Commit ce8d2cdf authored by Dave Hansen's avatar Dave Hansen Committed by Linus Torvalds
Browse files

r/o bind mounts: filesystem helpers for custom 'struct file's 



Why do we need r/o bind mounts?

This feature allows a read-only view into a read-write filesystem.  In the
process of doing that, it also provides infrastructure for keeping track of
the number of writers to any given mount.

This has a number of uses.  It allows chroots to have parts of filesystems
writable.  It will be useful for containers in the future because users may
have root inside a container, but should not be allowed to write to
somefilesystems.  This also replaces patches that vserver has had out of the
tree for several years.

It allows security enhancement by making sure that parts of your filesystem
read-only (such as when you don't trust your FTP server), when you don't want
to have entire new filesystems mounted, or when you want atime selectively
updated.  I've been using the following script to test that the feature is
working as desired.  It takes a directory and makes a regular bind and a r/o
bind mount of it.  It then performs some normal filesystem operations on the
three directories, including ones that are expected to fail, like creating a
file on the r/o mount.

This patch:

Some filesystems forego the vfs and may_open() and create their own 'struct
file's.

This patch creates a couple of helper functions which can be used by these
filesystems, and will provide a unified place which the r/o bind mount code
may patch.

Also, rename an existing, static-scope init_file() to a less generic name.

Signed-off-by: default avatarDave Hansen <haveblue@us.ibm.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 348366b9

fs/configfs/dir.c

+3 −2
Original line number Diff line number Diff line
@@ -142,7 +142,7 @@ static int init_dir(struct inode * inode) 
	return 0;

}



static int init_file(struct inode * inode)

static int configfs_init_file(struct inode * inode)

{

	inode->i_size = PAGE_SIZE;

	inode->i_fop = &configfs_file_operations;
@@ -283,7 +283,8 @@ static int configfs_attach_attr(struct configfs_dirent * sd, struct dentry * den 


	dentry->d_fsdata = configfs_get(sd);

	sd->s_dentry = dentry;

	error = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG, init_file);

	error = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG,

				configfs_init_file);

	if (error) {

		configfs_put(sd);

		return error;

fs/file_table.c

+60 −0
Original line number Diff line number Diff line
@@ -137,6 +137,66 @@ fail: 


EXPORT_SYMBOL(get_empty_filp);



/**

 * alloc_file - allocate and initialize a 'struct file'

 * @mnt: the vfsmount on which the file will reside

 * @dentry: the dentry representing the new file

 * @mode: the mode with which the new file will be opened

 * @fop: the 'struct file_operations' for the new file

 *

 * Use this instead of get_empty_filp() to get a new

 * 'struct file'.  Do so because of the same initialization

 * pitfalls reasons listed for init_file().  This is a

 * preferred interface to using init_file().

 *

 * If all the callers of init_file() are eliminated, its

 * code should be moved into this function.

 */

struct file *alloc_file(struct vfsmount *mnt, struct dentry *dentry,

		mode_t mode, const struct file_operations *fop)

{

	struct file *file;

	struct path;



	file = get_empty_filp();

	if (!file)

		return NULL;



	init_file(file, mnt, dentry, mode, fop);

	return file;

}

EXPORT_SYMBOL(alloc_file);



/**

 * init_file - initialize a 'struct file'

 * @file: the already allocated 'struct file' to initialized

 * @mnt: the vfsmount on which the file resides

 * @dentry: the dentry representing this file

 * @mode: the mode the file is opened with

 * @fop: the 'struct file_operations' for this file

 *

 * Use this instead of setting the members directly.  Doing so

 * avoids making mistakes like forgetting the mntget() or

 * forgetting to take a write on the mnt.

 *

 * Note: This is a crappy interface.  It is here to make

 * merging with the existing users of get_empty_filp()

 * who have complex failure logic easier.  All users

 * of this should be moving to alloc_file().

