Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/fs/xfs
History
Eric W. Biederman 5c1997410b fs: Limit sys_mount to only request filesystem modules. 
Modify the request_module to prefix the file system type with "fs-"
and add aliases to all of the filesystems that can be built as modules
to match.

A common practice is to build all of the kernel code and leave code
that is not commonly needed as modules, with the result that many
users are exposed to any bug anywhere in the kernel.

Looking for filesystems with a fs- prefix limits the pool of possible
modules that can be loaded by mount to just filesystems trivially
making things safer with no real cost.

Using aliases means user space can control the policy of which
filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf
with blacklist and alias directives.  Allowing simple, safe,
well understood work-arounds to known problematic software.

This also addresses a rare but unfortunate problem where the filesystem
name is not the same as it's module name and module auto-loading
would not work.  While writing this patch I saw a handful of such
cases.  The most significant being autofs that lives in the module
autofs4.

This is relevant to user namespaces because we can reach the request
module in get_fs_type() without having any special permissions, and
people get uncomfortable when a user specified string (in this case
the filesystem type) goes all of the way to request_module.

After having looked at this issue I don't think there is any
particular reason to perform any filtering or permission checks beyond
making it clear in the module request that we want a filesystem
module.  The common pattern in the kernel is to call request_module()
without regards to the users permissions.  In general all a filesystem
module does once loaded is call register_filesystem() and go to sleep.
Which means there is not much attack surface exposed by loading a
filesytem module unless the filesystem is mounted.  In a user
namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT,
which most filesystems do not set today.

Change-Id: I623b13dbdb44bb9ba7481f29575e1ca4ad8102f4
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Reported-by: Kees Cook <keescook@google.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
2017-09-22 19:12:20 +03:00
..
Kconfig
kmem.c xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
kmem.h xfs: use a normal shrinker for the dquot freelist 2012-02-10 12:38:09 -06:00
Makefile xfs: use common code for quota statistics 2012-03-14 11:09:06 -05:00
mrlock.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
time.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
uuid.c xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
uuid.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs.h xfs: don't expect xfs headers to be in subdirectories 2011-08-12 13:57:55 -05:00
xfs_acl.c BACKPORT: posix_acl: Clear SGID bit when setting file permissions 2017-06-26 20:26:17 +03:00
xfs_acl.h xfs: Fix build breakage in xfs_iops.c when CONFIG_FS_POSIX_ACL is not set 2011-08-01 02:35:04 -04:00
xfs_ag.h xfs: Remove the macro XFS_BUF_PTR 2011-07-25 15:03:13 -05:00
xfs_alloc.c xfs: fix fstrim offset calculations 2012-03-27 16:07:03 -05:00
xfs_alloc.h xfs: fix fstrim offset calculations 2012-03-27 16:07:03 -05:00
xfs_alloc_btree.c xfs: remove leftovers of the old btree tracing code 2011-07-13 13:43:50 +02:00
xfs_alloc_btree.h
xfs_aops.c xfs: log file size updates at I/O completion time 2012-03-13 16:30:49 -05:00
xfs_aops.h xfs: log file size updates at I/O completion time 2012-03-13 16:30:49 -05:00
xfs_attr.c xfs: add lots of attribute trace points 2012-03-27 17:18:21 -05:00
xfs_attr.h
xfs_attr_leaf.c xfs: add lots of attribute trace points 2012-03-27 17:18:21 -05:00
xfs_attr_leaf.h
xfs_attr_sf.h
xfs_bit.c
xfs_bit.h
xfs_bmap.c xfs: fix deadlock in xfs_rtfree_extent 2012-03-22 15:31:06 -05:00
xfs_bmap.h xfs: cleanup xfs_bmap.h 2011-10-11 21:15:07 -05:00
xfs_bmap_btree.c xfs: remove leftovers of the old btree tracing code 2011-07-13 13:43:50 +02:00
xfs_bmap_btree.h
xfs_btree.c xfs: remove XFS_BUF_SET_VTYPE and XFS_BUF_SET_VTYPE_REF 2011-10-11 21:15:09 -05:00
xfs_btree.h xfs: Remove the macro XFS_BUF_PTR 2011-07-25 15:03:13 -05:00
xfs_buf.c xfs: use per-filesystem I/O completion workqueues 2012-03-05 11:07:42 -06:00
xfs_buf.h Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
xfs_buf_item.c xfs: constify xfs_item_ops 2011-11-08 10:48:23 -06:00
xfs_buf_item.h
xfs_da_btree.c xfs: add lots of attribute trace points 2012-03-27 17:18:21 -05:00
xfs_da_btree.h xfs: remove the dead XFS_DABUF_DEBUG code 2011-07-13 13:43:50 +02:00
xfs_dfrag.c xfs: split in-core and on-disk inode log item fields 2012-03-13 17:08:17 -05:00
xfs_dfrag.h
xfs_dinode.h xfs: Remove the macro XFS_BUF_PTR 2011-07-25 15:03:13 -05:00
xfs_dir2.c xfs: get rid of open-coded S_ISREG(), etc. 2011-07-26 15:05:16 -04:00
xfs_dir2.h xfs: reshuffle dir2 headers 2011-07-13 13:43:48 +02:00
xfs_dir2_block.c xfs: clean up minor sparse warnings 2012-03-14 13:21:17 -05:00
xfs_dir2_data.c xfs: reshuffle dir2 headers 2011-07-13 13:43:48 +02:00
xfs_dir2_format.h xfs: cleanup struct xfs_dir2_free 2011-07-13 13:43:48 +02:00
xfs_dir2_leaf.c xfs: introduce xfs_bmapi_read() 2011-10-11 21:15:03 -05:00
xfs_dir2_node.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-07-25 13:56:39 -07:00
xfs_dir2_priv.h xfs: reshuffle dir2 headers 2011-07-13 13:43:48 +02:00
xfs_dir2_sf.c xfs: reshuffle dir2 headers 2011-07-13 13:43:48 +02:00
xfs_discard.c xfs: fix fstrim offset calculations 2012-03-27 16:07:03 -05:00
xfs_discard.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_dquot.c fs: xfs: fix section mismatch in linux-next 2012-03-22 13:48:55 -05:00
xfs_dquot.h xfs: remove the per-filesystem list of dquots 2012-03-14 11:53:34 -05:00
xfs_dquot_item.c xfs: cleanup dquot locking helpers 2011-12-12 17:28:20 -06:00
xfs_dquot_item.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_error.c xfs: Convert remaining cmn_err() callers to new API 2011-03-07 10:08:35 +11:00
xfs_error.h xfs: kill support/debug.[ch] 2011-03-07 10:09:35 +11:00
xfs_export.c xfs: fix nfs export of 64-bit inodes numbers on 32-bit kernels 2011-12-06 10:46:23 -06:00
xfs_export.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_extfree_item.c xfs: constify xfs_item_ops 2011-11-08 10:48:23 -06:00
xfs_extfree_item.h xfs: Pull EFI/EFD handling out from under the AIL lock 2010-12-20 11:59:49 +11:00
xfs_file.c fs: introduce inode operation ->update_time 2015-07-13 11:17:49 -07:00
xfs_filestream.c xfs: rename allocation range fields in struct xfs_bmalloca 2011-10-11 21:15:06 -05:00
xfs_filestream.h
xfs_fs.h xfs: consolidate & clarify mount sanity checks 2011-07-08 11:32:51 -05:00
xfs_fs_subr.c xfs: remove the i_size field in struct xfs_inode 2012-01-17 15:08:53 -06:00
xfs_fsops.c xfs: Check the return value of xfs_buf_get() 2011-10-11 21:15:01 -05:00
xfs_fsops.h xfs: ensure log covering transactions are synchronous 2011-01-11 20:28:17 -06:00
xfs_globals.c xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_ialloc.c xfs: propagate umode_t 2012-01-03 22:55:00 -05:00
xfs_ialloc.h xfs: propagate umode_t 2012-01-03 22:55:00 -05:00
xfs_ialloc_btree.c xfs: remove leftovers of the old btree tracing code 2011-07-13 13:43:50 +02:00
xfs_ialloc_btree.h
