From c3aabf0780a506225b53bfe2b5177dd5dfec093d Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 13 May 2019 12:57:22 -0400 Subject: move mount_capable() further out Call graph of vfs_get_tree(): vfs_fsconfig_locked() # neither kernmount, nor submount do_new_mount() # neither kernmount, nor submount fc_mount() afs_mntpt_do_automount() # submount mount_one_hugetlbfs() # kernmount pid_ns_prepare_proc() # kernmount mq_create_mount() # kernmount vfs_kern_mount() simple_pin_fs() # kernmount vfs_submount() # submount kern_mount() # kernmount init_mount_tree() btrfs_mount() nfs_do_root_mount() The first two need the check (unconditionally). init_mount_tree() is setting rootfs up; any capability checks make zero sense for that one. And btrfs_mount()/ nfs_do_root_mount() have the checks already done in their callers. IOW, we can shift mount_capable() handling into the two callers - one in the normal case of mount(2), another - in fsconfig(2) handling of FSCONFIG_CMD_CREATE. I.e. the syscalls that set a new filesystem up. Signed-off-by: Al Viro --- fs/namespace.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'fs/namespace.c') diff --git a/fs/namespace.c b/fs/namespace.c index ffb13f0562b0..1141641dff96 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2786,6 +2786,8 @@ static int do_new_mount(struct path *path, const char *fstype, int sb_flags, err = vfs_parse_fs_string(fc, "source", name, strlen(name)); if (!err) err = parse_monolithic_mount_data(fc, data); + if (!err && !mount_capable(fc)) + err = -EPERM; if (!err) err = vfs_get_tree(fc); if (!err) -- cgit v1.2.3 From fd3e007f6c6a0f677e4ee8aca4b9bab8ad6cab9a Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 30 May 2019 17:48:35 -0400 Subject: don't bother with registering rootfs init_mount_tree() can get to rootfs_fs_type directly and that simplifies a lot of things. We don't need to register it, we don't need to look it up *and* we don't need to bother with preventing subsequent userland mounts. That's the way we should've done that from the very beginning. There is a user-visible change, namely the disappearance of "rootfs" from /proc/filesystems. Note that it's been unmountable all along and it didn't show up in /proc/mounts; however, it *is* a user-visible change and theoretically some script might've been using its presence in /proc/filesystems to tell 2.4.11+ from earlier kernels. *IF* any complaints about behaviour change do show up, we could fake it in /proc/filesystems. I very much doubt we'll have to, though. Signed-off-by: Al Viro --- fs/namespace.c | 7 +------ include/linux/init.h | 3 +++ init/do_mounts.c | 15 ++------------- 3 files changed, 6 insertions(+), 19 deletions(-) (limited to 'fs/namespace.c') diff --git a/fs/namespace.c b/fs/namespace.c index 1141641dff96..2db2f4c36c50 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -3686,13 +3686,8 @@ static void __init init_mount_tree(void) struct mount *m; struct mnt_namespace *ns; struct path root; - struct file_system_type *type; - type = get_fs_type("rootfs"); - if (!type) - panic("Can't find rootfs type"); - mnt = vfs_kern_mount(type, 0, "rootfs", NULL); - put_filesystem(type); + mnt = vfs_kern_mount(&rootfs_fs_type, 0, "rootfs", NULL); if (IS_ERR(mnt)) panic("Can't create rootfs"); diff --git a/include/linux/init.h b/include/linux/init.h index 5255069f5a9f..cbe93521397e 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -137,6 +137,8 @@ extern initcall_entry_t __con_initcall_start[], __con_initcall_end[]; /* Used for contructor calls. */ typedef void (*ctor_fn_t)(void); +struct file_system_type; + /* Defined in init/main.c */ extern int do_one_initcall(initcall_t fn); extern char __initdata boot_command_line[]; @@ -147,6 +149,7 @@ extern unsigned int reset_devices; void setup_arch(char **); void prepare_namespace(void); int __init init_rootfs(void); +extern struct file_system_type rootfs_fs_type; #if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX) extern bool rodata_enabled; diff --git a/init/do_mounts.c b/init/do_mounts.c index c170d8b309b1..e7f0b0f18cce 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c @@ -629,19 +629,15 @@ static bool is_tmpfs; static struct dentry *rootfs_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *data) { - static unsigned long once; void *fill = ramfs_fill_super; - if (test_and_set_bit(0, &once)) - return ERR_PTR(-ENODEV); - if (IS_ENABLED(CONFIG_TMPFS) && is_tmpfs) fill = shmem_fill_super; return mount_nodev(fs_type, flags, data, fill); } -static struct file_system_type rootfs_fs_type = { +struct file_system_type rootfs_fs_type = { .name = "rootfs", .mount = rootfs_mount, .kill_sb = kill_litter_super, @@ -649,19 +645,12 @@ static struct file_system_type rootfs_fs_type = { int __init init_rootfs(void) { - int err = register_filesystem(&rootfs_fs_type); - - if (err) - return err; + int err = 0; if (IS_ENABLED(CONFIG_TMPFS) && !saved_root_name[0] && (!root_fs_names || strstr(root_fs_names, "tmpfs"))) { err = shmem_init(); is_tmpfs = true; } - - if (err) - unregister_filesystem(&rootfs_fs_type); - return err; } -- cgit v1.2.3 From 33488845f211afcdb7e5c00a3152890e06cdc78e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 31 May 2019 20:09:15 -0400 Subject: constify ksys_mount() string arguments Signed-off-by: Al Viro --- drivers/base/devtmpfs.c | 3 +-- fs/namespace.c | 4 ++-- include/linux/syscalls.h | 4 ++-- 3 files changed, 5 insertions(+), 6 deletions(-) (limited to 'fs/namespace.c') diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c index 0dbc43068eeb..ba5c80903efe 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -357,8 +357,7 @@ int devtmpfs_mount(const char *mntdir) if (!thread) return 0; - err = ksys_mount("devtmpfs", (char *)mntdir, "devtmpfs", MS_SILENT, - NULL); + err = ksys_mount("devtmpfs", mntdir, "devtmpfs", MS_SILENT, NULL); if (err) printk(KERN_INFO "devtmpfs: error mounting %i\n", err); else diff --git a/fs/namespace.c b/fs/namespace.c index 2db2f4c36c50..e272c2403014 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -3295,8 +3295,8 @@ struct dentry *mount_subtree(struct vfsmount *m, const char *name) } EXPORT_SYMBOL(mount_subtree); -int ksys_mount(char __user *dev_name, char __user *dir_name, char __user *type, - unsigned long flags, void __user *data) +int ksys_mount(const char __user *dev_name, const char __user *dir_name, + const char __user *type, unsigned long flags, void __user *data) { int ret; char *kernel_type; diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index e2870fe1be5b..2a0ac10a6f95 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1228,8 +1228,8 @@ asmlinkage long sys_ni_syscall(void); * the ksys_xyzyyz() functions prototyped below. */ -int ksys_mount(char __user *dev_name, char __user *dir_name, char __user *type, - unsigned long flags, void __user *data); +int ksys_mount(const char __user *dev_name, const char __user *dir_name, + const char __user *type, unsigned long flags, void __user *data); int ksys_umount(char __user *name, int flags); int ksys_dup(unsigned int fildes); int ksys_chroot(const char __user *filename); -- cgit v1.2.3 From 037f11b4752f717201143a1dc5d6acf3cb71ddfa Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 1 Jun 2019 18:09:44 -0400 Subject: mnt_init(): call shmem_init() unconditionally No point having two call sites (earlier in init_rootfs() from mnt_init() in case we are going to use shmem-style rootfs, later from do_basic_setup() unconditionally), along with the logics in shmem_init() itself to make the second call a no-op... Signed-off-by: Al Viro --- fs/namespace.c | 2 ++ include/linux/init.h | 2 +- init/do_mounts.c | 9 ++------- init/main.c | 1 - mm/shmem.c | 4 ---- 5 files changed, 5 insertions(+), 13 deletions(-) (limited to 'fs/namespace.c') diff --git a/fs/namespace.c b/fs/namespace.c index e272c2403014..e6990f3d526d 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -29,6 +29,7 @@ #include #include #include +#include #include "pnode.h" #include "internal.h" @@ -3740,6 +3741,7 @@ void __init mnt_init(void) fs_kobj = kobject_create_and_add("fs", NULL); if (!fs_kobj) printk(KERN_WARNING "%s: kobj create error\n", __func__); + shmem_init(); init_rootfs(); init_mount_tree(); } diff --git a/include/linux/init.h b/include/linux/init.h index cbe93521397e..212fc9e2f691 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -148,7 +148,7 @@ extern unsigned int reset_devices; /* used by init/main.c */ void setup_arch(char **); void prepare_namespace(void); -int __init init_rootfs(void); +void __init init_rootfs(void); extern struct file_system_type rootfs_fs_type; #if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX) diff --git a/init/do_mounts.c b/init/do_mounts.c index e7f0b0f18cce..864c032e995d 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c @@ -643,14 +643,9 @@ struct file_system_type rootfs_fs_type = { .kill_sb = kill_litter_super, }; -int __init init_rootfs(void) +void __init init_rootfs(void) { - int err = 0; - if (IS_ENABLED(CONFIG_TMPFS) && !saved_root_name[0] && - (!root_fs_names || strstr(root_fs_names, "tmpfs"))) { - err = shmem_init(); + (!root_fs_names || strstr(root_fs_names, "tmpfs"))) is_tmpfs = true; - } - return err; } diff --git a/init/main.c b/init/main.c index 5a2c69b4d7b3..4dbc7243557e 100644 --- a/init/main.c +++ b/init/main.c @@ -1000,7 +1000,6 @@ static void __init do_initcalls(void) static void __init do_basic_setup(void) { cpuset_init_smp(); - shmem_init(); driver_init(); init_irq_proc(); do_ctors(); diff --git a/mm/shmem.c b/mm/shmem.c index 1bb3b8dc8bb2..1f67ec9e2062 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -3775,10 +3775,6 @@ int __init shmem_init(void) { int error; - /* If rootfs called this, don't re-init */ - if (shmem_inode_cachep) - return 0; - shmem_init_inodecache(); error = register_filesystem(&shmem_fs_type); -- cgit v1.2.3