vfs: Generalize filesystem nodev handling.

Introduce a function may_open_dev that tests MNT_NODEV and a new superblock flab SB_I_NODEV. Use this new function in all of the places where MNT_NODEV was previously tested. Add the new SB_I_NODEV s_iflag to proc, sysfs, and mqueuefs as those filesystems should never support device nodes, and a simple superblock flags makes that very hard to get wrong. With SB_I_NODEV set if any device nodes somehow manage to show up on on a filesystem those device nodes will be unopenable. Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2016-06-09 16:34:02 -0400
committer: Eric W. Biederman <ebiederm@xmission.com> 2016-06-23 16:41:57 -0400
commit: a2982cc922c3068783eb9a1f77a5626a1ec36a1f (patch)
tree: 61ccc6ad01f8804d5290ae4565ba8d4238bf648a
parent: 3ee690143c3c99f6c0e83f08ff17556890bc6027 (diff)
6 files changed, 15 insertions, 7 deletions
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 71ccab1d22c6..30b8d568203a 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1857,7 +1857,7 @@ struct block_device *lookup_bdev(const char *pathname)
        if (!S_ISBLK(inode->i_mode))
                goto fail;
        error = -EACCES;
-        if (path.mnt->mnt_flags & MNT_NODEV)
+        if (!may_open_dev(&path))
                goto fail;
        error = -ENOMEM;
        bdev = bd_acquire(inode);
diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c
index 1443df670260..b3d73ad52b22 100644
--- a/fs/kernfs/mount.c
+++ b/fs/kernfs/mount.c
@@ -152,8 +152,8 @@ static int kernfs_fill_super(struct super_block *sb, unsigned long magic)
        struct dentry *root;
        info->sb = sb;
-        /* Userspace would break if executables appear on sysfs */
+        /* Userspace would break if executables or devices appear on sysfs */
-        sb->s_iflags |= SB_I_NOEXEC;
+        sb->s_iflags |= SB_I_NOEXEC | SB_I_NODEV;
        sb->s_blocksize = PAGE_SIZE;
        sb->s_blocksize_bits = PAGE_SHIFT;
        sb->s_magic = magic;
diff --git a/fs/namei.c b/fs/namei.c
index 6a82fb7e2127..757a32725d92 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2881,6 +2881,12 @@ int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
 }
 EXPORT_SYMBOL(vfs_create);
+bool may_open_dev(const struct path *path)
+{
+        return !(path->mnt->mnt_flags & MNT_NODEV) &&
+                !(path->mnt->mnt_sb->s_iflags & SB_I_NODEV);
+}
 static int may_open(struct path *path, int acc_mode, int flag)
 {
        struct dentry *dentry = path->dentry;
@@ -2899,7 +2905,7 @@ static int may_open(struct path *path, int acc_mode, int flag)
                break;
        case S_IFBLK:
        case S_IFCHR:
-                if (path->mnt->mnt_flags & MNT_NODEV)
+                if (!may_open_dev(path))
                        return -EACCES;
                /*FALLTHRU*/
        case S_IFIFO:
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index f4817efb25a6..a5b2c33745b7 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -466,8 +466,8 @@ int proc_fill_super(struct super_block *s, void *data, int silent)
        if (!proc_parse_options(data, ns))
                return -EINVAL;
-        /* User space would break if executables appear on proc */
+        /* User space would break if executables or devices appear on proc */
-        s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC;
+        s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC | SB_I_NODEV;
        s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC;
        s->s_blocksize = 1024;
        s->s_blocksize_bits = 10;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 9eef64f23a75..e05983170d23 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1327,6 +1327,7 @@ struct mm_struct;
 /* sb->s_iflags */
 #define SB_I_CGROUPWB   0x00000001      /* cgroup-aware writeback enabled */
 #define SB_I_NOEXEC     0x00000002      /* Ignore executables on this fs */
+#define SB_I_NODEV      0x00000004      /* Ignore devices on this fs */
 /* sb->s_iflags to limit user namespace mounts */
 #define SB_I_USERNS_VISIBLE             0x00000010 /* fstype already mounted */
@@ -1602,6 +1603,7 @@ extern int vfs_whiteout(struct inode *, struct dentry *);
 */
 extern void inode_init_owner(struct inode *inode, const struct inode *dir,
                        umode_t mode);
+extern bool may_open_dev(const struct path *path);
 /*
 * VFS FS_IOC_FIEMAP helper definitions.
 */
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 5bdd50de7d05..0b13ace266f2 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -307,7 +307,7 @@ static int mqueue_fill_super(struct super_block *sb, void *data, int silent)
        struct inode *inode;
        struct ipc_namespace *ns = sb->s_fs_info;
-        sb->s_iflags |= SB_I_NOEXEC;
+        sb->s_iflags |= SB_I_NOEXEC | SB_I_NODEV;
        sb->s_blocksize = PAGE_SIZE;
        sb->s_blocksize_bits = PAGE_SHIFT;
        sb->s_magic = MQUEUE_MAGIC;
author	Eric W. Biederman <ebiederm@xmission.com>	2016-06-09 16:34:02 -0400
committer	Eric W. Biederman <ebiederm@xmission.com>	2016-06-23 16:41:57 -0400
commit	a2982cc922c3068783eb9a1f77a5626a1ec36a1f (patch)
tree	61ccc6ad01f8804d5290ae4565ba8d4238bf648a
parent	3ee690143c3c99f6c0e83f08ff17556890bc6027 (diff)