xfs_iget.c xfs: don't cache inodes read through bulkstat 2012-03-26 17:19:08 -05:00
xfs_inode.c xfs: split in-core and on-disk inode log item fields 2012-03-13 17:08:17 -05:00
xfs_inode.h xfs: don't cache inodes read through bulkstat 2012-03-26 17:19:08 -05:00
xfs_inode_item.c xfs: reimplement fdatasync support 2012-03-13 17:18:14 -05:00
xfs_inode_item.h xfs: reimplement fdatasync support 2012-03-13 17:18:14 -05:00
xfs_inum.h xfs: cleanup shortform directory inode number handling 2011-07-08 14:35:03 +02:00
xfs_ioctl.c xfs: Fix open flag handling in open_by_handle code 2012-03-22 15:56:52 -05:00
xfs_ioctl.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_ioctl32.c xfs: clean up minor sparse warnings 2012-03-14 13:21:17 -05:00
xfs_ioctl32.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_iomap.c xfs: log file size updates as part of unwritten extent conversion 2012-03-05 11:53:16 -06:00
xfs_iomap.h
xfs_iops.c xfs: clean up minor sparse warnings 2012-03-14 13:21:17 -05:00
xfs_iops.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_itable.c xfs: don't cache inodes read through bulkstat 2012-03-26 17:19:08 -05:00
xfs_itable.h
xfs_linux.h xfs: revert to using a kthread for AIL pushing 2011-10-11 11:02:49 -05:00
xfs_log.c xfs: Account log unmount transaction correctly 2012-03-26 17:47:24 -05:00
xfs_log.h xfs: split and cleanup xfs_log_reserve 2012-02-22 22:37:04 -06:00
xfs_log_cil.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-01-08 13:21:22 -08:00
xfs_log_priv.h xfs: split and cleanup xfs_log_reserve 2012-02-22 22:37:04 -06:00
xfs_log_recover.c xfs: Fix oops on IO error during xlog_recover_process_iunlinks() 2012-03-27 16:34:10 -05:00
xfs_log_recover.h
xfs_message.c xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_message.h treewide: use __printf not __attribute__((format(printf,...))) 2011-10-31 17:30:54 -07:00
xfs_mount.c Change xfs_sb_from_disk() interface to take a mount pointer 2012-02-03 11:21:33 -06:00
xfs_mount.h xfs: use per-filesystem I/O completion workqueues 2012-03-05 11:07:42 -06:00
xfs_mru_cache.c xfs: convert to alloc_workqueue() 2011-02-01 11:42:43 +01:00
xfs_mru_cache.h
xfs_qm.c xfs: remove the global xfs_Gqm structure 2012-03-14 12:06:32 -05:00
xfs_qm.h xfs: remove the global xfs_Gqm structure 2012-03-14 12:06:32 -05:00
xfs_qm_bhv.c xfs: remove the global xfs_Gqm structure 2012-03-14 12:06:32 -05:00
xfs_qm_syscalls.c xfs: remove the per-filesystem list of dquots 2012-03-14 11:53:34 -05:00
xfs_quota.h Define new macro XFS_ALL_QUOTA_ACTIVE and simply some usage 2012-02-03 11:32:20 -06:00
xfs_quota_priv.h xfs: use per-filesystem radix trees for dquot lookup 2012-03-14 11:09:06 -05:00
xfs_quotaops.c xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_rename.c vfs: check i_nlink limits in vfs_{mkdir,rename_dir,link} 2012-03-20 21:29:32 -04:00
xfs_rtalloc.c xfs: fix deadlock in xfs_rtfree_extent 2012-03-22 15:31:06 -05:00
xfs_rtalloc.h xfs: Remove the macro XFS_BUF_PTR 2011-07-25 15:03:13 -05:00
xfs_rw.c xfs: clean up xfs_ioerror_alert 2011-10-11 21:15:10 -05:00
xfs_rw.h xfs: clean up xfs_ioerror_alert 2011-10-11 21:15:10 -05:00
xfs_sb.h xfs: kill the unused XFS_BB_FSB_OFFSET macro 2012-02-02 17:08:04 -06:00
xfs_stats.c xfs: use common code for quota statistics 2012-03-14 11:09:06 -05:00
xfs_stats.h xfs: use common code for quota statistics 2012-03-14 11:09:06 -05:00
xfs_super.c fs: Limit sys_mount to only request filesystem modules. 2017-09-22 19:12:20 +03:00
xfs_super.h xfs: remove the global xfs_Gqm structure 2012-03-14 12:06:32 -05:00
xfs_sync.c xfs: log timestamp updates 2012-03-13 17:01:15 -05:00
xfs_sync.h xfs: log timestamp updates 2012-03-13 17:01:15 -05:00
xfs_sysctl.c xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_sysctl.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_trace.c xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_trace.h xfs: add lots of attribute trace points 2012-03-27 17:18:21 -05:00
xfs_trans.c xfs: split and cleanup xfs_log_reserve 2012-02-22 22:37:04 -06:00
xfs_trans.h xfs: remove the lid_size field in struct log_item_desc 2011-12-08 13:53:30 -06:00
xfs_trans_ail.c xfs: cleanup xfs_log_space_wake 2012-02-22 22:17:00 -06:00
xfs_trans_buf.c xfs: remove xfs_trans_unlocked_item 2012-02-22 22:17:00 -06:00
xfs_trans_dquot.c xfs: remove the global xfs_Gqm structure 2012-03-14 12:06:32 -05:00
xfs_trans_extfree.c xfs: Pull EFI/EFD handling out from under the AIL lock 2010-12-20 11:59:49 +11:00
xfs_trans_inode.c xfs: split in-core and on-disk inode log item fields 2012-03-13 17:08:17 -05:00
xfs_trans_priv.h xfs: remove xfs_trans_unlocked_item 2012-02-22 22:17:00 -06:00
xfs_trans_space.h
xfs_types.h xfs: exact busy extent tracking 2011-04-28 13:18:04 -05:00
xfs_utils.c vfs: check i_nlink limits in vfs_{mkdir,rename_dir,link} 2012-03-20 21:29:32 -04:00
xfs_utils.h xfs: propagate umode_t 2012-01-03 22:55:00 -05:00
xfs_vnode.h xfs: remove remaining scraps of struct xfs_iomap 2012-03-15 13:40:16 -05:00
xfs_vnodeops.c vfs: check i_nlink limits in vfs_{mkdir,rename_dir,link} 2012-03-20 21:29:32 -04:00
xfs_vnodeops.h xfs: remove remaining scraps of struct xfs_iomap 2012-03-15 13:40:16 -05:00
xfs_xattr.c xfs: remove subdirectories 2011-08-12 16:21:35 -05:00