git.ipfire.org Git - thirdparty/linux.git/commit

author	Christian Brauner <brauner@kernel.org>
	Sun, 19 Nov 2023 19:58:49 +0000 (20:58 +0100)
committer	Christian Brauner <brauner@kernel.org>
	Thu, 14 Dec 2023 10:49:05 +0000 (11:49 +0100)
commit	68385d77c05b401f748acecc0e0a8eff10489334
tree	5dd9ba5837922d683e42ccdfdba8b48a8de1a411	tree \| snapshot
parent	6971beb4ec52ad7b26f5b5eedf19d4963be7df1b	commit \| diff

statmount: simplify string option retrieval

The previous code was a bit too clever for what we currently support.

A few minor changes:

* Avoid indirect function calls and use a simple switch statement. We
  really only have three cases to handle so it's not like it's massively
  complex. We can switch to something more elaborate should we introduce
  more complex options.
* Defer all copy_to_user() calls until after we've given up namespace
  semaphore.
  On kernels with userfaultfd it's possible to abuse copy_from/to_user()
  calls to indefinitely block on page faults. That's usually a
  privileged operation but may be made available to unprivileged users.

  Independent of userfaultfd it's better to not do all the
  copy_to_user() work while holding namespace semaphore. Instead collect
  the information and then copy it out after we've given up all locks.
* This also folds a change from Arnd to reduce the stack size in
  prepare_kstatmount() to avoid warning such as:

  fs/namespace.c:4995:1: error: stack frame size (1536) exceeds limit (1024) in '__se_sys_statmount' [-Werror,-Wframe-larger-than]
   4995 | SYSCALL_DEFINE4(statmount, const struct mnt_id_req __user *, req,

Reviewed-by: Ian Kent <raven@themaw.net>
Link: https://lore.kernel.org/r/20231213090015.518044-1-arnd@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>