All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Christian Brauner <christian.brauner@ubuntu.com>
Cc: "Jens Axboe" <axboe@kernel.dk>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	linux-kernel@vger.kernel.org, linux-block@vger.kernel.org,
	linux-api@vger.kernel.org, "Jonathan Corbet" <corbet@lwn.net>,
	"Serge Hallyn" <serge@hallyn.com>,
	"Rafael J. Wysocki" <rafael@kernel.org>,
	"Tejun Heo" <tj@kernel.org>,
	"David S. Miller" <davem@davemloft.net>,
	"Saravana Kannan" <saravanak@google.com>,
	"Jan Kara" <jack@suse.cz>, "David Howells" <dhowells@redhat.com>,
	"Seth Forshee" <seth.forshee@canonical.com>,
	"David Rheinsberg" <david.rheinsberg@gmail.com>,
	"Tom Gundersen" <teg@jklm.no>,
	"Christian Kellner" <ckellner@redhat.com>,
	"Dmitry Vyukov" <dvyukov@google.com>,
	"Stéphane Graber" <stgraber@ubuntu.com>,
	linux-doc@vger.kernel.org, netdev@vger.kernel.org,
	"Steve Barber" <smbarber@google.com>,
	"Dylan Reid" <dgreid@google.com>,
	"Filipe Brandenburger" <filbranden@gmail.com>,
	"Kees Cook" <keescook@chromium.org>,
	"Benjamin Elder" <bentheelder@google.com>,
	"Akihiro Suda" <suda.kyoto@gmail.com>
Subject: Re: [PATCH v2 7/7] loopfs: only show devices in their correct instance
Date: Wed, 22 Apr 2020 20:37:54 -0500	[thread overview]
Message-ID: <20200423013754.GC2982@mail.hallyn.com> (raw)
In-Reply-To: <20200422145437.176057-8-christian.brauner@ubuntu.com>

On Wed, Apr 22, 2020 at 04:54:37PM +0200, Christian Brauner wrote:
> Since loopfs devices belong to a loopfs instance they have no business
> polluting the host's devtmpfs mount and should not propagate out of the
> namespace they belong to.
> 
> Cc: Jens Axboe <axboe@kernel.dk>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Reviewed-by: Serge Hallyn <serge@hallyn.com>

> ---
> /* v2 */
> unchanged
> ---
>  drivers/base/devtmpfs.c | 4 ++--
>  drivers/block/loop.c    | 4 +++-
>  include/linux/device.h  | 3 +++
>  3 files changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
> index c9017e0584c0..77371ceb88fa 100644
> --- a/drivers/base/devtmpfs.c
> +++ b/drivers/base/devtmpfs.c
> @@ -111,7 +111,7 @@ int devtmpfs_create_node(struct device *dev)
>  	const char *tmp = NULL;
>  	struct req req;
>  
> -	if (!thread)
> +	if (!thread || dev->no_devnode)
>  		return 0;
>  
>  	req.mode = 0;
> @@ -138,7 +138,7 @@ int devtmpfs_delete_node(struct device *dev)
>  	const char *tmp = NULL;
>  	struct req req;
>  
> -	if (!thread)
> +	if (!thread || dev->no_devnode)
>  		return 0;
>  
>  	req.name = device_get_devnode(dev, NULL, NULL, NULL, &tmp);
> diff --git a/drivers/block/loop.c b/drivers/block/loop.c
> index 2dc53bad4b48..5548151b9f11 100644
> --- a/drivers/block/loop.c
> +++ b/drivers/block/loop.c
> @@ -2213,8 +2213,10 @@ static int loop_add(struct loop_device **l, int i, struct inode *inode)
>  	disk->queue		= lo->lo_queue;
>  	sprintf(disk->disk_name, "loop%d", i);
>  #ifdef CONFIG_BLK_DEV_LOOPFS
> -	if (loopfs_i_sb(inode))
> +	if (loopfs_i_sb(inode)) {
>  		disk->user_ns = loopfs_i_sb(inode)->s_user_ns;
> +		disk_to_dev(disk)->no_devnode = true;
> +	}
>  #endif
>  
>  	add_disk(disk);
> diff --git a/include/linux/device.h b/include/linux/device.h
> index ac8e37cd716a..c69ef1c5a0ef 100644
> --- a/include/linux/device.h
> +++ b/include/linux/device.h
> @@ -523,6 +523,8 @@ struct dev_links_info {
>   *		  sync_state() callback.
>   * @dma_coherent: this particular device is dma coherent, even if the
>   *		architecture supports non-coherent devices.
> + * @no_devnode: whether device nodes associated with this device are kept out
> + *		of devtmpfs (e.g. due to separate filesystem)
>   *
>   * At the lowest level, every device in a Linux system is represented by an
>   * instance of struct device. The device structure contains the information
> @@ -622,6 +624,7 @@ struct device {
>      defined(CONFIG_ARCH_HAS_SYNC_DMA_FOR_CPU_ALL)
>  	bool			dma_coherent:1;
>  #endif
> +	bool			no_devnode:1;
>  };
>  
>  static inline struct device *kobj_to_dev(struct kobject *kobj)
> -- 
> 2.26.1

      reply	other threads:[~2020-04-23  1:37 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-22 14:54 [PATCH v2 0/7] loopfs Christian Brauner
2020-04-22 14:54 ` [PATCH v2 1/7] kobject_uevent: remove unneeded netlink_ns check Christian Brauner
2020-04-22 16:34   ` Greg Kroah-Hartman
2020-04-22 14:54 ` [PATCH v2 2/7] loopfs: implement loopfs Christian Brauner
2020-04-22 21:52   ` Serge E. Hallyn
2020-04-23 11:24     ` Christian Brauner
2020-04-23 16:17       ` Serge E. Hallyn
2020-04-23 16:29         ` Christian Brauner
2020-04-22 14:54 ` [PATCH v2 3/7] loop: use ns_capable for some loop operations Christian Brauner
2020-04-22 20:50   ` Serge E. Hallyn
2020-04-22 14:54 ` [PATCH v2 4/7] kernfs: handle multiple namespace tags Christian Brauner
2020-04-22 22:01   ` Serge E. Hallyn
2020-04-22 14:54 ` [PATCH v2 5/7] loop: preserve sysfs backwards compatibility Christian Brauner
2020-04-23  1:17   ` Serge E. Hallyn
2020-04-23 11:15     ` Christian Brauner
2020-04-23 16:13       ` Serge E. Hallyn
2020-04-22 14:54 ` [PATCH v2 6/7] loopfs: start attaching correct namespace during loop_add() Christian Brauner
2020-04-23  1:36   ` Serge E. Hallyn
2020-04-22 14:54 ` [PATCH v2 7/7] loopfs: only show devices in their correct instance Christian Brauner
2020-04-23  1:37   ` Serge E. Hallyn [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200423013754.GC2982@mail.hallyn.com \
    --to=serge@hallyn.com \
    --cc=axboe@kernel.dk \
    --cc=bentheelder@google.com \
    --cc=christian.brauner@ubuntu.com \
    --cc=ckellner@redhat.com \
    --cc=corbet@lwn.net \
    --cc=davem@davemloft.net \
    --cc=david.rheinsberg@gmail.com \
    --cc=dgreid@google.com \
    --cc=dhowells@redhat.com \
    --cc=dvyukov@google.com \
    --cc=filbranden@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jack@suse.cz \
    --cc=keescook@chromium.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=rafael@kernel.org \
    --cc=saravanak@google.com \
    --cc=seth.forshee@canonical.com \
    --cc=smbarber@google.com \
    --cc=stgraber@ubuntu.com \
    --cc=suda.kyoto@gmail.com \
    --cc=teg@jklm.no \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.