From patchwork Fri Mar 13 15:34:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 208689 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9379C10DCE for ; Fri, 13 Mar 2020 15:34:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 88BD1206B7 for ; Fri, 13 Mar 2020 15:34:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726622AbgCMPej (ORCPT ); Fri, 13 Mar 2020 11:34:39 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:34848 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726446AbgCMPej (ORCPT ); Fri, 13 Mar 2020 11:34:39 -0400 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jCmKZ-0001Aa-Fc; Fri, 13 Mar 2020 15:34:35 +0000 From: Christian Brauner To: gregkh@linuxfoundation.org, tkjos@android.com, keescook@chromium.org, linux-kernel@vger.kernel.org Cc: christian.brauner@ubuntu.com, ard.biesheuvel@linaro.org, ardb@kernel.org, arve@android.com, hridya@google.com, joel@joelfernandes.org, john.stultz@linaro.org, kernel-team@android.com, linux-kselftest@vger.kernel.org, maco@android.com, naresh.kamboju@linaro.org, shuah@kernel.org, Todd Kjos Subject: [PATCH v2] binderfs: port to new mount api Date: Fri, 13 Mar 2020 16:34:27 +0100 Message-Id: <20200313153427.141789-1-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200312131531.3615556-1-christian.brauner@ubuntu.com> References: <20200312131531.3615556-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org When I first wrote binderfs the new mount api had not yet landed. Now that it has been around for a little while and a bunch of filesystems have already been ported we should do so too. When Al sent his mount-api-conversion pr he requested that binderfs (and a few others) be ported separately. It's time we port binderfs. We can make use of the new option parser, get nicer infrastructure and it will be easier if we ever add any new mount options. This survives testing with the binderfs selftests: for i in `seq 1 1000`; do ./binderfs_test; done including the new stress tests I sent out for review today: TAP version 13 1..1 # selftests: filesystems/binderfs: binderfs_test # [==========] Running 3 tests from 1 test cases. # [ RUN ] global.binderfs_stress # [ XFAIL! ] Tests are not run as root. Skipping privileged tests # [==========] Running 3 tests from 1 test cases. # [ RUN ] global.binderfs_stress # [ OK ] global.binderfs_stress # [ RUN ] global.binderfs_test_privileged # [ OK ] global.binderfs_test_privileged # [ RUN ] global.binderfs_test_unprivileged # # Allocated new binder device with major 243, minor 4, and name my-binder # # Detected binder version: 8 # [==========] Running 3 tests from 1 test cases. # [ RUN ] global.binderfs_stress # [ OK ] global.binderfs_stress # [ RUN ] global.binderfs_test_privileged # [ OK ] global.binderfs_test_privileged # [ RUN ] global.binderfs_test_unprivileged # [ OK ] global.binderfs_test_unprivileged # [==========] 3 / 3 tests passed. # [ PASSED ] ok 1 selftests: filesystems/binderfs: binderfs_test Cc: Todd Kjos Cc: Greg Kroah-Hartman Signed-off-by: Christian Brauner --- /* v2 */ - Christian Brauner : - Commit message adapted to new stresstest output after porting to XFAIL infrastructure. For the stresstest patchset see: https://lore.kernel.org/r/20200313152420.138777-1-christian.brauner@ubuntu.com --- drivers/android/binderfs.c | 200 +++++++++++++++++++------------------ 1 file changed, 104 insertions(+), 96 deletions(-) base-commit: f17f06a0c7794d3a7c2425663738823354447472 diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c index f303106b3362..9ecad74183a3 100644 --- a/drivers/android/binderfs.c +++ b/drivers/android/binderfs.c @@ -18,7 +18,7 @@ #include #include #include -#include +#include #include #include #include @@ -48,26 +48,30 @@ static dev_t binderfs_dev; static DEFINE_MUTEX(binderfs_minors_mutex); static DEFINE_IDA(binderfs_minors); -enum { +enum binderfs_param { Opt_max, Opt_stats_mode, - Opt_err }; enum binderfs_stats_mode { - STATS_NONE, - STATS_GLOBAL, + binderfs_stats_mode_unset, + binderfs_stats_mode_global, }; -static const match_table_t tokens = { - { Opt_max, "max=%d" }, - { Opt_stats_mode, "stats=%s" }, - { Opt_err, NULL } +static const struct constant_table binderfs_param_stats[] = { + { "global", binderfs_stats_mode_global }, + {} }; -static inline struct binderfs_info *BINDERFS_I(const