Page MenuHomeFreeBSD
Differential D48150

nullfs: stop lying about mount flags in statfs(2)
ClosedPublic
Actions

Authored by kib on Dec 19 2024, 10:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jan 22, 4:13 PM
Unknown Object (File)
Tue, Jan 21, 8:02 PM
Unknown Object (File)
Wed, Jan 1, 9:23 AM
Unknown Object (File)
Tue, Dec 31, 8:33 AM
Unknown Object (File)
Mon, Dec 30, 8:53 AM
Unknown Object (File)
Sun, Dec 29, 8:59 AM
Unknown Object (File)
Sat, Dec 28, 9:00 AM
Unknown Object (File)
Dec 27 2024, 6:18 AM
View All 18 Files
Subscribers
imp

Details

Reviewers
markj
Commits
rG709989bab5d0: nullfs: stop lying about mount flags in statfs(2)
Summary
Flags should not propagate from the lower fs.  Behavior for the upper fs
is determined by flags from its mount point structure.  When lower fs
acts according to its mount configuration, it is reported up as VOP
errors.

PR:     283425

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Dec 19 2024, 10:17 PM
Herald added a subscriber: imp. · View Herald TranscriptDec 19 2024, 10:17 PM
kib requested review of this revision.Dec 19 2024, 10:17 PM
kib updated this revision to Diff 148268.Dec 20 2024, 12:09 AM
kib retitled this revision from nullfs: correct reporting of MNT_NOSUID to nullfs: stop lying about mount flags in statfs(2).
kib edited the summary of this revision. (Show Details)
markj added a comment.Dec 20 2024, 1:51 PM

When lower fs acts according to its mount configuration, it is reported up as VOP errors.

I do not quite understand what you mean here.

sys/fs/nullfs/null_vfsops.c
367–368

This comment isn't really explaining anything anymore, nothing is being faked.

kib marked an inline comment as done.Dec 20 2024, 2:56 PM
In D48150#1098146, @markj wrote:

When lower fs acts according to its mount configuration, it is reported up as VOP errors.

I do not quite understand what you mean here.

I mean that mnt_flags from lower fs do not need to be propagated to upper fs to make the mount operate correctly. Lower fs flags are checked when bypass calls lower VOP. So there is no need to 'fake' mnt_flags for upper fs, and esp. to fake it for only reporting to user in statfs(2).

markj added a comment.Dec 20 2024, 3:04 PM
In D48150#1098159, @kib wrote:
In D48150#1098146, @markj wrote:

When lower fs acts according to its mount configuration, it is reported up as VOP errors.

I do not quite understand what you mean here.

I mean that mnt_flags from lower fs do not need to be propagated to upper fs to make the mount operate correctly. Lower fs flags are checked when bypass calls lower VOP. So there is no need to 'fake' mnt_flags for upper fs, and esp. to fake it for only reporting to user in statfs(2).

Suppose a filesystem has MNT_NOSUID set, and contains a setuid root executable. If I create a nullfs mount of that filesystem and run the executable though nullfs, should the suid bit be honoured? I would expect not, but it is. In particular, MNT_NOSUID is not copied to the upper mount, and the code which checks MNT_NOSUID does not use a VOP, it just checks vp->v_mount->mnt_flags.

kib added a comment.Dec 20 2024, 3:11 PM
In D48150#1098161, @markj wrote:

Suppose a filesystem has MNT_NOSUID set, and contains a setuid root executable. If I create a nullfs mount of that filesystem and run the executable though nullfs, should the suid bit be honoured? I would expect not, but it is. In particular, MNT_NOSUID is not copied to the upper mount, and the code which checks MNT_NOSUID does not use a VOP, it just checks vp->v_mount->mnt_flags.

This is the current behavior, before or after the change, and in fact it is not that weird. Imagine that instead of nullfs, the lower fs is exported and mounted by nfs. The result is same.

markj accepted this revision.Dec 20 2024, 3:28 PM
In D48150#1098165, @kib wrote:
In D48150#1098161, @markj wrote:

Suppose a filesystem has MNT_NOSUID set, and contains a setuid root executable. If I create a nullfs mount of that filesystem and run the executable though nullfs, should the suid bit be honoured? I would expect not, but it is. In particular, MNT_NOSUID is not copied to the upper mount, and the code which checks MNT_NOSUID does not use a VOP, it just checks vp->v_mount->mnt_flags.

This is the current behavior, before or after the change, and in fact it is not that weird. Imagine that instead of nullfs, the lower fs is exported and mounted by nfs. The result is same.

Indeed, I understand that this change is mostly cosmetic. The current behaviour is quite surprising IMO: some properties of the lower mount are preserved, e.g., RO, while others are not, e.g., NOSUID, NOEXEC. I would expect nullfs to inherit those properties from the lower mountpoint. The code you're deleting suggests that others assumed the same behaviour.

This revision is now accepted and ready to land.Dec 20 2024, 3:28 PM
Closed by commit rG709989bab5d0: nullfs: stop lying about mount flags in statfs(2) (authored by kib). · Explain WhyDec 20 2024, 4:12 PM
This revision was automatically updated to reflect the committed changes.
kib added a commit: rG709989bab5d0: nullfs: stop lying about mount flags in statfs(2).

Revision Contents
Changeset List

PathSize
sys/
fs/
nullfs/
5 lines

Diff 148289

View Options

sys/fs/nullfs/null_vfsops.c

Loading...