suggested-by: Andy Lutomirski Suggested-by: Linus Torvalds Signe

[PATCH RESEND v14 0/6] open: introduce openat2(2) syscall

- sions. However, if a userspace program wishes to determine what extensions the running kernel supports, they may conduct a binary search on size (to find the largest value which doesn't produce an error of E2BIG.) SEE ALSO openat(2), path_resolution(7), syml

Re: [PATCH v14 2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution

On 2019-10-12, Aleksa Sarai wrote: > On 2019-10-12, Aleksa Sarai wrote: > > On 2019-10-10, Linus Torvalds wrote: > > > On Wed, Oct 9, 2019 at 10:42 PM Aleksa Sarai wrote: > > > > > > > > --- a/fs/namei.c > > > > +++ b/fs/namei.c >

Re: [PATCH v14 2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution

On 2019-10-12, Aleksa Sarai wrote: > On 2019-10-10, Linus Torvalds wrote: > > On Wed, Oct 9, 2019 at 10:42 PM Aleksa Sarai wrote: > > > > > > --- a/fs/namei.c > > > +++ b/fs/namei.c > > > @@ -2277,6 +2277,11 @@ static const char *path_ini

Re: [PATCH v14 2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution

On 2019-10-10, Linus Torvalds wrote: > On Wed, Oct 9, 2019 at 10:42 PM Aleksa Sarai wrote: > > > > --- a/fs/namei.c > > +++ b/fs/namei.c > > @@ -2277,6 +2277,11 @@ static const char *path_init(struct nameidata *nd, > > unsigned flags) > > > >

[PATCH v14 6/6] Documentation: path-lookup: mention LOOKUP_MAGICLINK_JUMPED

Now that we have a special flag to signify magic-link jumps, mention it within the path-lookup docs. And now that "magic link" is the correct term for nd_jump_link()-style symlinks, clean up references to this type of "symlink". Signed-off-by: Aleksa Sarai --- Documentat

  1   2   3   >