Unverified Commit bfa8ee11 authored by Christian Brauner's avatar Christian Brauner
Browse files

Merge patch series "vfs: output mount_too_revealing() errors to fscontext" 

Aleksa Sarai <cyphar@cyphar.com> says:

It makes little sense for fsmount() to output the warning message when
mount_too_revealing() is violated to kmsg. Instead, the warning should
be output (with a "VFS" prefix) to the fscontext log. In addition,
include the same log message for mount_too_revealing() when doing a
regular mount for consistency.

With the newest fsopen()-based mount(8) from util-linux, the error
messages now look like

  # mount -t proc proc /tmp
  mount: /tmp: fsmount() failed: VFS: Mount too revealing.
	 dmesg(1) may have more information after failed mount system call.

which could finally result in mount_too_revealing() errors being easier
for users to detect and understand.

* patches from https://lore.kernel.org/20250806-errorfc-mount-too-revealing-v2-0-534b9b4d45bb@cyphar.com:
  vfs: output mount_too_revealing() errors to fscontext
  fscontext: add custom-prefix log helpers

Link: https://lore.kernel.org/20250806-errorfc-mount-too-revealing-v2-0-534b9b4d45bb@cyphar.com


Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parents 5e6de2a7 807602d8

fs/namespace.c

+4 −2
Original line number Diff line number Diff line
@@ -3724,8 +3724,10 @@ static int do_new_mount_fc(struct fs_context *fc, struct path *mountpoint, 
	int error;



	error = security_sb_kern_mount(sb);

	if (!error && mount_too_revealing(sb, &mnt_flags))

	if (!error && mount_too_revealing(sb, &mnt_flags)) {

		errorfcp(fc, "VFS", "Mount too revealing");

		error = -EPERM;

	}



	if (unlikely(error)) {

		fc_drop_locked(fc);
@@ -4441,7 +4443,7 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags, 


	ret = -EPERM;

	if (mount_too_revealing(fc->root->d_sb, &mnt_flags)) {

		pr_warn("VFS: Mount too revealing\n");

		errorfcp(fc, "VFS", "Mount too revealing");

		goto err_unlock;

	}

include/linux/fs_context.h

+14 −4
Original line number Diff line number Diff line
@@ -186,10 +186,12 @@ struct fc_log { 
extern __attribute__((format(printf, 4, 5)))

void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt, ...);



#define __logfc(fc, l, fmt, ...) logfc((fc)->log.log, NULL, \

					l, fmt, ## __VA_ARGS__)

#define __plog(p, l, fmt, ...) logfc((p)->log, (p)->prefix, \

					l, fmt, ## __VA_ARGS__)

#define __logfc(fc, l, fmt, ...) \

	logfc((fc)->log.log, NULL, (l), (fmt), ## __VA_ARGS__)

#define __plogp(p, prefix, l, fmt, ...) \

	logfc((p)->log, (prefix), (l), (fmt), ## __VA_ARGS__)

#define __plog(p, l, fmt, ...) __plogp(p, (p)->prefix, l, fmt, ## __VA_ARGS__)



/**

 * infof - Store supplementary informational message

 * @fc: The context in which to log the informational message
@@ -201,6 +203,8 @@ void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt, 
#define infof(fc, fmt, ...) __logfc(fc, 'i', fmt, ## __VA_ARGS__)

#define info_plog(p, fmt, ...) __plog(p, 'i', fmt, ## __VA_ARGS__)

#define infofc(fc, fmt, ...) __plog((&(fc)->log), 'i', fmt, ## __VA_ARGS__)

#define infofcp(fc, prefix, fmt, ...) \

	__plogp((&(fc)->log), prefix, 'i', fmt, ## __VA_ARGS__)



/**

 * warnf - Store supplementary warning message
@@ -213,6 +217,8 @@ void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt, 
#define warnf(fc, fmt, ...) __logfc(fc, 'w', fmt, ## __VA_ARGS__)

#define warn_plog(p, fmt, ...) __plog(p, 'w', fmt, ## __VA_ARGS__)

#define warnfc(fc, fmt, ...) __plog((&(fc)->log), 'w', fmt, ## __VA_ARGS__)

#define warnfcp(fc, prefix, fmt, ...) \

	__plogp((&(fc)->log), prefix, 'w', fmt, ## __VA_ARGS__)



/**

 * errorf - Store supplementary error message
@@ -225,6 +231,8 @@ void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt, 
#define errorf(fc, fmt, ...) __logfc(fc, 'e', fmt, ## __VA_ARGS__)

#define error_plog(p, fmt, ...) __plog(p, 'e', fmt, ## __VA_ARGS__)

#define errorfc(fc, fmt, ...) __plog((&(fc)->log), 'e', fmt, ## __VA_ARGS__)

#define errorfcp(fc, prefix, fmt, ...) \

	__plogp((&(fc)->log), prefix, 'e', fmt, ## __VA_ARGS__)



/**

 * invalf - Store supplementary invalid argument error message
@@ -237,5 +245,7 @@ void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt, 
#define invalf(fc, fmt, ...) (errorf(fc, fmt, ## __VA_ARGS__), -EINVAL)

#define inval_plog(p, fmt, ...) (error_plog(p, fmt, ## __VA_ARGS__), -EINVAL)

#define invalfc(fc, fmt, ...) (errorfc(fc, fmt, ## __VA_ARGS__), -EINVAL)

#define invalfcp(fc, prefix, fmt, ...) \

	(errorfcp(fc, prefix, fmt, ## __VA_ARGS__), -EINVAL)



#endif /* _LINUX_FS_CONTEXT_H */