Blocking the access to the device files.

Blocking the access to the device files.

[Prasad Joshi]

Hello All,

ZFS file system has a property called devices. If turned off, ZFS
would not allow access to the device files (block/character) present
on the file system. I want to implement the same behavior on the a
Linux File System.

I can always check for device files in open/read/write/mmap functions,
but I am looking for better implemention.

Does any of the FS on Linux has this facility or Is there any mount
flag that I can use?

Thanks and Regards,
Prasad

Blocking the access to the device files.

[Mulyadi Santosa]

On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote:
> Hello All,
>
> ZFS file system has a property called devices. If turned off, ZFS
> would not allow access to the device files (block/character) present
> on the file system. I want to implement the same behavior on the a
> Linux File System.

I don't know about ZFS, so could you please elaborate on what you mean
by "ZFS could disallow access"?

IMHO, (untested), you could simply do it using usual Linux
file/directory permission up to SELinux/AppArmor....so, is that what
you mean?

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

Blocking the access to the device files.

[Greg Freemyer]

On Wed, Dec 29, 2010 at 11:12 AM, Mulyadi Santosa
<mulyadi.santosa@gmail.com> wrote:
> On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote:
>> Hello All,
>>
>> ZFS file system has a property called devices. If turned off, ZFS
>> would not allow access to the device files (block/character) present
>> on the file system. I want to implement the same behavior on the a
>> Linux File System.
>
> I don't know about ZFS, so could you please elaborate on what you mean
> by "ZFS could disallow access"?
>
> IMHO, (untested), you could simply do it using usual Linux
> file/directory permission up to SELinux/AppArmor....so, is that what
> you mean?
>
> --
> regards,
>
> Mulyadi Santosa

Mulyadi,

My guess is that it is more complex than that.

Some filesystems have issues if the raw drive is read while the
filesystem is mounted.  I think it is caused by inconsistencies in the
various cache's.  ie. iirc, At least in the 2.4 kernel there was not a
single unified cache for block layer and filesystems.  So doing raw
reads of underlying device while it was mounted could cause the caches
to get out of sync.

I don't recall the details, but either the kernel would oops or the
filesystem would become corrupt.  I don't know if any 2.6 filesystems
still have that issue.  Anyway ZFS must have a similar issue.

So a ZFS filesystem developer knowing this was a conflict could add a
check in the /dev/sda open() that would fail the open if there was a
mounted filesystem of type ZFS on the drive.

And the mount should fail if /dev/sda is already open.

I'm not aware of the 2.6.x linux kernel offering any infrastructure to
help with that issue.

Greg

Blocking the access to the device files.

[Mulyadi Santosa]

Hi Greg :)

On Thu, Dec 30, 2010 at 00:01, Greg Freemyer <greg.freemyer@gmail.com> wrote:
> My guess is that it is more complex than that.
>
> Some filesystems have issues if the raw drive is read while the
> filesystem is mounted. ?I think it is caused by inconsistencies in the
> various cache's. ?ie. iirc, At least in the 2.4 kernel there was not a
> single unified cache for block layer and filesystems. ?So doing raw
> reads of underlying device while it was mounted could cause the caches
> to get out of sync.

Oh, that issue? well, in that case, I have no prevent such thing...I
was offering the previous idea since I have very little cues on what
Prasad mean by "disabling access"....

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

Blocking the access to the device files.

[mindentropy]

On Wednesday 29 Dec 2010 10:31:37 pm Greg Freemyer wrote:
> On Wed, Dec 29, 2010 at 11:12 AM, Mulyadi Santosa
> 
> <mulyadi.santosa@gmail.com> wrote:
> > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> 
wrote:
> >> Hello All,
> >> 
> >> ZFS file system has a property called devices. If turned off, ZFS
> >> would not allow access to the device files (block/character) present
> >> on the file system. I want to implement the same behavior on the a
> >> Linux File System.
> > 
> > I don't know about ZFS, so could you please elaborate on what you mean
> > by "ZFS could disallow access"?
> > 
> > IMHO, (untested), you could simply do it using usual Linux
> > file/directory permission up to SELinux/AppArmor....so, is that what
> > you mean?
> > 
> > --
> > regards,
> > 
> > Mulyadi Santosa
> 
> Mulyadi,
> 
> My guess is that it is more complex than that.
> 
> Some filesystems have issues if the raw drive is read while the
> filesystem is mounted.  I think it is caused by inconsistencies in the
> various cache's.  ie. iirc, At least in the 2.4 kernel there was not a
> single unified cache for block layer and filesystems.  So doing raw
> reads of underlying device while it was mounted could cause the caches
> to get out of sync.
> 
> I don't recall the details, but either the kernel would oops or the
> filesystem would become corrupt.  I don't know if any 2.6 filesystems
> still have that issue.  Anyway ZFS must have a similar issue.
> 
> So a ZFS filesystem developer knowing this was a conflict could add a
> check in the /dev/sda open() that would fail the open if there was a
> mounted filesystem of type ZFS on the drive.
> 
> And the mount should fail if /dev/sda is already open.
> 
> I'm not aware of the 2.6.x linux kernel offering any infrastructure to
> help with that issue.
> 
> Greg
> 
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Greg,
> So doing raw
> reads of underlying device while it was mounted could cause the caches
> to get out of sync.

