Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / a2982cc922c3068783eb9a1f77a5626a1ec36a1f^! / . / fs / proc
commita2982cc922c3068783eb9a1f77a5626a1ec36a1f[log] [tgz]
authorEric W. Biederman <ebiederm@xmission.com>Thu Jun 09 15:34:02 2016 -0500
committerEric W. Biederman <ebiederm@xmission.com>Thu Jun 23 15:41:57 2016 -0500
tree61ccc6ad01f8804d5290ae4565ba8d4238bf648a
parent3ee690143c3c99f6c0e83f08ff17556890bc6027 [diff]
vfs: Generalize filesystem nodev handling.

Introduce a function may_open_dev that tests MNT_NODEV and a new
superblock flab SB_I_NODEV.  Use this new function in all of the
places where MNT_NODEV was previously tested.

Add the new SB_I_NODEV s_iflag to proc, sysfs, and mqueuefs as those
filesystems should never support device nodes, and a simple superblock
flags makes that very hard to get wrong.  With SB_I_NODEV set if any
device nodes somehow manage to show up on on a filesystem those
device nodes will be unopenable.

Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index f4817ef..a5b2c33 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c

@@ -466,8 +466,8 @@
 	if (!proc_parse_options(data, ns))
 		return -EINVAL;
 
-	/* User space would break if executables appear on proc */
-	s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC;
+	/* User space would break if executables or devices appear on proc */
+	s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC | SB_I_NODEV;
 	s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC;
 	s->s_blocksize = 1024;
 	s->s_blocksize_bits = 10;