From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DD14C282F6 for ; Mon, 21 Jan 2019 10:49:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F089B20663 for ; Mon, 21 Jan 2019 10:49:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=brauner.io header.i=@brauner.io header.b="AGTdGYym" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727798AbfAUKty (ORCPT ); Mon, 21 Jan 2019 05:49:54 -0500 Received: from mail-ed1-f68.google.com ([209.85.208.68]:46301 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727440AbfAUKty (ORCPT ); Mon, 21 Jan 2019 05:49:54 -0500 Received: by mail-ed1-f68.google.com with SMTP id o10so16155763edt.13 for ; Mon, 21 Jan 2019 02:49:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brauner.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=bzZVN7sTHVfOHilIi7xL4TX5exwNMtKBHZCmZZlepxc=; b=AGTdGYyme/MfZsgRmUJN/z4UcTKKLT36hd2kFPNcB3Tcy2TABa9lj7+gh0ryKuZFk4 Jmvu3r24r02MOArnWKwVAONPhnvYonsXEu5BeJqVNZHGFZLgqqXAKbEuY0tIW+YP4xxO A5+6m9IFSr+hvNpWTLEp2tLyFIC79qRwi8kAO2PHRa491VHOQwykUi88rn/IEstEnPxN MO8DrvSxnqBElyA+s9PnxSQksAmkF6EbEhjXZ8t+ZQYlqZKFxwJKgK8q1wPucAJET0qK 70k0jlwtrd+KZPFaNnITnWgbisVmodVxR1CbQ+MoV9b2OE9im3uJXEgsMR8RjURz/9eY epjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bzZVN7sTHVfOHilIi7xL4TX5exwNMtKBHZCmZZlepxc=; b=Gh9oNQo/DxxIeUW7lPhhc1c9EygNaOyV4U1m9boFVvKkFbjBOoeF5cKbVyixA7/Qdz /d0kB0g/0jIkF9I27/xOLvuOKHG4LLvjefl+0kdYMqOka6MSCs00EoUmyWthkjgcdFSM /MXzoi2tT6N6D28UhkHWdVjpuI2B1fSFI8M7CPq4ikBAnFGFUKFinU41Nz2C3r5fD0Nu M5rpOG/4gA3l9wi8ggbcODXPiHrHuLMS1eI03bP2SOh65+CKRHO1JybVuY/z/LnoOMOu qOUlKlSU17NhLxFDhL9npDtM4Qh9aTyoxDiAy1zIhQmslcDvAPZ0zIJiPhJfD8TCFFuA rkSQ== X-Gm-Message-State: AJcUukclQLz5wrTB42jDiprlDticBqDhfaq1M1wP/0/ZjHSQ+MyD61vk NtuY+pHu0uLqhREtfmtEIIaWzg== X-Google-Smtp-Source: ALg8bN6vIpavcBKfWxrwXmo+cIy8zEGqfRJWg4J+ATvG4QkskBgnYOcwioj+pbqXRbr2BmxmPcIRvA== X-Received: by 2002:a50:9fe3:: with SMTP id c90mr3513594edf.163.1548067792456; Mon, 21 Jan 2019 02:49:52 -0800 (PST) Received: from localhost.localdomain ([2a02:8109:b6bf:f9e4:9473:6b39:afaf:14d4]) by smtp.gmail.com with ESMTPSA id e35sm9006196eda.13.2019.01.21.02.49.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 21 Jan 2019 02:49:51 -0800 (PST) From: Christian Brauner To: gregkh@linuxfoundation.org, devel@driverdev.osuosl.org, linux-fsdevel@vger.kernel.org, viro@zeniv.linux.org.uk, dhowells@redhat.com Cc: tkjos@google.com, Christian Brauner Subject: [PATCH v1 2/7] binderfs: prevent renaming the control dentry Date: Mon, 21 Jan 2019 11:48:03 +0100 Message-Id: <20190121104808.24108-3-christian@brauner.io> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190121104808.24108-1-christian@brauner.io> References: <20190121104808.24108-1-christian@brauner.io> MIME-Version: 1.0 X-Patchwork-Bot: notify Content-Transfer-Encoding: 8bit Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org - make binderfs control dentry immutable: We don't allow to unlink it since it is crucial for binderfs to be useable but if we allow to rename it we make the unlink trivial to bypass. So prevent renaming too and simply treat the control dentry as immutable. - add is_binderfs_control_device() helper: Take the opportunity and turn the check for the control dentry into a separate helper is_binderfs_control_device() since it's now used in two places. - simplify binderfs_rename(): Instead of hand-rolling our custom version of simple_rename() just dumb the whole function down to first check whether we're trying to rename the control dentry. If we do EPERM the caller and if not call simple_rename(). Suggested-by: Al Viro Signed-off-by: Christian Brauner --- /* Changelog */ v1: - simplify is_binderfs_control_device() to only take a dentry argument instead of taking an unnecessary detour through the inode. --- drivers/android/binderfs.c | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c index 898d847f8505..e73f9dbee099 100644 --- a/drivers/android/binderfs.c +++ b/drivers/android/binderfs.c @@ -346,34 +346,26 @@ static const struct super_operations binderfs_super_ops = { .statfs = simple_statfs, }; +static inline bool is_binderfs_control_device(const struct dentry *dentry) +{ + struct binderfs_info *info = dentry->d_sb->s_fs_info; + return info->control_dentry == dentry; +} + static int binderfs_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry, unsigned int flags) { - struct inode *inode = d_inode(old_dentry); - - /* binderfs doesn't support directories. */ - if (d_is_dir(old_dentry)) + if (is_binderfs_control_device(old_dentry) || + is_binderfs_control_device(new_dentry)) return -EPERM; - if (flags & ~RENAME_NOREPLACE) - return -EINVAL; - - if (!simple_empty(new_dentry)) - return -ENOTEMPTY; - - if (d_really_is_positive(new_dentry)) - simple_unlink(new_dir, new_dentry); - - old_dir->i_ctime = old_dir->i_mtime = new_dir->i_ctime = - new_dir->i_mtime = inode->i_ctime = current_time(old_dir); - - return 0; + return simple_rename(old_dir, old_dentry, new_dir, new_dentry, flags); } static int binderfs_unlink(struct inode *dir, struct dentry *dentry) { - if (BINDERFS_I(dir)->control_dentry == dentry) + if (is_binderfs_control_device(dentry)) return -EPERM; return simple_unlink(dir, dentry); -- 2.19.1