Thank you for the feedback.
On Sun, Oct 02, 2016 at 07:53:04PM +0200, Alexander Bluhm wrote:
>
> I think we once had a simmilar problem, when someone tried to unmount
> with MNT_DOOMED. So I like to check all flags at the beginning of
> the system call.
>
> But I think you should remove these from the mask:
>
> /*
> * Flags set by internal operations.
> */
> #define MNT_LOCAL 0x00001000 /* filesystem is stored locally */
> #define MNT_QUOTA 0x00002000 /* quotas are enabled on filesystem */
> #define MNT_ROOTFS 0x00004000 /* identifies the root filesystem */
Yes, done. I also removed MNT_DOOMED and MNT_WANTRDWR from the flag
mask, as those flags are internal to the kernel and shouldn't be passed
from userland.
Now, that MNT_FLAGMASK doesn't contain all flags anymore, I replaced the
magic constant with the flag names to make it clearer which flags are
included.
> And I want this check also for sys_unmount().
>
Good idea, sys_mount() is easy, because the only flag allowed there is
MNT_FORCE.
Ok?
natano
Index: sys/mount.h
===================================================================
RCS file: /cvs/src/sys/sys/mount.h,v
retrieving revision 1.127
diff -u -p -r1.127 mount.h
--- sys/mount.h 10 Sep 2016 16:53:30 -0000 1.127
+++ sys/mount.h 3 Oct 2016 09:44:51 -0000
@@ -414,6 +414,15 @@ struct mount {
#define MNT_DOOMED 0x08000000 /* device behind filesystem is gone */
/*
+ * Flags allowed to be passed to the mount syscall.
+ */
+#define MNT_FLAGMASK (MNT_RDONLY|MNT_SYNCHRONOUS|MNT_NOEXEC|MNT_NOSUID|\
+ MNT_NODEV|MNT_NOPERM|MNT_ASYNC|MNT_WXALLOWED|\
+ MNT_EXRDONLY|MNT_EXPORTED|MNT_DEFEXPORTED|\
+ MNT_EXPORTANON|MNT_NOATIME|MNT_UPDATE|MNT_DELEXPORT|\
+ MNT_RELOAD|MNT_FORCE|MNT_SOFTDEP)
+
+/*
* Flags for various system call interfaces.
*
* waitfor flags to vfs_sync() and getfsstat()
Index: kern/vfs_syscalls.c
===================================================================
RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.265
diff -u -p -r1.265 vfs_syscalls.c
--- kern/vfs_syscalls.c 10 Sep 2016 16:53:30 -0000 1.265
+++ kern/vfs_syscalls.c 3 Oct 2016 09:44:52 -0000
@@ -117,6 +117,9 @@ sys_mount(struct proc *p, void *v, regis
if ((error = suser(p, 0)))
return (error);
+ if (flags & ~MNT_FLAGMASK)
+ return (EINVAL);
+
/*
* Mount points must fit in MNAMELEN, not MAXPATHLEN.
*/
@@ -334,10 +337,14 @@ sys_unmount(struct proc *p, void *v, reg
struct mount *mp;
int error;
struct nameidata nd;
+ int flags = SCARG(uap, flags);
if ((error = suser(p, 0)) != 0)
return (error);
+ if (flags & ~MNT_FORCE)
+ return (EINVAL);
+
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
@@ -365,7 +372,7 @@ sys_unmount(struct proc *p, void *v, reg
if (vfs_busy(mp, VB_WRITE|VB_WAIT))
return (EBUSY);
- return (dounmount(mp, SCARG(uap, flags) & MNT_FORCE, p, vp));
+ return (dounmount(mp, flags, p, vp));
}
/*
