On Sat, Oct 01, 2016 at 06:01:34PM +0200, Martin Natano wrote: > After committing the new MNT_NOPERM flag I got some complaints that my > code doesn't work by people that recompiled mount_ffs, but didn't reboot > to the new kernel. I don't blame them; in that situation sys_mount() > silently ignores the unknown flag. IMHO we should check the flags more > strictly. Ok?
I think we once had a simmilar problem, when someone tried to unmount with MNT_DOOMED. So I like to check all flags at the beginning of the system call. But I think you should remove these from the mask: /* * Flags set by internal operations. */ #define MNT_LOCAL 0x00001000 /* filesystem is stored locally */ #define MNT_QUOTA 0x00002000 /* quotas are enabled on filesystem */ #define MNT_ROOTFS 0x00004000 /* identifies the root filesystem */ And I want this check also for sys_unmount(). bluhm > Index: sys/mount.h > =================================================================== > RCS file: /cvs/src/sys/sys/mount.h,v > retrieving revision 1.127 > diff -u -p -r1.127 mount.h > --- sys/mount.h 10 Sep 2016 16:53:30 -0000 1.127 > +++ sys/mount.h 1 Oct 2016 15:36:11 -0000 > @@ -414,6 +414,11 @@ struct mount { > #define MNT_DOOMED 0x08000000 /* device behind filesystem is gone */ > > /* > + * All mount flags. > + */ > +#define MNT_FLAGMASK 0x0e0fffff > + > +/* > * Flags for various system call interfaces. > * > * waitfor flags to vfs_sync() and getfsstat() > Index: kern/vfs_syscalls.c > =================================================================== > RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v > retrieving revision 1.265 > diff -u -p -r1.265 vfs_syscalls.c > --- kern/vfs_syscalls.c 10 Sep 2016 16:53:30 -0000 1.265 > +++ kern/vfs_syscalls.c 1 Oct 2016 15:36:11 -0000 > @@ -117,6 +117,9 @@ sys_mount(struct proc *p, void *v, regis > if ((error = suser(p, 0))) > return (error); > > + if (flags & ~MNT_FLAGMASK) > + return (EINVAL); > + > /* > * Mount points must fit in MNAMELEN, not MAXPATHLEN. > */