Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933826AbcDSSu4 (ORCPT ); Tue, 19 Apr 2016 14:50:56 -0400 Received: from terminus.zytor.com ([198.137.202.10]:41542 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933183AbcDSSuz (ORCPT ); Tue, 19 Apr 2016 14:50:55 -0400 User-Agent: K-9 Mail for Android In-Reply-To: <8737qhpifz.fsf@x220.int.ebiederm.org> References: <877ffyzy1j.fsf_-_@x220.int.ebiederm.org> <1460734532-20134-1-git-send-email-ebiederm@xmission.com> <1460734532-20134-14-git-send-email-ebiederm@xmission.com> <8737qhpifz.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Re: [PATCH 14/16] vfs: Implement mount_super_once From: "H. Peter Anvin" Date: Tue, 19 Apr 2016 11:47:14 -0700 To: ebiederm@xmission.com, Linus Torvalds CC: Andy Lutomirski , security@debian.org, "security@kernel.org" , Al Viro , "security@ubuntu.com >> security" , Peter Hurley , Serge Hallyn , Willy Tarreau , Aurelien Jarno , One Thousand Gnomes , Jann Horn , Greg KH , Linux Kernel Mailing List , Jiri Slaby , Florian Weimer Message-ID: <25D92F7D-32F9-4913-9995-2F6B430FA29E@zytor.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2170 Lines: 56 On April 19, 2016 11:22:24 AM PDT, ebiederm@xmission.com wrote: >Linus Torvalds writes: > >> On Fri, Apr 15, 2016 at 8:35 AM, Eric W. Biederman >> wrote: >>> The devpts filesystem has a notion of a system or primary instance >of >>> devpts. To retain the notion of a primary system instance of devpts >>> the code needs a way to allow userspace to mount the internally >>> mounted instance of devpts when it is not currently mounted by >>> userspace. The new helper mount_super_once allows that. >> >> This is where I stopped reading this patch series. >> >> No. >> >> We want to get *rid* of the idiotic "primary instance" crap. > >That is actually pretty much the opposite of what you said last time, >but having looked at the cost to maintian a "primary instance" notion >and what will break if we don't I am happy to remove such a notion >from devpts. > >> The whole and only point of doing the "which pts filesystem am I >> associated with" for ptmx is to stop the idiotic "one devpts is >> pecial". >> >> I don't want to see 16 random patches. >> >> I want to see *one* patch that makes /dev/ptmx look up the pts >> filesystem, and be done with it. > >Now that I know where most of the landmines are in userspace I >performed >some limited testing to see to see what the implications are: > >Causing every userspace mount of devpts to use mount_nodev means the >following: > >- Support for reserving ptys for the system devpts instance using > /proc/sys/kernel/pty/reserve needs to be removed. > >- On CentOS6 devpts will wind up mounted twice /dev/pts. > >- Open of /dev/ptmx can use devpts_mnt to find the devpts filesystem. > >In my cursory testing userspace still boots and works desipite those >changes so I am quite happy to go down this path. > >Eric pty capping should probably be a devpts mount option, and perhaps a sufficiently privileged user could be allowed to set another mount option to allow that instance to dip into the reserved pool or exempt it completely from the global limit as set in sysctl. -- Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.