statmount: retrieve security mount options

author Christian Brauner <[email protected]>

Thu, 14 Nov 2024 15:31:27 +0000 (16:31 +0100)

committer Christian Brauner <[email protected]>

Thu, 14 Nov 2024 16:03:25 +0000 (17:03 +0100)
author Christian Brauner <[email protected]>
Thu, 14 Nov 2024 15:31:27 +0000 (16:31 +0100)
committer Christian Brauner <[email protected]>
Thu, 14 Nov 2024 16:03:25 +0000 (17:03 +0100)
diff --git a/fs/namespace.c b/fs/namespace.c

index 4f39c4aba85dd37e9e52094c4376d7a332c22469..a9065a9ab971b0ff8b571dba5ed106b0e34dadc3 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -5072,13 +5072,30 @@ static int statmount_mnt_opts(struct kstatmount *s, struct seq_file *seq)
         return 0;
  }
  
         return 0;
  }
  
+static inline int statmount_opt_unescape(struct seq_file *seq, char *buf_start)
+{
+       char *buf_end, *opt_start, *opt_end;
+       int count = 0;
+
+       buf_end = seq->buf + seq->count;
+       *buf_end = '\0';
+       for (opt_start = buf_start + 1; opt_start < buf_end; opt_start = opt_end + 1) {
+               opt_end = strchrnul(opt_start, ',');
+               *opt_end = '\0';
+               buf_start += string_unescape(opt_start, buf_start, 0, UNESCAPE_OCTAL) + 1;
+               if (WARN_ON_ONCE(++count == INT_MAX))
+                       return -EOVERFLOW;
+       }
+       seq->count = buf_start - 1 - seq->buf;
+       return count;
+}
+
  static int statmount_opt_array(struct kstatmount *s, struct seq_file *seq)
  {
         struct vfsmount *mnt = s->mnt;
         struct super_block *sb = mnt->mnt_sb;
         size_t start = seq->count;
  static int statmount_opt_array(struct kstatmount *s, struct seq_file *seq)
  {
         struct vfsmount *mnt = s->mnt;
         struct super_block *sb = mnt->mnt_sb;
         size_t start = seq->count;
-       char *buf_start, *buf_end, *opt_start, *opt_end;
-       u32 count = 0;
+       char *buf_start;
         int err;
  
         if (!sb->s_op->show_options)
         int err;
  
         if (!sb->s_op->show_options)
@@ -5095,17 +5112,39 @@ static int statmount_opt_array(struct kstatmount *s, struct seq_file *seq)
         if (seq->count == start)
                 return 0;
  
         if (seq->count == start)
                 return 0;
  
-       buf_end = seq->buf + seq->count;
-       *buf_end = '\0';
-       for (opt_start = buf_start + 1; opt_start < buf_end; opt_start = opt_end + 1) {
-               opt_end = strchrnul(opt_start, ',');
-               *opt_end = '\0';
-               buf_start += string_unescape(opt_start, buf_start, 0, UNESCAPE_OCTAL) + 1;
-               if (WARN_ON_ONCE(++count == 0))
-                       return -EOVERFLOW;
-       }
-       seq->count = buf_start - 1 - seq->buf;
-       s->sm.opt_num = count;
+       err = statmount_opt_unescape(seq, buf_start);
+       if (err < 0)
+               return err;
+
+       s->sm.opt_num = err;
+       return 0;
+}
+
+static int statmount_opt_sec_array(struct kstatmount *s, struct seq_file *seq)
+{
+       struct vfsmount *mnt = s->mnt;
+       struct super_block *sb = mnt->mnt_sb;
+       size_t start = seq->count;
+       char *buf_start;
+       int err;
+
+       buf_start = seq->buf + start;
+
+       err = security_sb_show_options(seq, sb);
+       if (!err)
+               return err;
+
+       if (unlikely(seq_has_overflowed(seq)))
+               return -EAGAIN;
+
+       if (seq->count == start)
+               return 0;
+
+       err = statmount_opt_unescape(seq, buf_start);
+       if (err < 0)
+               return err;
+
+       s->sm.opt_sec_num = err;
         return 0;
  }
  
         return 0;
  }
  
@@ -5138,6 +5177,10 @@ static int statmount_string(struct kstatmount *s, u64 flag)
                 sm->opt_array = start;
                 ret = statmount_opt_array(s, seq);
                 break;
                 sm->opt_array = start;
                 ret = statmount_opt_array(s, seq);
                 break;
+       case STATMOUNT_OPT_SEC_ARRAY:
+               sm->opt_sec_array = start;
+               ret = statmount_opt_sec_array(s, seq);
+               break;
         case STATMOUNT_FS_SUBTYPE:
                 sm->fs_subtype = start;
                 statmount_fs_subtype(s, seq);
         case STATMOUNT_FS_SUBTYPE:
                 sm->fs_subtype = start;
                 statmount_fs_subtype(s, seq);
@@ -5294,6 +5337,9 @@ static int do_statmount(struct kstatmount *s, u64 mnt_id, u64 mnt_ns_id,
         if (!err && s->mask & STATMOUNT_OPT_ARRAY)
                 err = statmount_string(s, STATMOUNT_OPT_ARRAY);
  
         if (!err && s->mask & STATMOUNT_OPT_ARRAY)
                 err = statmount_string(s, STATMOUNT_OPT_ARRAY);
  