    So doing a 'dd' would cause the kernel to oops?

Thanks.

Blocking the access to the device files.

[Mulyadi Santosa]

On Thu, Dec 30, 2010 at 01:54, mindentropy <mindentropy@gmail.com> wrote:
> On Wednesday 29 Dec 2010 10:31:37 pm Greg Freemyer wrote:
>> So doing raw
>> reads of underlying device while it was mounted could cause the caches
>> to get out of sync.
>
> ? ?So doing a 'dd' would cause the kernel to oops?

I believe what Greg meant was "doing write". I see no problem if it's
raw read....

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

Blocking the access to the device files.

[Greg Freemyer]

On Wed, Dec 29, 2010 at 1:54 PM, mindentropy <mindentropy@gmail.com> wrote:
> On Wednesday 29 Dec 2010 10:31:37 pm Greg Freemyer wrote:
>> On Wed, Dec 29, 2010 at 11:12 AM, Mulyadi Santosa
>>
>> <mulyadi.santosa@gmail.com> wrote:
>> > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com>
> wrote:
>> >> Hello All,
>> >>
>> >> ZFS file system has a property called devices. If turned off, ZFS
>> >> would not allow access to the device files (block/character) present
>> >> on the file system. I want to implement the same behavior on the a
>> >> Linux File System.
>> >
>> > I don't know about ZFS, so could you please elaborate on what you mean
>> > by "ZFS could disallow access"?
>> >
>> > IMHO, (untested), you could simply do it using usual Linux
>> > file/directory permission up to SELinux/AppArmor....so, is that what
>> > you mean?
>> >
>> > --
>> > regards,
>> >
>> > Mulyadi Santosa
>>
>> Mulyadi,
>>
>> My guess is that it is more complex than that.
>>
>> Some filesystems have issues if the raw drive is read while the
>> filesystem is mounted. ?I think it is caused by inconsistencies in the
>> various cache's. ?ie. iirc, At least in the 2.4 kernel there was not a
>> single unified cache for block layer and filesystems. ?So doing raw
>> reads of underlying device while it was mounted could cause the caches
>> to get out of sync.
>>
>> I don't recall the details, but either the kernel would oops or the
>> filesystem would become corrupt. ?I don't know if any 2.6 filesystems
>> still have that issue. ?Anyway ZFS must have a similar issue.
>>
>> So a ZFS filesystem developer knowing this was a conflict could add a
>> check in the /dev/sda open() that would fail the open if there was a
>> mounted filesystem of type ZFS on the drive.
>>
>> And the mount should fail if /dev/sda is already open.
>>
>> I'm not aware of the 2.6.x linux kernel offering any infrastructure to
>> help with that issue.
>>
>> Greg
>>
>> _______________________________________________
>> Kernelnewbies mailing list
>> Kernelnewbies at kernelnewbies.org
>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
> Greg,
>> So doing raw
>> reads of underlying device while it was mounted could cause the caches
>> to get out of sync.
>
> ? ?So doing a 'dd' would cause the kernel to oops?
>
> Thanks.

I really don't remember what the problem was.  It was about 2003 or
2004 I think that I came across the issue.  I don't recall if it was
XFS or ext2/3 or what.

I just know I came to the conclusion that dd if=/dev/sda of=/dev/null
was not always safe if the drive had a mounted filesystem.  Hopefully
its been fixed by now.

Greg

Blocking the access to the device files.

[Mulyadi Santosa]

Hi Greg...

