Commit a2982cc9 authored by Eric W. Biederman's avatar Eric W. Biederman

vfs: Generalize filesystem nodev handling.

Introduce a function may_open_dev that tests MNT_NODEV and a new
superblock flab SB_I_NODEV.  Use this new function in all of the
places where MNT_NODEV was previously tested.

Add the new SB_I_NODEV s_iflag to proc, sysfs, and mqueuefs as those
filesystems should never support device nodes, and a simple superblock
flags makes that very hard to get wrong.  With SB_I_NODEV set if any
device nodes somehow manage to show up on on a filesystem those
device nodes will be unopenable.
Acked-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent 3ee69014
...@@ -1857,7 +1857,7 @@ struct block_device *lookup_bdev(const char *pathname) ...@@ -1857,7 +1857,7 @@ struct block_device *lookup_bdev(const char *pathname)
if (!S_ISBLK(inode->i_mode)) if (!S_ISBLK(inode->i_mode))
goto fail; goto fail;
error = -EACCES; error = -EACCES;
if (path.mnt->mnt_flags & MNT_NODEV) if (!may_open_dev(&path))
goto fail; goto fail;
error = -ENOMEM; error = -ENOMEM;
bdev = bd_acquire(inode); bdev = bd_acquire(inode);
......
...@@ -152,8 +152,8 @@ static int kernfs_fill_super(struct super_block *sb, unsigned long magic) ...@@ -152,8 +152,8 @@ static int kernfs_fill_super(struct super_block *sb, unsigned long magic)
struct dentry *root; struct dentry *root;
info->sb = sb; info->sb = sb;
/* Userspace would break if executables appear on sysfs */ /* Userspace would break if executables or devices appear on sysfs */
sb->s_iflags |= SB_I_NOEXEC; sb->s_iflags |= SB_I_NOEXEC | SB_I_NODEV;
sb->s_blocksize = PAGE_SIZE; sb->s_blocksize = PAGE_SIZE;
sb->s_blocksize_bits = PAGE_SHIFT; sb->s_blocksize_bits = PAGE_SHIFT;
sb->s_magic = magic; sb->s_magic = magic;
......
...@@ -2881,6 +2881,12 @@ int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode, ...@@ -2881,6 +2881,12 @@ int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
} }
EXPORT_SYMBOL(vfs_create); EXPORT_SYMBOL(vfs_create);
bool may_open_dev(const struct path *path)
{
return !(path->mnt->mnt_flags & MNT_NODEV) &&
!(path->mnt->mnt_sb->s_iflags & SB_I_NODEV);
}
static int may_open(struct path *path, int acc_mode, int flag) static int may_open(struct path *path, int acc_mode, int flag)
{ {
struct dentry *dentry = path->dentry; struct dentry *dentry = path->dentry;
...@@ -2899,7 +2905,7 @@ static int may_open(struct path *path, int acc_mode, int flag) ...@@ -2899,7 +2905,7 @@ static int may_open(struct path *path, int acc_mode, int flag)
break; break;
case S_IFBLK: case S_IFBLK:
case S_IFCHR: case S_IFCHR:
if (path->mnt->mnt_flags & MNT_NODEV) if (!may_open_dev(path))
return -EACCES; return -EACCES;
/*FALLTHRU*/ /*FALLTHRU*/
case S_IFIFO: case S_IFIFO:
......
...@@ -466,8 +466,8 @@ int proc_fill_super(struct super_block *s, void *data, int silent) ...@@ -466,8 +466,8 @@ int proc_fill_super(struct super_block *s, void *data, int silent)
if (!proc_parse_options(data, ns)) if (!proc_parse_options(data, ns))
return -EINVAL; return -EINVAL;
/* User space would break if executables appear on proc */ /* User space would break if executables or devices appear on proc */
s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC; s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC | SB_I_NODEV;
s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC; s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC;
s->s_blocksize = 1024; s->s_blocksize = 1024;
s->s_blocksize_bits = 10; s->s_blocksize_bits = 10;
......
...@@ -1327,6 +1327,7 @@ struct mm_struct; ...@@ -1327,6 +1327,7 @@ struct mm_struct;
/* sb->s_iflags */ /* sb->s_iflags */
#define SB_I_CGROUPWB 0x00000001 /* cgroup-aware writeback enabled */ #define SB_I_CGROUPWB 0x00000001 /* cgroup-aware writeback enabled */
#define SB_I_NOEXEC 0x00000002 /* Ignore executables on this fs */ #define SB_I_NOEXEC 0x00000002 /* Ignore executables on this fs */
#define SB_I_NODEV 0x00000004 /* Ignore devices on this fs */
/* sb->s_iflags to limit user namespace mounts */ /* sb->s_iflags to limit user namespace mounts */
#define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */ #define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */
...@@ -1602,6 +1603,7 @@ extern int vfs_whiteout(struct inode *, struct dentry *); ...@@ -1602,6 +1603,7 @@ extern int vfs_whiteout(struct inode *, struct dentry *);
*/ */
extern void inode_init_owner(struct inode *inode, const struct inode *dir, extern void inode_init_owner(struct inode *inode, const struct inode *dir,
umode_t mode); umode_t mode);
extern bool may_open_dev(const struct path *path);
/* /*
* VFS FS_IOC_FIEMAP helper definitions. * VFS FS_IOC_FIEMAP helper definitions.
*/ */
......
...@@ -307,7 +307,7 @@ static int mqueue_fill_super(struct super_block *sb, void *data, int silent) ...@@ -307,7 +307,7 @@ static int mqueue_fill_super(struct super_block *sb, void *data, int silent)
struct inode *inode; struct inode *inode;
struct ipc_namespace *ns = sb->s_fs_info; struct ipc_namespace *ns = sb->s_fs_info;
sb->s_iflags |= SB_I_NOEXEC; sb->s_iflags |= SB_I_NOEXEC | SB_I_NODEV;
sb->s_blocksize = PAGE_SIZE; sb->s_blocksize = PAGE_SIZE;
sb->s_blocksize_bits = PAGE_SHIFT; sb->s_blocksize_bits = PAGE_SHIFT;
sb->s_magic = MQUEUE_MAGIC; sb->s_magic = MQUEUE_MAGIC;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment