commit a2982cc922c3068783eb9a1f77a5626a1ec36a1f
author Eric W. Biederman <ebiederm@xmission.com> Thu Jun 09 15:34:02 2016 -0500
committer Eric W. Biederman <ebiederm@xmission.com> Thu Jun 23 15:41:57 2016 -0500
tree 61ccc6ad01f8804d5290ae4565ba8d4238bf648a
parent 3ee690143c3c99f6c0e83f08ff17556890bc6027

vfs: Generalize filesystem nodev handling.

Introduce a function may_open_dev that tests MNT_NODEV and a new
superblock flab SB_I_NODEV.  Use this new function in all of the
places where MNT_NODEV was previously tested.

Add the new SB_I_NODEV s_iflag to proc, sysfs, and mqueuefs as those
filesystems should never support device nodes, and a simple superblock
flags makes that very hard to get wrong.  With SB_I_NODEV set if any
device nodes somehow manage to show up on on a filesystem those
device nodes will be unopenable.

Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

fs/kernfs/mount.c

diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c
index 1443df6..b3d73ad 100644
--- a/fs/kernfs/mount.c
+++ b/fs/kernfs/mount.c
@@ -152,8 +152,8 @@
 	struct dentry *root;
 
 	info->sb = sb;
-	/* Userspace would break if executables appear on sysfs */
-	sb->s_iflags |= SB_I_NOEXEC;
+	/* Userspace would break if executables or devices appear on sysfs */
+	sb->s_iflags |= SB_I_NOEXEC | SB_I_NODEV;
 	sb->s_blocksize = PAGE_SIZE;
 	sb->s_blocksize_bits = PAGE_SHIFT;
 	sb->s_magic = magic;