On Thu, Dec 30, 2010 at 02:02, Greg Freemyer <greg.freemyer@gmail.com> wrote:
> I really don't remember what the problem was. ?It was about 2003 or
> 2004 I think that I came across the issue. ?I don't recall if it was
> XFS or ext2/3 or what.
>
> I just know I came to the conclusion that dd if=/dev/sda of=/dev/null
> was not always safe if the drive had a mounted filesystem. ?Hopefully
> its been fixed by now.

2.4.x? If yes, I am not so surprised since buffer cache and page cache
aren't unified yet, unlike in 2.6.x. I highly guess that was indeed
synchronization issue....

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

Blocking the access to the device files.

[Greg Freemyer]

On Wed, Dec 29, 2010 at 2:07 PM, Mulyadi Santosa
<mulyadi.santosa@gmail.com> wrote:
> Hi Greg...
>
> On Thu, Dec 30, 2010 at 02:02, Greg Freemyer <greg.freemyer@gmail.com> wrote:
>> I really don't remember what the problem was. ?It was about 2003 or
>> 2004 I think that I came across the issue. ?I don't recall if it was
>> XFS or ext2/3 or what.
>>
>> I just know I came to the conclusion that dd if=/dev/sda of=/dev/null
>> was not always safe if the drive had a mounted filesystem. ?Hopefully
>> its been fixed by now.
>
> 2.4.x? If yes, I am not so surprised since buffer cache and page cache
> aren't unified yet, unlike in 2.6.x. I highly guess that was indeed
> synchronization issue....

yes, 2.4.x was what I am talking about.

Blocking the access to the device files.

[Prasad Joshi]

On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa
<mulyadi.santosa@gmail.com> wrote:
> On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote:
>> Hello All,
>>
>> ZFS file system has a property called devices. If turned off, ZFS
>> would not allow access to the device files (block/character) present
>> on the file system. I want to implement the same behavior on the a
>> Linux File System.
>
> I don't know about ZFS, so could you please elaborate on what you mean
> by "ZFS could disallow access"?

I am really sorry that I was not clear with the first mail. Thanks a
lot for all mail replies and for sharing important information.
By not disallowing access to device files I ment

root at prasad-laptop:~# mount disk -o loop arm/

root at prasad-laptop:~/arm# mount -t ext3
/dev/loop0 on /home/prasad/arm type ext3 (rw)

############# CREATING A DEVICE FILE ON THE FILE SYSTEM
root at prasad-laptop:~/arm# mknod zero c 1 5

root at prasad-laptop:~/arm# ls
lost+found  zero

root at prasad-laptop:~/arm# ls -l
total 12
drwx------ 2 root root 12288 2010-12-23 11:28 lost+found
crw-r--r-- 1 root root  1, 5 2010-12-23 11:28 zero

root at prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K
dd: writing `disk': No space left on device
9313+0 records in
9312+0 records out
95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s

root at prasad-laptop:~/arm# ls -l
total 93499
-rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk
drwx------ 2 root root    12288 2010-12-23 11:28 lost+found
crw-r--r-- 1 root root     1, 5 2010-12-23 11:28 zero

Here the file system allowed access to the device file named zero. The
requirement is to turn off the access to all of the device files
present on the mounted file system. ie. considering the above case
access (open/read/write) to/from device zero should not be allowed
(even by root user). I don't know why would one create a device file
on a file system other than /dev.

I could modify the open code to check if the file the file being
opened is device file then return either EPERM or EACCESS (not sure
which one). But before modifying the code I thought of checking mount
flags, could not find one, hence thought of asking on mailing list.

Thanks a lot for wonderful replies and sharing valuable information.
Hope the example above has made the requirement clear.

Thanks and Regards,
Prasad
>
> IMHO, (untested), you could simply do it using usual Linux
> file/directory permission up to SELinux/AppArmor....so, is that what
> you mean?
>
> --
> regards,
>
> Mulyadi Santosa
> Freelance Linux trainer and consultant
>
> blog: the-hydra.blogspot.com
> training: mulyaditraining.blogspot.com
>

Blocking the access to the device files.

