[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALYGNiOHRrhhdQawRO_XMK98_F9XaEY9ejjxgsC+GnKMn+jQRQ@mail.gmail.com>
Date: Wed, 20 Apr 2016 07:36:22 +0300
From: Konstantin Khlebnikov <koct9i@...il.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
"H. Peter Anvin" <hpa@...or.com>,
Andy Lutomirski <luto@...capital.net>, security@...ian.org,
"security@...nel.org" <security@...nel.org>,
Al Viro <viro@...iv.linux.org.uk>,
"security@...ntu.com >> security" <security@...ntu.com>,
Peter Hurley <peter@...leysoftware.com>,
Serge Hallyn <serge.hallyn@...ntu.com>,
Willy Tarreau <w@....eu>,
Aurelien Jarno <aurelien@...el32.net>,
One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
Jann Horn <jann@...jh.net>, Greg KH <greg@...ah.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Jiri Slaby <jslaby@...e.com>, Florian Weimer <fw@...eb.enyo.de>
Subject: Re: [PATCH] devpts: Make each mount of devpts an independent filesystem.
On Wed, Apr 20, 2016 at 6:04 AM, Eric W. Biederman
<ebiederm@...ssion.com> wrote:
>
> The /dev/ptmx device node is changed to lookup the directory entry
> "pts" in the same directory as the /dev/ptmx device node was opened
> in. If there is a "pts" entry and that entry is a devpts filesystem
> /dev/ptmx uses that filesystem. Otherwise the open of /dev/ptmx
> fails.
>
> The DEVPTS_MULTIPLE_INSTANCES configuration option is removed,
> so that userspace can now safely depend on each mount of devpts
> creating a new instance of the filesystem.
>
> Each mount of devpts is now a separate and equal filesystem.
>
> The kernel.pty.reserve sysctl is neutered with no way currently
> implemented to be able to use the reserved ptys.
I think we could convert this into reserve for init user namespace,
ssh in host will work even if containers eaten all ptys.
>
> A new vfs helper path_pts is introduced that finds a directory entry
> named "pts" in the directory of the passed in path, and changes the
> passed in path to point to it. The helper path_pts uses a function
> path_parent_directory that was factored out of follow_dotdot.
>
> In the implementation of devpts:
> - devpts_mnt is killed as it is no longer meaningful if all
> mounts of devpts are equal.
> - pts_sb_from_inode is replaced by just inode->i_sb as all
> cached inodes in the tty layer are now from the devpts
> filesystem.
> - devpts_add_ref is rolled into the new function devpts_ptmx.
> And the unnecessary inode hold is removed.
> - devpts_del_ref is renamed devpts_release and reduced
> to just a deacrivate_super.
> - The newinstance mount option continues to be accepted but is now ignored.
>
> In devpts_fs.h definitions for when !CONFIG_UNIX98_PTYS are removed
> as they are never used.
>
> Documentation/filesystems/devices.txt is updated to describe
> the current situation.
>
> This has been verified to work properly on openwrt-15.05, centos5,
> centos6, centos7, debian-6.0.2, debian-7.9, debian-8.2,
> ubuntu-14.04.3, ubuntu-15.10, fedora23, magia-5, mint-17.3,
> opensuse-42.1, slackware-14.1, gentoo-20151225 (13.0?),
> archlinux-2015-12-01. With the caveat that on centos6 and on
> slackware-14.1 that there wind up being two instances of the devpts
> filesystem mounted on /dev/pts, the lower copy does not end up getting
> used.
>
> Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com>
> ---
> Documentation/filesystems/devpts.txt | 145 +++----------------------
> drivers/tty/Kconfig | 11 --
> drivers/tty/pty.c | 41 ++++---
> fs/devpts/inode.c | 205 +++++++++--------------------------
> fs/namei.c | 58 ++++++++--
> include/linux/devpts_fs.h | 31 ++----
> include/linux/namei.h | 2 +
> 7 files changed, 148 insertions(+), 345 deletions(-)
Powered by blists - more mailing lists