autofs: dont trigger mount if it cant succeed

If a mount namespace contains autofs mounts, and they are propagation
private, and there is no namespace specific automount daemon to handle
possible automounting then attempted path resolution will loop until
MAXSYMLINKS is reached before failing causing quite a bit of noise in
the log.

Add a check for this in autofs ->d_automount() so that the VFS can
immediately return an error in this case. Since the mount is propagation
private an EPERM return seems most appropriate.

Suggested by: Christian Brauner <brauner@kernel.org>

Signed-off-by: Ian Kent <raven@themaw.net>
Link: https://patch.msgid.link/20251118024631.10854-2-raven@themaw.net
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/autofs/autofs_i.h b/fs/autofs/autofs_i.h
index 23cea74f9933b50ff0fee9733093338aa12b571b..4fd555528c5d132c36ec9bf2a17ed535df89f227 100644 (file)
--- a/fs/autofs/autofs_i.h
+++ b/fs/autofs/autofs_i.h
@@ -16,6 +16,7 @@
 #include <linux/wait.h>
 #include <linux/sched.h>
 #include <linux/sched/signal.h>
+#include <uapi/linux/mount.h>
 #include <linux/mount.h>
 #include <linux/namei.h>
 #include <linux/uaccess.h>
@@ -27,6 +28,9 @@
 #include <linux/magic.h>
 #include <linux/fs_context.h>
 #include <linux/fs_parser.h>
+#include "../mount.h"
+#include <linux/ns_common.h>
+
 
 /* This is the range of ioctl() numbers we claim as ours */
 #define AUTOFS_IOC_FIRST     AUTOFS_IOC_READY
@@ -114,6 +118,7 @@ struct autofs_sb_info {
        int pipefd;
        struct file *pipe;
        struct pid *oz_pgrp;
+       u64 mnt_ns_id;
        int version;
        int sub_version;
        int min_proto;

diff --git a/fs/autofs/dev-ioctl.c b/fs/autofs/dev-ioctl.c
index d8dd150cbd7489a9230ac0f8ce6ccbfd9ee9fef1..ed2efe4e97b2b773cf5ecceaa28e054fcc8e6de0 100644 (file)
--- a/fs/autofs/dev-ioctl.c
+++ b/fs/autofs/dev-ioctl.c
@@ -381,6 +381,7 @@ static int autofs_dev_ioctl_setpipefd(struct file *fp,
                swap(sbi->oz_pgrp, new_pid);
                sbi->pipefd = pipefd;
                sbi->pipe = pipe;
+               sbi->mnt_ns_id = to_ns_common(current->nsproxy->mnt_ns)->ns_id;
                sbi->flags &= ~AUTOFS_SBI_CATATONIC;
        }
 out:

diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c
index f5c16ffba01340e95ea843fc15dcc957ef337d5f..732aee76a24c4dd4caf2ac3b7d3f5ea5d3f8c03c 100644 (file)
--- a/fs/autofs/inode.c
+++ b/fs/autofs/inode.c
@@ -251,6 +251,7 @@ static struct autofs_sb_info *autofs_alloc_sbi(void)
        sbi->min_proto = AUTOFS_MIN_PROTO_VERSION;
        sbi->max_proto = AUTOFS_MAX_PROTO_VERSION;
        sbi->pipefd = -1;
+       sbi->mnt_ns_id = to_ns_common(current->nsproxy->mnt_ns)->ns_id;
 
        set_autofs_type_indirect(&sbi->type);
        mutex_init(&sbi->wq_mutex);

diff --git a/fs/autofs/root.c b/fs/autofs/root.c
index 174c7205fee444b605bf37fce97e247a47a2ba89..d10df9d89d1c42004bc08e275e53fd0915f2b206 100644 (file)
--- a/fs/autofs/root.c
+++ b/fs/autofs/root.c
@@ -341,6 +341,14 @@ static struct vfsmount *autofs_d_automount(struct path *path)
        if (autofs_oz_mode(sbi))
                return NULL;
 
+       /* Refuse to trigger mount if current namespace is not the owner
+        * and the mount is propagation private.
+        */
+       if (sbi->mnt_ns_id != to_ns_common(current->nsproxy->mnt_ns)->ns_id) {
+               if (vfsmount_to_propagation_flags(path->mnt) & MS_PRIVATE)
+                       return ERR_PTR(-EPERM);
+       }
+
        /*
         * If an expire request is pending everyone must wait.
         * If the expire fails we're still mounted so continue

diff --git a/fs/namespace.c b/fs/namespace.c
index d82910f33dc483f2753058bdd1a546bce9caf77b..27bb12693cbac9ec8453527f93505de274496c22 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -5150,6 +5150,12 @@ static u64 mnt_to_propagation_flags(struct mount *m)
        return propagation;
 }
 
+u64 vfsmount_to_propagation_flags(struct vfsmount *mnt)
+{
+       return mnt_to_propagation_flags(real_mount(mnt));
+}
+EXPORT_SYMBOL_GPL(vfsmount_to_propagation_flags);
+
 static void statmount_sb_basic(struct kstatmount *s)
 {
        struct super_block *sb = s->mnt->mnt_sb;

diff --git a/include/linux/fs.h b/include/linux/fs.h
index c895146c1444be36e0a779df55622cc38c9419ff..a5c2077ce6ed2dabcb8a40b52cdd06a3aa6183fa 100644 (file)
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -3269,6 +3269,7 @@ extern struct file * open_exec(const char *);
 /* fs/dcache.c -- generic fs support functions */
 extern bool is_subdir(struct dentry *, struct dentry *);
 extern bool path_is_under(const struct path *, const struct path *);
+u64 vfsmount_to_propagation_flags(struct vfsmount *mnt);
 
 extern char *file_path(struct file *, char *, int);