[Greg Freemyer]

On Wed, Dec 29, 2010 at 6:32 PM, Prasad Joshi <prasadjoshi124@gmail.com> wrote:
> On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa
> <mulyadi.santosa@gmail.com> wrote:
>> On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote:
>>> Hello All,
>>>
>>> ZFS file system has a property called devices. If turned off, ZFS
>>> would not allow access to the device files (block/character) present
>>> on the file system. I want to implement the same behavior on the a
>>> Linux File System.
>>
>> I don't know about ZFS, so could you please elaborate on what you mean
>> by "ZFS could disallow access"?
>
> I am really sorry that I was not clear with the first mail. Thanks a
> lot for all mail replies and for sharing important information.
> By not disallowing access to device files I ment
>
> root at prasad-laptop:~# mount disk -o loop arm/
>
> root at prasad-laptop:~/arm# mount -t ext3
> /dev/loop0 on /home/prasad/arm type ext3 (rw)
>
> ############# CREATING A DEVICE FILE ON THE FILE SYSTEM
> root at prasad-laptop:~/arm# mknod zero c 1 5
>
> root at prasad-laptop:~/arm# ls
> lost+found ?zero
>
> root at prasad-laptop:~/arm# ls -l
> total 12
> drwx------ 2 root root 12288 2010-12-23 11:28 lost+found
> crw-r--r-- 1 root root ?1, 5 2010-12-23 11:28 zero
>
> root at prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K
> dd: writing `disk': No space left on device
> 9313+0 records in
> 9312+0 records out
> 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s
>
> root at prasad-laptop:~/arm# ls -l
> total 93499
> -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk
> drwx------ 2 root root ? ?12288 2010-12-23 11:28 lost+found
> crw-r--r-- 1 root root ? ? 1, 5 2010-12-23 11:28 zero
>
> Here the file system allowed access to the device file named zero. The
> requirement is to turn off the access to all of the device files
> present on the mounted file system. ie. considering the above case
> access (open/read/write) to/from device zero should not be allowed
> (even by root user). I don't know why would one create a device file
> on a file system other than /dev.
>
> I could modify the open code to check if the file the file being
> opened is device file then return either EPERM or EACCESS (not sure
> which one). But before modifying the code I thought of checking mount
> flags, could not find one, hence thought of asking on mailing list.
>
> Thanks a lot for wonderful replies and sharing valuable information.
> Hope the example above has made the requirement clear.
>
> Thanks and Regards,
> Prasad

Well that's totally different than I thought.

Why not stop the mknod from working instead of the open?

mknod is not be part of the "hot path", where open could easily be for
some apps.

ie. If your FS does not support device files, then simply don't allow
them to be created.

Thanks
Greg

Blocking the access to the device files.

[Henry Gebhardt]

On Wed, Dec 29, 2010 at 11:32:18PM +0000, Prasad Joshi wrote:
> On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa
> <mulyadi.santosa@gmail.com> wrote:
> > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote:
> >> Hello All,
> >>
> >> ZFS file system has a property called devices. If turned off, ZFS
> >> would not allow access to the device files (block/character) present
> >> on the file system. I want to implement the same behavior on the a
> >> Linux File System.
> >
> > I don't know about ZFS, so could you please elaborate on what you mean
> > by "ZFS could disallow access"?
> 
> I am really sorry that I was not clear with the first mail. Thanks a
> lot for all mail replies and for sharing important information.
> By not disallowing access to device files I ment
> 
> root at prasad-laptop:~# mount disk -o loop arm/
> 
> root at prasad-laptop:~/arm# mount -t ext3
> /dev/loop0 on /home/prasad/arm type ext3 (rw)
> 
> ############# CREATING A DEVICE FILE ON THE FILE SYSTEM
> root at prasad-laptop:~/arm# mknod zero c 1 5
> 
> root at prasad-laptop:~/arm# ls
> lost+found  zero
> 
> root at prasad-laptop:~/arm# ls -l
> total 12
> drwx------ 2 root root 12288 2010-12-23 11:28 lost+found
> crw-r--r-- 1 root root  1, 5 2010-12-23 11:28 zero
> 
> root at prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K
> dd: writing `disk': No space left on device
> 9313+0 records in
> 9312+0 records out
> 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s
> 
> root at prasad-laptop:~/arm# ls -l
> total 93499
> -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk
> drwx------ 2 root root    12288 2010-12-23 11:28 lost+found
> crw-r--r-- 1 root root     1, 5 2010-12-23 11:28 zero
> 
> Here the file system allowed access to the device file named zero. The
> requirement is to turn off the access to all of the device files
> present on the mounted file system. ie. considering the above case
> access (open/read/write) to/from device zero should not be allowed
> (even by root user). I don't know why would one create a device file
> on a file system other than /dev.
> 
> I could modify the open code to check if the file the file being
> opened is device file then return either EPERM or EACCESS (not sure
> which one). But before modifying the code I thought of checking mount
> flags, could not find one, hence thought of asking on mailing list.
> 
> Thanks a lot for wonderful replies and sharing valuable information.
> Hope the example above has made the requirement clear.
> 

Maybe I, too, am completely misunderstanding you, but does the nodev
option do what you want?  From the mount manpage:

    nodev - Do not interpret character or block special devices on the
    file system.

