tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'vfs-6.15-rc1.nsfs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

Pull vfs nsfs updates from Christian Brauner:
"This contains non-urgent fixes for nsfs to validate ioctls before
performing any relevant operations.

We alredy did this for a few other filesystems last cycle"

* tag 'vfs-6.15-rc1.nsfs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
selftests/nsfs: add ioctl validation tests
nsfs: validate ioctls

Linus Torvalds 74adf9e3 aaca83f7

+45 -1
+31 -1
fs/nsfs.c
··· 151 151 return 0; 152 152 } 153 153 154 + static bool nsfs_ioctl_valid(unsigned int cmd) 155 + { 156 + switch (cmd) { 157 + case NS_GET_USERNS: 158 + case NS_GET_PARENT: 159 + case NS_GET_NSTYPE: 160 + case NS_GET_OWNER_UID: 161 + case NS_GET_MNTNS_ID: 162 + case NS_GET_PID_FROM_PIDNS: 163 + case NS_GET_TGID_FROM_PIDNS: 164 + case NS_GET_PID_IN_PIDNS: 165 + case NS_GET_TGID_IN_PIDNS: 166 + return (_IOC_TYPE(cmd) == _IOC_TYPE(cmd)); 167 + } 168 + 169 + /* Extensible ioctls require some extra handling. */ 170 + switch (_IOC_NR(cmd)) { 171 + case _IOC_NR(NS_MNT_GET_INFO): 172 + case _IOC_NR(NS_MNT_GET_NEXT): 173 + case _IOC_NR(NS_MNT_GET_PREV): 174 + return (_IOC_TYPE(cmd) == _IOC_TYPE(cmd)); 175 + } 176 + 177 + return false; 178 + } 179 + 154 180 static long ns_ioctl(struct file *filp, unsigned int ioctl, 155 181 unsigned long arg) 156 182 { 157 183 struct user_namespace *user_ns; 158 184 struct pid_namespace *pid_ns; 159 185 struct task_struct *tsk; 160 - struct ns_common *ns = get_proc_ns(file_inode(filp)); 186 + struct ns_common *ns; 161 187 struct mnt_namespace *mnt_ns; 162 188 bool previous = false; 163 189 uid_t __user *argp; 164 190 uid_t uid; 165 191 int ret; 166 192 193 + if (!nsfs_ioctl_valid(ioctl)) 194 + return -ENOIOCTLCMD; 195 + 196 + ns = get_proc_ns(file_inode(filp)); 167 197 switch (ioctl) { 168 198 case NS_GET_USERNS: 169 199 return open_related_ns(ns, ns_get_owner);
+14
tools/testing/selftests/filesystems/nsfs/iterate_mntns.c
··· 3 3 4 4 #define _GNU_SOURCE 5 5 #include <fcntl.h> 6 + #include <linux/auto_dev-ioctl.h> 7 + #include <linux/errno.h> 6 8 #include <sched.h> 7 9 #include <stdio.h> 8 10 #include <string.h> ··· 146 144 fd_mnt_ns_cur = fd_mnt_ns_prev; 147 145 ASSERT_EQ(info.mnt_ns_id, self->mnt_ns_id[i]); 148 146 } 147 + } 148 + 149 + TEST_F(iterate_mount_namespaces, nfs_valid_ioctl) 150 + { 151 + ASSERT_NE(ioctl(self->fd_mnt_ns[0], AUTOFS_DEV_IOCTL_OPENMOUNT, NULL), 0); 152 + ASSERT_EQ(errno, ENOTTY); 153 + 154 + ASSERT_NE(ioctl(self->fd_mnt_ns[0], AUTOFS_DEV_IOCTL_CLOSEMOUNT, NULL), 0); 155 + ASSERT_EQ(errno, ENOTTY); 156 + 157 + ASSERT_NE(ioctl(self->fd_mnt_ns[0], AUTOFS_DEV_IOCTL_READY, NULL), 0); 158 + ASSERT_EQ(errno, ENOTTY); 149 159 } 150 160 151 161 TEST_HARNESS_MAIN