From: Christian Brauner <brauner@kernel.org>
To: linux-fsdevel@vger.kernel.org
Cc: Amir Goldstein <amir73il@gmail.com>,
Christoph Hellwig <hch@lst.de>, Tyler Hicks <code@tyhicks.com>,
David Howells <dhowells@redhat.com>,
Miklos Szeredi <mszeredi@redhat.com>,
Al Viro <viro@zeniv.linux.org.uk>,
ecryptfs@vger.kernel.org, linux-cachefs@redhat.com,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: [PATCH 7/7] ecryptfs: extend ro check to private mount
Date: Wed, 14 Apr 2021 14:37:51 +0200 [thread overview]
Message-ID: <20210414123750.2110159-8-brauner@kernel.org> (raw)
In-Reply-To: <20210414123750.2110159-1-brauner@kernel.org>
From: Christian Brauner <christian.brauner@ubuntu.com>
So far ecryptfs only verified that the superblock wasn't read-only but
didn't check whether the mount was. This made sense when we did not use
a private mount because the read-only state could change at any point.
Now that we have a private mount and mount properties can't change
behind our back extend the read-only check to include the vfsmount.
The __mnt_is_readonly() helper will check both the mount and the
superblock. Note that before we checked root->d_sb and now we check
mnt->mnt_sb but since we have a matching <vfsmount, dentry> pair here
this is only syntactical change, not a semantic one.
Overlayfs and cachefiles have been changed to check this as well.
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Tyler Hicks <code@tyhicks.com>
Cc: ecryptfs@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
fs/ecryptfs/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 3ba2c0f349a3..4e5aeec91e95 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -571,7 +571,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
* 1) The lower mount is ro
* 2) The ecryptfs_encrypted_view mount option is specified
*/
- if (sb_rdonly(path.dentry->d_sb) || mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
+ if (__mnt_is_readonly(mnt) || mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
s->s_flags |= SB_RDONLY;
s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
--
2.27.0
prev parent reply other threads:[~2021-04-14 12:39 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-14 12:37 [PATCH 0/7] fs: tweak and switch more fses to private mounts Christian Brauner
2021-04-14 12:37 ` [PATCH 1/7] namespace: fix clone_private_mount() kernel doc Christian Brauner
2021-04-14 12:37 ` [PATCH 2/7] namespace: add kernel doc for mnt_clone_internal() Christian Brauner
2021-04-14 12:37 ` [PATCH 3/7] namespace: move unbindable check out of clone_private_mount() Christian Brauner
2021-04-14 12:37 ` [PATCH 4/7] cachefiles: switch to using a private mount Christian Brauner
2021-04-14 12:37 ` [PATCH 5/7] cachefiles: extend ro check to " Christian Brauner
2021-04-14 12:37 ` [PATCH 6/7] ecryptfs: switch to using a " Christian Brauner
2021-04-19 5:01 ` Tyler Hicks
2021-04-22 20:46 ` Tyler Hicks
2021-04-14 12:37 ` Christian Brauner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210414123750.2110159-8-brauner@kernel.org \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=christian.brauner@ubuntu.com \
--cc=code@tyhicks.com \
--cc=dhowells@redhat.com \
--cc=ecryptfs@vger.kernel.org \
--cc=hch@lst.de \
--cc=linux-cachefs@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).