Use like so:

    $ mount disk -o loop,nodev arm/

You can still create device special files, you just can't access them.

Greetings,
Henry

Blocking the access to the device files.

[Rajat Sharma]

Henry is right, nodev is the option for you, it passes down MS_NODEV
flag to kernel which in turn sets MNT_NODEV flag in mount object,
which open system call checks and return -EACCES if device it is a
device node, snippet from linux/fs/namei.c:

case S_IFBLK:
case S_IFCHR:
                if (path->mnt->mnt_flags & MNT_NODEV)
                        return -EACCES;

The case which Greg was mentioning, I think that is solved through
exclusive open call to block device in exclusive mode with
open_bdev_exclusive. This allows only one opener of block device at a
time, i.e. Filesystem is the exclusive opener of block device which
mounting the block device, e.g.

ext2_get_sb() -> get_sb_bdev() -> open_bdev_exclusive();

Rajat

On Thu, Dec 30, 2010 at 5:54 AM, Henry Gebhardt
<hsggebhardt@googlemail.com> wrote:
> On Wed, Dec 29, 2010 at 11:32:18PM +0000, Prasad Joshi wrote:
>> On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa
>> <mulyadi.santosa@gmail.com> wrote:
>> > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote:
>> >> Hello All,
>> >>
>> >> ZFS file system has a property called devices. If turned off, ZFS
>> >> would not allow access to the device files (block/character) present
>> >> on the file system. I want to implement the same behavior on the a
>> >> Linux File System.
>> >
>> > I don't know about ZFS, so could you please elaborate on what you mean
>> > by "ZFS could disallow access"?
>>
>> I am really sorry that I was not clear with the first mail. Thanks a
>> lot for all mail replies and for sharing important information.
>> By not disallowing access to device files I ment
>>
>> root at prasad-laptop:~# mount disk -o loop arm/
>>
>> root at prasad-laptop:~/arm# mount -t ext3
>> /dev/loop0 on /home/prasad/arm type ext3 (rw)
>>
>> ############# CREATING A DEVICE FILE ON THE FILE SYSTEM
>> root at prasad-laptop:~/arm# mknod zero c 1 5
>>
>> root at prasad-laptop:~/arm# ls
>> lost+found ?zero
>>
>> root at prasad-laptop:~/arm# ls -l
>> total 12
>> drwx------ 2 root root 12288 2010-12-23 11:28 lost+found
>> crw-r--r-- 1 root root ?1, 5 2010-12-23 11:28 zero
>>
>> root at prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K
>> dd: writing `disk': No space left on device
>> 9313+0 records in
>> 9312+0 records out
>> 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s
>>
>> root at prasad-laptop:~/arm# ls -l
>> total 93499
>> -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk
>> drwx------ 2 root root ? ?12288 2010-12-23 11:28 lost+found
>> crw-r--r-- 1 root root ? ? 1, 5 2010-12-23 11:28 zero
>>
>> Here the file system allowed access to the device file named zero. The
>> requirement is to turn off the access to all of the device files
>> present on the mounted file system. ie. considering the above case
>> access (open/read/write) to/from device zero should not be allowed
>> (even by root user). I don't know why would one create a device file
>> on a file system other than /dev.
>>
>> I could modify the open code to check if the file the file being
>> opened is device file then return either EPERM or EACCESS (not sure
>> which one). But before modifying the code I thought of checking mount
>> flags, could not find one, hence thought of asking on mailing list.
>>
>> Thanks a lot for wonderful replies and sharing valuable information.
>> Hope the example above has made the requirement clear.
>>
>
> Maybe I, too, am completely misunderstanding you, but does the nodev
> option do what you want? ?From the mount manpage:
>
> ? ?nodev - Do not interpret character or block special devices on the
> ? ?file system.
>
> Use like so:
>
> ? ?$ mount disk -o loop,nodev arm/
>
> You can still create device special files, you just can't access them.
>
> Greetings,
> Henry
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>