From mboxrd@z Thu Jan  1 00:00:00 1970
From: ebiederm@xmission.com (Eric W. Biederman)
Subject: [PATCH review 0/4] Loopback mount escape fixes
Date: Wed, 08 Apr 2015 18:31:56 -0500
Message-ID: <874moq9oyb.fsf_-_@x220.int.ebiederm.org>
References: <871tncuaf6.fsf@x220.int.ebiederm.org>
	<87mw5xq7lt.fsf@x220.int.ebiederm.org>
	<87a8yqou41.fsf_-_@x220.int.ebiederm.org>
Mime-Version: 1.0
Content-Type: text/plain
Cc: <linux-fsdevel@vger.kernel.org>, Al Viro <viro@ZenIV.linux.org.uk>,
	Andy Lutomirski <luto@amacapital.net>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Richard Weinberger <richard@nod.at>,
	Andrey Vagin <avagin@openvz.org>, Jann Horn <jann@thejh.net>,
	Willy Tarreau <w@1wt.eu>, Omar Sandoval <osandov@osandov.com>
To: Linux Containers <containers@lists.linux-foundation.org>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from out03.mta.xmission.com ([166.70.13.233]:60102 "EHLO
	out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753681AbbDHXgE (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 8 Apr 2015 19:36:04 -0400
In-Reply-To: <87a8yqou41.fsf_-_@x220.int.ebiederm.org> (Eric W. Biederman's
	message of "Thu, 02 Apr 2015 20:53:18 -0500")
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>


After the last round of feedback I sat down and played with my fix
for the fact that a strategically placed rename, ".." on bind mounts
go up past the root of the bind mount.

The code better handles the escaped directory returning into it's bind
mount, and is now roughly a constant factor cost in all cases from what
the code costs without the fix.

So I think I have found a better tradeoff between fixing this bug and
not slowing down path name lookups in the common case.

These fixes are against on v4.0-rc6.

For those who like to see everything in a single tree the code is at:

    git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-testing

Eric W. Biederman (4):
      mnt: Track which mounts use a dentry as root.
      vfs: Test for and handle paths that are unreachable from their mnt_root
      vfs: Handle mounts whose parents are unreachable from their mountpoint
      vfs: Do not allow escaping from bind mounts.

 fs/dcache.c            |  82 +++++++++++++++++++++++++++---
 fs/internal.h          |   2 +
 fs/mount.h             |   6 +++
 fs/namei.c             |  57 +++++++++++++++++----
 fs/namespace.c         | 135 +++++++++++++++++++++++++++++++++++++++++++++++--
 include/linux/dcache.h |  13 +++++
 include/linux/namei.h  |   2 +
 7 files changed, 277 insertions(+), 20 deletions(-)