 */

int init_file(struct file *file, struct vfsmount *mnt, struct dentry *dentry,

	   mode_t mode, const struct file_operations *fop)

{

	int error = 0;

	file->f_path.dentry = dentry;

	file->f_path.mnt = mntget(mnt);

	file->f_mapping = dentry->d_inode->i_mapping;

	file->f_mode = mode;

	file->f_op = fop;

	return error;

}

EXPORT_SYMBOL(init_file);



void fastcall fput(struct file *file)

{

	if (atomic_dec_and_test(&file->f_count))

fs/hugetlbfs/inode.c

+9 −13
Original line number Diff line number Diff line
@@ -933,16 +933,11 @@ struct file *hugetlb_file_setup(const char *name, size_t size) 
	if (!dentry)

		goto out_shm_unlock;



	error = -ENFILE;

	file = get_empty_filp();

	if (!file)

		goto out_dentry;



	error = -ENOSPC;

	inode = hugetlbfs_get_inode(root->d_sb, current->fsuid,

				current->fsgid, S_IFREG | S_IRWXUGO, 0);

	if (!inode)

		goto out_file;

		goto out_dentry;



	error = -ENOMEM;

	if (hugetlb_reserve_pages(inode, 0, size >> HPAGE_SHIFT))
@@ -951,17 +946,18 @@ struct file *hugetlb_file_setup(const char *name, size_t size) 
	d_instantiate(dentry, inode);

	inode->i_size = size;

	inode->i_nlink = 0;

	file->f_path.mnt = mntget(hugetlbfs_vfsmount);

	file->f_path.dentry = dentry;

	file->f_mapping = inode->i_mapping;

	file->f_op = &hugetlbfs_file_operations;

	file->f_mode = FMODE_WRITE | FMODE_READ;



	error = -ENFILE;

	file = alloc_file(hugetlbfs_vfsmount, dentry,

			FMODE_WRITE | FMODE_READ,

			&hugetlbfs_file_operations);

	if (!file)

		goto out_inode;



	return file;



out_inode:

	iput(inode);

out_file:

	put_filp(file);

out_dentry:

	dput(dentry);

out_shm_unlock:

include/linux/file.h

+9 −0
Original line number Diff line number Diff line
@@ -62,6 +62,15 @@ extern struct kmem_cache *filp_cachep; 
extern void FASTCALL(__fput(struct file *));

extern void FASTCALL(fput(struct file *));



struct file_operations;

struct vfsmount;

struct dentry;

extern int init_file(struct file *, struct vfsmount *mnt,

		struct dentry *dentry, mode_t mode,

		const struct file_operations *fop);

extern struct file *alloc_file(struct vfsmount *, struct dentry *dentry,

		mode_t mode, const struct file_operations *fop);



static inline void fput_light(struct file *file, int fput_needed)

{

	if (unlikely(fput_needed))

ipc/shm.c

+5 −8
Original line number Diff line number Diff line
@@ -907,7 +907,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) 
		goto out_unlock;



	path.dentry = dget(shp->shm_file->f_path.dentry);

	path.mnt    = mntget(shp->shm_file->f_path.mnt);

	path.mnt    = shp->shm_file->f_path.mnt;

	shp->shm_nattch++;

	size = i_size_read(path.dentry->d_inode);

	shm_unlock(shp);
@@ -915,18 +915,16 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) 
	err = -ENOMEM;

	sfd = kzalloc(sizeof(*sfd), GFP_KERNEL);

	if (!sfd)

		goto out_put_path;

		goto out_put_dentry;



	err = -ENOMEM;

	file = get_empty_filp();



	file = alloc_file(path.mnt, path.dentry, f_mode, &shm_file_operations);

	if (!file)

		goto out_free;



	file->f_op = &shm_file_operations;

	file->private_data = sfd;

	file->f_path = path;

	file->f_mapping = shp->shm_file->f_mapping;

	file->f_mode = f_mode;

	sfd->id = shp->id;

	sfd->ns = get_ipc_ns(ns);

	sfd->file = shp->shm_file;
@@ -977,9 +975,8 @@ out_unlock: 


out_free:

	kfree(sfd);

out_put_path:

out_put_dentry:

	dput(path.dentry);

	mntput(path.mnt);

	goto out_nattch;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE