From patchwork Fri Dec 22 14:32:26 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dongsu Park <dongsu@kinvolk.io>
X-Patchwork-Id: 852391
Return-Path: 
 <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;
	helo=bombadil.infradead.org;
	envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="s/brpZbY";
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=kinvolk.io header.i=@kinvolk.io
	header.b="ml6psiVd"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3z3B1P2TZ6z9ryr
	for <incoming@patchwork.ozlabs.org>;
	Sat, 23 Dec 2017 01:37:29 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:
	In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=3y+ALcsSddrE7WWkBBRkxgF507fxV3FvhGK0icDS4gA=;
	b=s/brpZbY96TXvdYuW0py94Su9b
	JwFef61AmNEhGP/jgVwKtkZOysHCILphvkghy8fAU4x78wqSlDGggeuD7VsJ1yHYv+3tu6EMxQFaZ
	I0wbeoW29KyTcxNiKOD8FwcBUYmnZXY74nY4AlfCTaoq2EkjR2ByUHElQ5hY3Cdyn5pFUdQ/XJ7Oy
	9Usih67oAYGIvloihDc8aMuHOs4bFUiORG529PUdbSHpLNjDtx1Stqc7Y3LeS5SsCl2sVJlSj4XNk
	wRiRnds1Ar5Pt1TX6JJgUAc11242P6h3TODDUCEsteqhF7ZzmEluMJOVPZxsQq2udb8GgvRItUIPF
	NksflEcQ==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux))
	id 1eSORi-0001rk-GD; Fri, 22 Dec 2017 14:37:10 +0000
Received: from mail-wm0-x242.google.com ([2a00:1450:400c:c09::242])
	by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux))
	id 1eSORf-0001qg-8q
	for linux-mtd@lists.infradead.org; Fri, 22 Dec 2017 14:37:09 +0000
Received: by mail-wm0-x242.google.com with SMTP id f9so22138713wmh.0
	for <linux-mtd@lists.infradead.org>;
	Fri, 22 Dec 2017 06:36:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kinvolk.io; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=jQWBmZtWbWE5llMZ8sm0pdy19YY9HfHMhjMWFD6cEI4=;
	b=ml6psiVdta6+BOz+3uX2NxIaY0CtnE85j6t6/q2Pv6fEyDs7r7orvmIH6khIuiVTCc
	eZxXppLv49hoC38itpqCQYTTaiOIFzFwO8SKMD0JtSPg9FSvC88Jm7mNc4QwCdHGVM3k
	+yvIx7ZJdu2l06kDgLrM+96dsJIbV+NQ2fHl8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=jQWBmZtWbWE5llMZ8sm0pdy19YY9HfHMhjMWFD6cEI4=;
	b=oHetcNRK0shHptkiJ6d4sYvc+Qiwfq9wttqsDQcXGlUa+fENLV9RVDwg+On+Qfuin1
	I6BHRhko1AMH4ICJGtjPt4kPWhJxVmpkk4/wJSAuxKjKXLZ2iYNRg1mJ+/FgChc3Js1/
	DbRadSOKjw5ERBMd14lcjTG2r0CkelPNT0ge0Su/gS9pgLgKv9mZ+xQEc6BflALTOCrm
	DWdoNtW6DX8BiDiIVOWrFES9mRSQWe4MxhVf6i0Zf1/pwKvgYIUm4PbSIMJJVPi1kGGY
	2qiBJiJUVlHiOxwe6wWU/9eu0JukkEnrrD8HAUmwiU/wcZF+4fQj28DfZdgvYSQSM2Tm
	vShA==
X-Gm-Message-State: AKGB3mKzs73CUb6qAyOhWWWRiw8yFKtXj0+547GIEf8otZv28Bm7R8L3
	3wPVFtoCk4OCbbVQOY8XRZt7fQ==
X-Google-Smtp-Source: 
 ACJfBovFLr59SYUTmfr2tIhA2FOh1dK6QVOmPBBE4lxausRebxvYNUX8rbI9iEZb6yoesdRvB+QlDA==
X-Received: by 10.80.145.195 with SMTP id h3mr15821445eda.240.1513953081702;
	Fri, 22 Dec 2017 06:31:21 -0800 (PST)
Received: from dberlin.localdomain ([178.19.216.175])
	by smtp.gmail.com with ESMTPSA id
	j39sm19698065ede.38.2017.12.22.06.31.20
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Fri, 22 Dec 2017 06:31:21 -0800 (PST)
From: Dongsu Park <dongsu@kinvolk.io>
To: linux-kernel@vger.kernel.org
Subject: [PATCH 02/11] mtd: Check permissions towards mtd block device inode
	when mounting
Date: Fri, 22 Dec 2017 15:32:26 +0100
Message-Id: 
 <945d325a2239efcd55273abb2bac41cfc7264fea.1512041070.git.dongsu@kinvolk.io>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <cover.1512741134.git.dongsu@kinvolk.io>
References: <cover.1512741134.git.dongsu@kinvolk.io>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20171222_063707_316470_AF882192 
X-CRM114-Status: UNSURE (   8.95  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -2.0 (--)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-2.0 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no
	trust [2a00:1450:400c:c09:0:0:0:242 listed in] [list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-BeenThere: linux-mtd@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Linux MTD discussion mailing list <linux-mtd.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-mtd>,
	<mailto:linux-mtd-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-mtd/>
List-Post: <mailto:linux-mtd@lists.infradead.org>
List-Help: <mailto:linux-mtd-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-mtd>,
	<mailto:linux-mtd-request@lists.infradead.org?subject=subscribe>
Cc: Miklos Szeredi <mszeredi@redhat.com>, Dongsu Park <dongsu@kinvolk.io>,
	containers@lists.linux-foundation.org,
	Seth Forshee <seth.forshee@canonical.com>,
	Alban Crequy <alban@kinvolk.io>,
	"Eric W . Biederman" <ebiederm@xmission.com>,
	Sargun Dhillon <sargun@sargun.me>, linux-mtd@lists.infradead.org
MIME-Version: 1.0
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

