[PATCH review 05/13] proc: Convert proc_mount to use mount_ns.

Djalal Harouni tixxdz at gmail.com
Thu Jun 23 11:50:08 UTC 2016 

On Mon, Jun 20, 2016 at 7:21 PM, Eric W. Biederman
<ebiederm at xmission.com> wrote:
> Move the call of get_pid_ns, the call of proc_parse_options, and
> the setting of s_iflags into proc_fill_super so that mount_ns
> can be used.
>
> Convert proc_mount to call mount_ns and remove the now unnecessary
> code.
>
> Acked-by: Seth Forshee <seth.forshee at canonical.com>
> Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>

Reviewed-by: Djalal Harouni <tixxdz at gmail.com>


> ---
>  fs/proc/inode.c    |  9 +++++++--
>  fs/proc/internal.h |  3 ++-
>  fs/proc/root.c     | 52 ++++------------------------------------------------
>  3 files changed, 13 insertions(+), 51 deletions(-)
>
> diff --git a/fs/proc/inode.c b/fs/proc/inode.c
> index 78fa452d65ed..f4817efb25a6 100644
> --- a/fs/proc/inode.c
> +++ b/fs/proc/inode.c
> @@ -457,12 +457,17 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
>         return inode;
>  }
>
> -int proc_fill_super(struct super_block *s)
> +int proc_fill_super(struct super_block *s, void *data, int silent)
>  {
> +       struct pid_namespace *ns = get_pid_ns(s->s_fs_info);
>         struct inode *root_inode;
>         int ret;
>
> -       s->s_iflags |= SB_I_USERNS_VISIBLE;
> +       if (!proc_parse_options(data, ns))
> +               return -EINVAL;
> +
> +       /* User space would break if executables appear on proc */
> +       s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC;
>         s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC;
>         s->s_blocksize = 1024;
>         s->s_blocksize_bits = 10;
> diff --git a/fs/proc/internal.h b/fs/proc/internal.h
> index aa2781095bd1..7931c558c192 100644
> --- a/fs/proc/internal.h
> +++ b/fs/proc/internal.h
> @@ -212,7 +212,7 @@ extern const struct inode_operations proc_pid_link_inode_operations;
>
>  extern void proc_init_inodecache(void);
>  extern struct inode *proc_get_inode(struct super_block *, struct proc_dir_entry *);
> -extern int proc_fill_super(struct super_block *);
> +extern int proc_fill_super(struct super_block *, void *data, int flags);
>  extern void proc_entry_rundown(struct proc_dir_entry *);
>
>  /*
> @@ -268,6 +268,7 @@ static inline void proc_tty_init(void) {}
>   * root.c
>   */
>  extern struct proc_dir_entry proc_root;
> +extern int proc_parse_options(char *options, struct pid_namespace *pid);
>
>  extern void proc_self_init(void);
>  extern int proc_remount(struct super_block *, int *, char *);
> diff --git a/fs/proc/root.c b/fs/proc/root.c
> index a1b2860fec62..8d3e484055a6 100644
> --- a/fs/proc/root.c
> +++ b/fs/proc/root.c
> @@ -23,21 +23,6 @@
>
>  #include "internal.h"
>
> -static int proc_test_super(struct super_block *sb, void *data)
> -{
> -       return sb->s_fs_info == data;
> -}
> -
> -static int proc_set_super(struct super_block *sb, void *data)
> -{
> -       int err = set_anon_super(sb, NULL);
> -       if (!err) {
> -               struct pid_namespace *ns = (struct pid_namespace *)data;
> -               sb->s_fs_info = get_pid_ns(ns);
> -       }
> -       return err;
> -}
> -
>  enum {
>         Opt_gid, Opt_hidepid, Opt_err,
>  };
> @@ -48,7 +33,7 @@ static const match_table_t tokens = {
>         {Opt_err, NULL},
>  };
>
> -static int proc_parse_options(char *options, struct pid_namespace *pid)
> +int proc_parse_options(char *options, struct pid_namespace *pid)
>  {
>         char *p;
>         substring_t args[MAX_OPT_ARGS];
> @@ -100,45 +85,16 @@ int proc_remount(struct super_block *sb, int *flags, char *data)
>  static struct dentry *proc_mount(struct file_system_type *fs_type,
>         int flags, const char *dev_name, void *data)
>  {
> -       int err;
> -       struct super_block *sb;
>         struct pid_namespace *ns;
> -       char *options;
>
>         if (flags & MS_KERNMOUNT) {
> -               ns = (struct pid_namespace *)data;
> -               options = NULL;
> +               ns = data;
> +               data = NULL;
>         } else {
>                 ns = task_active_pid_ns(current);
> -               options = data;
> -
> -               /* Does the mounter have privilege over the pid namespace? */
> -               if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
> -                       return ERR_PTR(-EPERM);
> -       }
> -
> -       sb = sget(fs_type, proc_test_super, proc_set_super, flags, ns);
> -       if (IS_ERR(sb))
> -               return ERR_CAST(sb);
> -
> -       if (!proc_parse_options(options, ns)) {
> -               deactivate_locked_super(sb);
> -               return ERR_PTR(-EINVAL);
> -       }
> -
> -       if (!sb->s_root) {
> -               err = proc_fill_super(sb);
> -               if (err) {
> -                       deactivate_locked_super(sb);
> -                       return ERR_PTR(err);
> -               }
> -
> -               sb->s_flags |= MS_ACTIVE;
> -               /* User space would break if executables appear on proc */
> -               sb->s_iflags |= SB_I_NOEXEC;
>         }
>
> -       return dget(sb->s_root);
> +       return mount_ns(fs_type, flags, data, ns, ns->user_ns, proc_fill_super);
>  }
>
>  static void proc_kill_sb(struct super_block *sb)
> --
> 2.8.3
>


-- 
tixxdz
http://opendz.org

More information about the Containers mailing list