From: ebiederm@xmission.com (Eric W. Biederman)
To: Linux Containers <containers@lists.linux-foundation.org>
Cc: linux-fsdevel@vger.kernel.org,
"Linux API" <linux-api@vger.kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Andy Lutomirski" <luto@amacapital.net>,
"Richard Weinberger" <richard@nod.at>,
"Kenton Varda" <kenton@sandstorm.io>,
"Michael Kerrisk-manpages" <mtk.manpages@gmail.com>,
"Stéphane Graber" <stgraber@ubuntu.com>,
"Eric Windisch" <ewindisch@docker.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Tejun Heo" <tj@kernel.org>
Subject: [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories.
Date: Thu, 14 May 2015 12:33:09 -0500 [thread overview]
Message-ID: <87382zjc8a.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <87pp63jcca.fsf@x220.int.ebiederm.org> (Eric W. Biederman's message of "Thu, 14 May 2015 12:30:45 -0500")
To ensure it is safe to mount proc and sysfs I need to check if
filesystems that are mounted on top of them are mounted on truly empty
directories. Given that some directories can gain entries over time,
knowing that a directory is empty right now is insufficient.
Therefore add supporting infrastructure for permantently empty
directories that proc and sysfs can use when they create mount points
for filesystems and fs_fully_visible can use to test for permanently
empty directories to ensure that nothing will be gained by mounting a
fresh copy of proc or sysfs.
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
fs/libfs.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
include/linux/fs.h | 2 ++
2 files changed, 98 insertions(+)
diff --git a/fs/libfs.c b/fs/libfs.c
index cb1fb4b9b637..02813592e121 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -1093,3 +1093,99 @@ simple_nosetlease(struct file *filp, long arg, struct file_lock **flp,
return -EINVAL;
}
EXPORT_SYMBOL(simple_nosetlease);
+
+
+/*
+ * Operations for a permanently empty directory.
+ */
+static struct dentry *empty_dir_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags)
+{
+ return ERR_PTR(-ENOENT);
+}
+
+static int empty_dir_getattr(struct vfsmount *mnt, struct dentry *dentry,
+ struct kstat *stat)
+{
+ struct inode *inode = d_inode(dentry);
+ generic_fillattr(inode, stat);
+ return 0;
+}
+
+static int empty_dir_setattr(struct dentry *dentry, struct iattr *attr)
+{
+ return -EPERM;
+}
+
+static int empty_dir_setxattr(struct dentry *dentry, const char *name,
+ const void *value, size_t size, int flags)
+{
+ return -EOPNOTSUPP;
+}
+
+static ssize_t empty_dir_getxattr(struct dentry *dentry, const char *name,
+ void *value, size_t size)
+{
+ return -EOPNOTSUPP;
+}
+
+static int empty_dir_removexattr(struct dentry *dentry, const char *name)
+{
+ return -EOPNOTSUPP;
+}
+
+static ssize_t empty_dir_listxattr(struct dentry *dentry, char *list, size_t size)
+{
+ return -EOPNOTSUPP;
+}
+
+static const struct inode_operations empty_dir_inode_operations = {
+ .lookup = empty_dir_lookup,
+ .permission = generic_permission,
+ .setattr = empty_dir_setattr,
+ .getattr = empty_dir_getattr,
+ .setxattr = empty_dir_setxattr,
+ .getxattr = empty_dir_getxattr,
+ .removexattr = empty_dir_removexattr,
+ .listxattr = empty_dir_listxattr,
+};
+
+static loff_t empty_dir_llseek(struct file *file, loff_t offset, int whence)
+{
+ /* An empty directory has two entries . and .. at offsets 0 and 1 */
+ return generic_file_llseek_size(file, offset, whence, 2, 2);
+}
+
+static int empty_dir_readdir(struct file *file, struct dir_context *ctx)
+{
+ dir_emit_dots(file, ctx);
+ return 0;
+}
+
+static const struct file_operations empty_dir_operations = {
+ .llseek = empty_dir_llseek,
+ .read = generic_read_dir,
+ .iterate = empty_dir_readdir,
+ .fsync = noop_fsync,
+};
+
+
+void make_empty_dir_inode(struct inode *inode)
+{
+ set_nlink(inode, 2);
+ inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO;
+ inode->i_uid = GLOBAL_ROOT_UID;
+ inode->i_gid = GLOBAL_ROOT_GID;
+ inode->i_rdev = 0;
+ inode->i_size = 2;
+ inode->i_blkbits = PAGE_SHIFT;
+ inode->i_blocks = 0;
+
+ inode->i_op = &empty_dir_inode_operations;
+ inode->i_fop = &empty_dir_operations;
+}
+
+bool is_empty_dir_inode(struct inode *inode)
+{
+ return (inode->i_fop == &empty_dir_operations) &&
+ (inode->i_op == &empty_dir_inode_operations);
+}
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 2d24eeb8e59c..571aab91bfc0 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2780,6 +2780,8 @@ extern struct dentry *simple_lookup(struct inode *, struct dentry *, unsigned in
extern ssize_t generic_read_dir(struct file *, char __user *, size_t, loff_t *);
extern const struct file_operations simple_dir_operations;
extern const struct inode_operations simple_dir_inode_operations;
+extern void make_empty_dir_inode(struct inode *inode);
+extern bool is_empty_dir_inode(struct inode *inode);
struct tree_descr { char *name; const struct file_operations *ops; int mode; };
struct dentry *d_alloc_name(struct dentry *, const char *);
extern int simple_fill_super(struct super_block *, unsigned long, struct tree_descr *);
--
2.2.1
next prev parent reply other threads:[~2015-05-14 17:37 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-14 17:30 [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Eric W. Biederman
2015-05-14 17:33 ` Eric W. Biederman [this message]
2015-05-14 17:33 ` [CFT][PATCH 05/10] sysctl: Allow creating permanently empty directories Eric W. Biederman
[not found] ` <87pp63jcca.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-14 17:31 ` [CFT][PATCH 01/10] mnt: Refactor the logic for mounting sysfs and proc in a user namespace Eric W. Biederman
2015-05-14 17:32 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
2015-05-14 17:32 ` [CFT][PATCH 03/10] vfs: Ignore unlocked mounts in fs_fully_visible Eric W. Biederman
2015-05-14 17:34 ` [CFT][PATCH 06/10] proc: Allow creating permanently empty directories Eric W. Biederman
2015-05-14 17:34 ` [CFT][PATCH 07/10] kernfs: Add support for always " Eric W. Biederman
2015-05-14 17:35 ` [CFT][PATCH 08/10] sysfs: Add support for permanently " Eric W. Biederman
[not found] ` <87fv6zhxkp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-14 20:31 ` Greg Kroah-Hartman
[not found] ` <20150514203131.GB16416-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-05-14 21:33 ` Eric W. Biederman
2015-05-14 17:36 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_empty_dir Eric W. Biederman
[not found] ` <878ucrhxi9.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-11 18:44 ` Tejun Heo
2015-08-11 18:57 ` Eric W. Biederman
2015-08-11 19:21 ` Andy Lutomirski
[not found] ` <CALCETrXE=fKa3XkEEo6y2=ZNtsuBfX=kaoyDwiP0C2BwqKJWjw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-08-12 0:58 ` Eric W. Biederman
[not found] ` <87mvxxcogp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 20:00 ` Tejun Heo
2015-08-12 20:27 ` Eric W. Biederman
[not found] ` <87r3n82qxd.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 21:05 ` Tejun Heo
[not found] ` <877fp1hcuj.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-11 20:11 ` Tejun Heo
[not found] ` <CAOS58YOHU8SFv4UXeBRr4t88UU=DXQCPg2HU_dMBmgM7WBB1zQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-08-12 0:37 ` Eric W. Biederman
[not found] ` <87fv3pe3zn.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 3:58 ` Eric W. Biederman
[not found] ` <87a8txb1k8.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 4:04 ` Eric W. Biederman
[not found] ` <871tf9b19v.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 19:15 ` Tejun Heo
[not found] ` <20150812191515.GA4496-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-08-12 20:07 ` [PATCH] fs: Set the size of empty dirs to 0 Eric W. Biederman
[not found] ` <87mvxw46fc.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 20:18 ` Tejun Heo
2015-05-14 17:37 ` [CFT][PATCH 10/10] mnt: Update fs_fully_visible to test for permanently empty directories Eric W. Biederman
2015-05-14 20:29 ` [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Greg Kroah-Hartman
2015-05-14 21:10 ` Eric W. Biederman
[not found] ` <87oalmg90j.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-15 6:26 ` Andy Lutomirski
[not found] ` <CALCETrU1yxcDfv4YV3wVpWMAdiOOsSUFOPUpFAN-mVA4M-OxdQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-15 6:55 ` Eric W. Biederman
2015-05-16 2:05 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
2015-05-16 2:06 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
[not found] ` <87siaxuvik.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-16 2:06 ` [CFT][PATCH 01/10] mnt: Refactor the logic for mounting sysfs and proc in a user namespace Eric W. Biederman
2015-05-16 2:07 ` [CFT][PATCH 03/10] vfs: Ignore unlocked mounts in fs_fully_visible Eric W. Biederman
2015-05-16 2:07 ` [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories Eric W. Biederman
2015-05-16 2:08 ` [CFT][PATCH 05/10] sysctl: Allow creating permanently empty directories that serve as mountpoints Eric W. Biederman
2015-05-16 2:08 ` [CFT][PATCH 06/10] proc: Allow creating permanently empty directories that serve as mount points Eric W. Biederman
2015-05-16 2:09 ` [CFT][PATCH 07/10] kernfs: Add support for always empty directories Eric W. Biederman
2015-05-16 2:09 ` [CFT][PATCH 08/10] sysfs: Add support for permanently empty directories to serve as mount points Eric W. Biederman
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-16 2:10 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_mount_point Eric W. Biederman
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-16 2:11 ` [CFT][PATCH 10/10] mnt: Update fs_fully_visible to test for permanently empty directories Eric W. Biederman
2015-05-22 17:39 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
[not found] ` <87wq004im1.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-22 18:59 ` Andy Lutomirski
[not found] ` <CALCETrUhXBR5WQ6gXr9KzGc4=7tph7kzopY29Hug4g+FhOzEKg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-22 20:41 ` Eric W. Biederman
2015-05-28 14:08 ` Serge Hallyn
2015-05-28 15:03 ` Eric W. Biederman
2015-05-28 17:33 ` Andy Lutomirski
[not found] ` <CALCETrXXax28s9kMTQ-zDx0MttQWG4rg2y-oz3bSGiumSL=3sg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 18:20 ` Kenton Varda
[not found] ` <CAOP=4wid+N_80iyPpiVMN96_fuHZZRGtYQ6AOPn-HFBj2H6Vgg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 19:14 ` Eric W. Biederman
[not found] ` <87fv6gikfn.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 20:12 ` Kenton Varda
2015-05-28 20:47 ` Richard Weinberger
2015-05-28 21:07 ` Kenton Varda
[not found] ` <CAOP=4wiAA4SqvMn_rQJHOjg6M-75bi_G9Fx8ENgVnYdkT5WVQA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 21:12 ` Richard Weinberger
2015-05-29 0:30 ` Andy Lutomirski
2015-05-29 0:35 ` Andy Lutomirski
[not found] ` <CALCETrXO21Y7PR=pKqaqJb1YZArNyjAv7Z-J44O53FcfLM_0Tw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-29 4:36 ` Eric W. Biederman
[not found] ` <87fv6g80g7.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-29 4:54 ` Kenton Varda
2015-05-29 17:49 ` Andy Lutomirski
2015-06-03 21:13 ` Eric W. Biederman
[not found] ` <87k2vkebri.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-03 21:15 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible Eric W. Biederman
[not found] ` <87eglseboh.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 4:35 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible (take 2) Eric W. Biederman
[not found] ` <874mmodral.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 5:20 ` Greg Kroah-Hartman
2015-06-05 0:46 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible Andy Lutomirski
[not found] ` <CALCETrWwtFaiaYGLoq4EPkrgcq9nEA2GseVfP3iBkbYZ8NfGPg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-06-06 19:14 ` Eric W. Biederman
2015-06-04 5:19 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Greg Kroah-Hartman
2015-06-04 6:27 ` Eric W. Biederman
[not found] ` <87h9qo6la9.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 7:34 ` Eric W. Biederman
2015-06-16 12:23 ` Daniel P. Berrange
2015-05-28 21:04 ` Serge E. Hallyn
[not found] ` <20150528210438.GA14849-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2015-05-28 21:42 ` Eric W. Biederman
2015-05-28 21:52 ` Serge E. Hallyn
2015-05-28 19:36 ` Richard Weinberger
[not found] ` <55676E32.3050006-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 19:57 ` Eric W. Biederman
2015-05-28 20:30 ` Richard Weinberger
[not found] ` <55677AEF.1090809-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 21:32 ` Eric W. Biederman
[not found] ` <87iobcfkwx.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 21:46 ` Richard Weinberger
[not found] ` <55678CCA.80807-/L3Ra7n9ekc@public.gmane.org>
2015-06-16 12:30 ` Daniel P. Berrange
2015-05-29 9:30 ` Richard Weinberger
[not found] ` <556831CF.9040600-/L3Ra7n9ekc@public.gmane.org>
2015-05-29 17:41 ` Eric W. Biederman
2015-06-06 18:56 ` Eric W. Biederman
[not found] ` <87mw0c1x8p.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-16 12:31 ` Daniel P. Berrange
[not found] ` <20150616123148.GB18689-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-06-16 12:46 ` Richard Weinberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87382zjc8a.fsf@x220.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=containers@lists.linux-foundation.org \
--cc=ewindisch@docker.com \
--cc=gregkh@linuxfoundation.org \
--cc=kenton@sandstorm.io \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mtk.manpages@gmail.com \
--cc=richard@nod.at \
--cc=serge@hallyn.com \
--cc=stgraber@ubuntu.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).