Skip to content

Commit bfa8ee1

Browse files
braunerbrauner
committed
Merge patch series "vfs: output mount_too_revealing() errors to fscontext"
Aleksa Sarai <cyphar@cyphar.com> says: It makes little sense for fsmount() to output the warning message when mount_too_revealing() is violated to kmsg. Instead, the warning should be output (with a "VFS" prefix) to the fscontext log. In addition, include the same log message for mount_too_revealing() when doing a regular mount for consistency. With the newest fsopen()-based mount(8) from util-linux, the error messages now look like # mount -t proc proc /tmp mount: /tmp: fsmount() failed: VFS: Mount too revealing. dmesg(1) may have more information after failed mount system call. which could finally result in mount_too_revealing() errors being easier for users to detect and understand. * patches from https://lore.kernel.org/20250806-errorfc-mount-too-revealing-v2-0-534b9b4d45bb@cyphar.com: vfs: output mount_too_revealing() errors to fscontext fscontext: add custom-prefix log helpers Link: https://lore.kernel.org/20250806-errorfc-mount-too-revealing-v2-0-534b9b4d45bb@cyphar.com Signed-off-by: Christian Brauner <brauner@kernel.org>
2 parents 5e6de2a + 807602d commit bfa8ee1

2 files changed

Lines changed: 18 additions & 6 deletions

File tree

fs/namespace.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3724,8 +3724,10 @@ static int do_new_mount_fc(struct fs_context *fc, struct path *mountpoint,
37243724
int error;
37253725

37263726
error = security_sb_kern_mount(sb);
3727-
if (!error && mount_too_revealing(sb, &mnt_flags))
3727+
if (!error && mount_too_revealing(sb, &mnt_flags)) {
3728+
errorfcp(fc, "VFS", "Mount too revealing");
37283729
error = -EPERM;
3730+
}
37293731

37303732
if (unlikely(error)) {
37313733
fc_drop_locked(fc);
@@ -4441,7 +4443,7 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
44414443

44424444
ret = -EPERM;
44434445
if (mount_too_revealing(fc->root->d_sb, &mnt_flags)) {
4444-
pr_warn("VFS: Mount too revealing\n");
4446+
errorfcp(fc, "VFS", "Mount too revealing");
44454447
goto err_unlock;
44464448
}
44474449

include/linux/fs_context.h

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -186,10 +186,12 @@ struct fc_log {
186186
extern __attribute__((format(printf, 4, 5)))
187187
void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt, ...);
188188

189-
#define __logfc(fc, l, fmt, ...) logfc((fc)->log.log, NULL, \
190-
l, fmt, ## __VA_ARGS__)
191-
#define __plog(p, l, fmt, ...) logfc((p)->log, (p)->prefix, \
192-
l, fmt, ## __VA_ARGS__)
189+
#define __logfc(fc, l, fmt, ...) \
190+
logfc((fc)->log.log, NULL, (l), (fmt), ## __VA_ARGS__)
191+
#define __plogp(p, prefix, l, fmt, ...) \
192+
logfc((p)->log, (prefix), (l), (fmt), ## __VA_ARGS__)
193+
#define __plog(p, l, fmt, ...) __plogp(p, (p)->prefix, l, fmt, ## __VA_ARGS__)
194+
193195
/**
194196
* infof - Store supplementary informational message
195197
* @fc: The context in which to log the informational message
@@ -201,6 +203,8 @@ void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt,
201203
#define infof(fc, fmt, ...) __logfc(fc, 'i', fmt, ## __VA_ARGS__)
202204
#define info_plog(p, fmt, ...) __plog(p, 'i', fmt, ## __VA_ARGS__)
203205
#define infofc(fc, fmt, ...) __plog((&(fc)->log), 'i', fmt, ## __VA_ARGS__)
206+
#define infofcp(fc, prefix, fmt, ...) \
207+
__plogp((&(fc)->log), prefix, 'i', fmt, ## __VA_ARGS__)
204208

205209
/**
206210
* warnf - Store supplementary warning message
@@ -213,6 +217,8 @@ void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt,
213217
#define warnf(fc, fmt, ...) __logfc(fc, 'w', fmt, ## __VA_ARGS__)
214218
#define warn_plog(p, fmt, ...) __plog(p, 'w', fmt, ## __VA_ARGS__)
215219
#define warnfc(fc, fmt, ...) __plog((&(fc)->log), 'w', fmt, ## __VA_ARGS__)
220+
#define warnfcp(fc, prefix, fmt, ...) \
221+
__plogp((&(fc)->log), prefix, 'w', fmt, ## __VA_ARGS__)
216222

217223
/**
218224
* errorf - Store supplementary error message
@@ -225,6 +231,8 @@ void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt,
225231
#define errorf(fc, fmt, ...) __logfc(fc, 'e', fmt, ## __VA_ARGS__)
226232
#define error_plog(p, fmt, ...) __plog(p, 'e', fmt, ## __VA_ARGS__)
227233
#define errorfc(fc, fmt, ...) __plog((&(fc)->log), 'e', fmt, ## __VA_ARGS__)
234+
#define errorfcp(fc, prefix, fmt, ...) \
235+
__plogp((&(fc)->log), prefix, 'e', fmt, ## __VA_ARGS__)
228236

229237
/**
230238
* invalf - Store supplementary invalid argument error message
@@ -237,5 +245,7 @@ void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt,
237245
#define invalf(fc, fmt, ...) (errorf(fc, fmt, ## __VA_ARGS__), -EINVAL)
238246
#define inval_plog(p, fmt, ...) (error_plog(p, fmt, ## __VA_ARGS__), -EINVAL)
239247
#define invalfc(fc, fmt, ...) (errorfc(fc, fmt, ## __VA_ARGS__), -EINVAL)
248+
#define invalfcp(fc, prefix, fmt, ...) \
249+
(errorfcp(fc, prefix, fmt, ## __VA_ARGS__), -EINVAL)
240250

241251
#endif /* _LINUX_FS_CONTEXT_H */

0 commit comments

Comments
 (0)