[2/2] binderfs: make each binderfs mount a new instance
diff mbox series

Message ID 20190106140541.16442-3-christian@brauner.io
State Accepted
Commit b6c770d7c9dc7185b17d53a9d5ca1278c182d6fa
Headers show
  • binderfs: fixes
Related show

Commit Message

Christian Brauner Jan. 6, 2019, 2:05 p.m. UTC
When currently mounting binderfs in the same ipc namespace twice:

mount -t binder binder /A
mount -t binder binder /B

then the binderfs instances mounted on /A and /B will be the same, i.e.
they will have the same superblock. This was the first approach that seemed
reasonable. However, this leads to some problems and inconsistencies:

/* private binderfs instance in same ipc namespace */
There is no way for a user to request a private binderfs instance in the
same ipc namespace.
This request has been made in a private mail to me by two independent

/* bind-mounts */
If users want the same binderfs instance to appear in multiple places they
can use bind mounts. So there is no value in having a request for a new
binderfs mount giving them the same instance.

/* unexpected behavior */
It's surprising that request to mount binderfs is not giving the user a new
instance like tmpfs, devpts, ramfs, and others do.

/* past mistakes */
Other pseudo-filesystems once made the same mistakes of giving back the
same superblock when actually requesting a new mount (cf. devpts's
deprecated "newinstance" option).
We should not make the same mistake. Once we've committed to always giving
back the same superblock in the same IPC namespace with the next kernel
release we will not be able to make that change so better to do it now.

/* kdbusfs */
It was pointed out to me that kdbusfs - which is conceptually closely
related to binderfs - also allowed users to get a private kdbusfs instance
in the same IPC namespace by making each mount of kdbusfs a separate
instance. I think that makes a lot of sense.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 drivers/android/binderfs.c | 41 ++------------------------------------
 1 file changed, 2 insertions(+), 39 deletions(-)

diff mbox series

diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
index 6f68d6217eb3..4990d65d4850 100644
--- a/drivers/android/binderfs.c
+++ b/drivers/android/binderfs.c
@@ -379,7 +379,7 @@  static int binderfs_fill_super(struct super_block *sb, void *data, int silent)
 	struct binderfs_info *info;
 	int ret = -ENOMEM;
 	struct inode *inode = NULL;
-	struct ipc_namespace *ipc_ns = sb->s_fs_info;
+	struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns;
@@ -450,48 +450,11 @@  static int binderfs_fill_super(struct super_block *sb, void *data, int silent)
 	return ret;
-static int binderfs_test_super(struct super_block *sb, void *data)
-	struct binderfs_info *info = sb->s_fs_info;
-	if (info)
-		return info->ipc_ns == data;
-	return 0;
-static int binderfs_set_super(struct super_block *sb, void *data)
-	sb->s_fs_info = data;
-	return set_anon_super(sb, NULL);
 static struct dentry *binderfs_mount(struct file_system_type *fs_type,
 				     int flags, const char *dev_name,
 				     void *data)
-	struct super_block *sb;
-	struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns;
-	if (!ns_capable(ipc_ns->user_ns, CAP_SYS_ADMIN))
-		return ERR_PTR(-EPERM);
-	sb = sget_userns(fs_type, binderfs_test_super, binderfs_set_super,
-			 flags, ipc_ns->user_ns, ipc_ns);
-	if (IS_ERR(sb))
-		return ERR_CAST(sb);
-	if (!sb->s_root) {
-		int ret = binderfs_fill_super(sb, data, flags & SB_SILENT ? 1 : 0);
-		if (ret) {
-			deactivate_locked_super(sb);
-			return ERR_PTR(ret);
-		}
-		sb->s_flags |= SB_ACTIVE;
-	}
-	return dget(sb->s_root);
+	return mount_nodev(fs_type, flags, data, binderfs_fill_super);
 static void binderfs_kill_super(struct super_block *sb)