+       if (!err && s->mask & STATMOUNT_OPT_SEC_ARRAY)
+               err = statmount_string(s, STATMOUNT_OPT_SEC_ARRAY);
+
         if (!err && s->mask & STATMOUNT_FS_SUBTYPE)
                 err = statmount_string(s, STATMOUNT_FS_SUBTYPE);
  
         if (!err && s->mask & STATMOUNT_FS_SUBTYPE)
                 err = statmount_string(s, STATMOUNT_FS_SUBTYPE);
  
@@ -5323,7 +5369,7 @@ static inline bool retry_statmount(const long ret, size_t *seq_size)
  #define STATMOUNT_STRING_REQ (STATMOUNT_MNT_ROOT | STATMOUNT_MNT_POINT | \
                               STATMOUNT_FS_TYPE | STATMOUNT_MNT_OPTS | \
                               STATMOUNT_FS_SUBTYPE | STATMOUNT_SB_SOURCE | \
  #define STATMOUNT_STRING_REQ (STATMOUNT_MNT_ROOT | STATMOUNT_MNT_POINT | \
                               STATMOUNT_FS_TYPE | STATMOUNT_MNT_OPTS | \
                               STATMOUNT_FS_SUBTYPE | STATMOUNT_SB_SOURCE | \
-                             STATMOUNT_OPT_ARRAY)
+                             STATMOUNT_OPT_ARRAY | STATMOUNT_OPT_SEC_ARRAY)
  
  static int prepare_kstatmount(struct kstatmount *ks, struct mnt_id_req *kreq,
                               struct statmount __user *buf, size_t bufsize,
  
  static int prepare_kstatmount(struct kstatmount *ks, struct mnt_id_req *kreq,
                               struct statmount __user *buf, size_t bufsize,
diff --git a/include/uapi/linux/mount.h b/include/uapi/linux/mount.h

index c0fda4604187d21ba8d4da2ad9bbc0524fe35536..c07008816acae89cbea3087caf50d537d4e78298 100644 (file)
--- a/include/uapi/linux/mount.h
+++ b/include/uapi/linux/mount.h
@@ -177,7 +177,9 @@ struct statmount {
         __u32 sb_source;        /* [str] Source string of the mount */
         __u32 opt_num;          /* Number of fs options */
         __u32 opt_array;        /* [str] Array of nul terminated fs options */
         __u32 sb_source;        /* [str] Source string of the mount */
         __u32 opt_num;          /* Number of fs options */
         __u32 opt_array;        /* [str] Array of nul terminated fs options */
-       __u64 __spare2[47];
+       __u32 opt_sec_num;      /* Number of security options */
+       __u32 opt_sec_array;    /* [str] Array of nul terminated security options */
+       __u64 __spare2[46];
         char str[];             /* Variable size part containing strings */
  };
  
         char str[];             /* Variable size part containing strings */
  };
  
@@ -214,6 +216,7 @@ struct mnt_id_req {
  #define STATMOUNT_FS_SUBTYPE           0x00000100U     /* Want/got fs_subtype */
  #define STATMOUNT_SB_SOURCE            0x00000200U     /* Want/got sb_source */
  #define STATMOUNT_OPT_ARRAY            0x00000400U     /* Want/got opt_... */
  #define STATMOUNT_FS_SUBTYPE           0x00000100U     /* Want/got fs_subtype */
  #define STATMOUNT_SB_SOURCE            0x00000200U     /* Want/got sb_source */
  #define STATMOUNT_OPT_ARRAY            0x00000400U     /* Want/got opt_... */
+#define STATMOUNT_OPT_SEC_ARRAY                0x00000800U     /* Want/got opt_sec... */
  
  /*
   * Special @mnt_id values that can be passed to listmount
  
  /*
   * Special @mnt_id values that can be passed to listmount
author	Christian Brauner <[email protected]>
	Thu, 14 Nov 2024 15:31:27 +0000 (16:31 +0100)
committer	Christian Brauner <[email protected]>
	Thu, 14 Nov 2024 16:03:25 +0000 (17:03 +0100)
fs/namespace.c		patch \| blob \| blame \| history
include/uapi/linux/mount.h		patch \| blob \| blame \| history