From: Seth Forshee <seth.forshee@canonical.com>

Unprivileged users should not be able to mount mtd block devices
when they lack sufficient privileges towards the block device
inode.  Update mount_mtd() to validate that the user has the
required access to the inode at the specified path. The check
will be skipped for CAP_SYS_ADMIN, so privileged mounts will
continue working as before.

Patch v3 is available: https://patchwork.kernel.org/patch/7640011/

Cc: linux-mtd@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Dongsu Park <dongsu@kinvolk.io>
Acked-by: Serge Hallyn <serge@hallyn.com>
---
 drivers/mtd/mtdsuper.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/mtd/mtdsuper.c b/drivers/mtd/mtdsuper.c
index 4a4d40c0..3c8734f3 100644
--- a/drivers/mtd/mtdsuper.c
+++ b/drivers/mtd/mtdsuper.c
@@ -129,6 +129,7 @@ struct dentry *mount_mtd(struct file_system_type *fs_type, int flags,
 #ifdef CONFIG_BLOCK
 	struct block_device *bdev;
 	int ret, major;
+	int perm;
 #endif
 	int mtdnr;
 
@@ -180,7 +181,10 @@ struct dentry *mount_mtd(struct file_system_type *fs_type, int flags,
 	/* try the old way - the hack where we allowed users to mount
 	 * /dev/mtdblock$(n) but didn't actually _use_ the blockdev
 	 */
-	bdev = lookup_bdev(dev_name, 0);
+	perm = MAY_READ;
+	if (!(flags & MS_RDONLY))
+		perm |= MAY_WRITE;
+	bdev = lookup_bdev(dev_name, perm);
 	if (IS_ERR(bdev)) {
 		ret = PTR_ERR(bdev);
 		pr_debug("MTDSB: lookup_bdev() returned %d\n", ret);