struct inode *inode) +const struct fs_parameter_spec binderfs_fs_parameters[] = { + fsparam_u32("max", Opt_max), + fsparam_enum("stats", Opt_stats_mode, binderfs_param_stats), + {} +}; + +static inline struct binderfs_info *BINDERFS_SB(const struct super_block *sb) { - return inode->i_sb->s_fs_info; + return sb->s_fs_info; } bool is_binderfs_device(const struct inode *inode) @@ -246,7 +250,7 @@ static long binder_ctl_ioctl(struct file *file, unsigned int cmd, static void binderfs_evict_inode(struct inode *inode) { struct binder_device *device = inode->i_private; - struct binderfs_info *info = BINDERFS_I(inode); + struct binderfs_info *info = BINDERFS_SB(inode->i_sb); clear_inode(inode); @@ -264,97 +268,84 @@ static void binderfs_evict_inode(struct inode *inode) } } -/** - * binderfs_parse_mount_opts - parse binderfs mount options - * @data: options to set (can be NULL in which case defaults are used) - */ -static int binderfs_parse_mount_opts(char *data, - struct binderfs_mount_opts *opts) +static int binderfs_fs_context_parse_param(struct fs_context *fc, + struct fs_parameter *param) { - char *p, *stats; - opts->max = BINDERFS_MAX_MINOR; - opts->stats_mode = STATS_NONE; - - while ((p = strsep(&data, ",")) != NULL) { - substring_t args[MAX_OPT_ARGS]; - int token; - int max_devices; - - if (!*p) - continue; - - token = match_token(p, tokens, args); - switch (token) { - case Opt_max: - if (match_int(&args[0], &max_devices) || - (max_devices < 0 || - (max_devices > BINDERFS_MAX_MINOR))) - return -EINVAL; - - opts->max = max_devices; - break; - case Opt_stats_mode: - if (!capable(CAP_SYS_ADMIN)) - return -EINVAL; + int opt; + struct binderfs_mount_opts *ctx = fc->fs_private; + struct fs_parse_result result; - stats = match_strdup(&args[0]); - if (!stats) - return -ENOMEM; + opt = fs_parse(fc, binderfs_fs_parameters, param, &result); + if (opt < 0) + return opt; - if (strcmp(stats, "global") != 0) { - kfree(stats); - return -EINVAL; - } + switch (opt) { + case Opt_max: + if (result.uint_32 > BINDERFS_MAX_MINOR) + return invalfc(fc, "Bad value for '%s'", param->key); - opts->stats_mode = STATS_GLOBAL; - kfree(stats); - break; - default: - pr_err("Invalid mount options\n"); - return -EINVAL; - } + ctx->max = result.uint_32; + break; + case Opt_stats_mode: + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + + ctx->stats_mode = result.uint_32; + break; + default: + return invalfc(fc, "Unsupported parameter '%s'", param->key); } return 0; } -static int binderfs_remount(struct super_block *sb, int *flags, char *data) +static int binderfs_fs_context_reconfigure(struct fs_context *fc) { - int prev_stats_mode, ret; - struct binderfs_info *info = sb->s_fs_info; + struct binderfs_mount_opts *ctx = fc->fs_private; + struct binderfs_info *info = BINDERFS_SB(fc->root->d_sb); - prev_stats_mode = info->mount_opts.stats_mode; - ret = binderfs_parse_mount_opts(data, &info->mount_opts); - if (ret) - return ret; - - if (prev_stats_mode != info->mount_opts.stats_mode) { - pr_err("Binderfs stats mode cannot be changed during a remount\n"); - info->mount_opts.stats_mode = prev_stats_mode; - return -EINVAL; - } + if (info->mount_opts.stats_mode != ctx->stats_mode) + return invalfc(fc, "Binderfs stats mode cannot be changed during a remount"); + info->mount_opts.stats_mode = ctx->stats_mode; + info->mount_opts.max = ctx->max; return 0; } -static int binderfs_show_mount_opts(struct seq_file *seq, struct dentry *root) +static int binderfs_show_options(struct seq_file *seq, struct dentry *root) { - struct binderfs_info *info; + struct binderfs_info *info = BINDERFS_SB(root->d_sb); - info = root->d_sb->s_fs_info; if (info->mount_opts.max <= BINDERFS_MAX_MINOR) seq_printf(seq, ",max=%d", info->mount_opts.max); - if (info->mount_opts.stats_mode == STATS_GLOBAL) + + switch (info->mount_opts.stats_mode) { + case binderfs_stats_mode_unset: + break; + case binderfs_stats_mode_global: seq_printf(seq, ",stats=global"); + break; + } return 0; } +static void binderfs_put_super(struct super_block *sb) +{ + struct binderfs_info *info = sb->s_fs_info; + + if (info && info->ipc_ns) + put_ipc_ns(info->ipc_ns); + + kfree(info); + sb->s_fs_info = NULL; +} + static const struct super_operations binderfs_super_ops = { .evict_inode = binderfs_evict_inode, - .remount_fs = binderfs_remount, - .show_options = binderfs_show_mount_opts, + .show_options = binderfs_show_options, .statfs = simple_statfs, + .put_super = binderfs_put_super, }; static inline bool is_binderfs_control_device(const struct dentry *dentry) @@ -653,10 +644,11 @@ static int init_binder_logs(struct super_block *sb) return ret; } -static int binderfs_fill_super(struct super_block *sb, void *data, int silent) +static int binderfs_fill_super(struct super_block *sb, struct fs_context *fc) { int ret; struct binderfs_info *info; + struct binderfs_mount_opts *ctx = fc->fs_private; struct inode *inode = NULL; struct binderfs_device device_info = { 0 }; const char *name; @@ -689,16 +681,14 @@ static int binderfs_fill_super(struct super_block *sb, void *data, int silent) info->ipc_ns = get_ipc_ns(current->nsproxy->ipc_ns); - ret = binderfs_parse_mount_opts(data, &info->mount_opts); - if (ret) - return ret; - info->root_gid = make_kgid(sb->s_user_ns, 0); if (!gid_valid(info->root_gid)) info->root_gid = GLOBAL_ROOT_GID; info->root_uid = make_kuid(sb->s_user_ns, 0); if (!uid_valid(info->root_uid)) info->root_uid = GLOBAL_ROOT_UID; + info->mount_opts.max = ctx->max; + info->mount_opts.stats_mode = ctx->stats_mode; inode = new_inode(sb); if (!inode) @@ -730,36 +720,54 @@ static int binderfs_fill_super(struct super_block *sb, void *data, int silent) name++; } - if (info->mount_opts.stats_mode == STATS_GLOBAL) + if (info->mount_opts.stats_mode == binderfs_stats_mode_global) return init_binder_logs(sb); return 0; } -static struct dentry *binderfs_mount(struct file_system_type *fs_type, - int flags, const char *dev_name, - void *data) +static int binderfs_fs_context_get_tree(struct fs_context *fc) { - return mount_nodev(fs_type, flags, data, binderfs_fill_super); + return get_tree_nodev(fc, binderfs_fill_super); } -static void binderfs_kill_super(struct super_block *sb) +static void binderfs_fs_context_free(struct fs_context *fc) { - struct binderfs_info *info = sb->s_fs_info; + struct binderfs_mount_opts *ctx = fc->fs_private; - kill_litter_super(sb); + kfree(ctx); +} - if (info && info->ipc_ns) - put_ipc_ns(info->ipc_ns); +static const struct fs_context_operations binderfs_fs_context_ops = { + .free = binderfs_fs_context_free, + .get_tree = binderfs_fs_context_get_tree, + .parse_param = binderfs_fs_context_parse_param, + .reconfigure = binderfs_fs_context_reconfigure, +}; - kfree(info); +static int binderfs_init_fs_context(struct fs_context *fc) +{ + struct binderfs_mount_opts *ctx = fc->fs_private; + + ctx = kzalloc(sizeof(struct binderfs_mount_opts), GFP_KERNEL); + if (!ctx) + return -ENOMEM; + + ctx->max = BINDERFS_MAX_MINOR; + ctx->stats_mode = binderfs_stats_mode_unset; + + fc->fs_private = ctx; + fc->ops = &binderfs_fs_context_ops; + + return 0; } static struct file_system_type binder_fs_type = { - .name = "binder", - .mount = binderfs_mount, - .kill_sb = binderfs_kill_super, - .fs_flags = FS_USERNS_MOUNT, + .name = "binder", + .init_fs_context = binderfs_init_fs_context, + .parameters = binderfs_fs_parameters, + .kill_sb = kill_litter_super, + .fs_flags = FS_USERNS_MOUNT, }; int __init init_binderfs(void) From patchwork Fri Mar 13 15:24:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 208690 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9111AC10DCE for ; Fri, 13 Mar 2020 15:24:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6714F2074A for ; Fri, 13 Mar 2020 15:24:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727006AbgCMPYi (ORCPT ); Fri, 13 Mar 2020 11:24:38 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:34441 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726731AbgCMPYi (ORCPT ); Fri, 13 Mar 2020 11:24:38 -0400 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jCmAu-0000Tg-98; Fri, 13 Mar 2020 15:24:36 +0000 From: Christian Brauner To: gregkh@linuxfoundation.org, tkjos@android.com, keescook@chromium.org, linux-kernel@vger.kernel.org Cc: christian.brauner@ubuntu.com, ard.biesheuvel@linaro.org, ardb@kernel.org, arve@android.com, hridya@google.com, joel@joelfernandes.org, john.stultz@linaro.org, kernel-team@android.com, linux-kselftest@vger.kernel.org, maco@android.com, naresh.kamboju@linaro.org, shuah@kernel.org Subject: [PATCH v2 2/3] binderfs_test: switch from /dev to a unique per-test mountpoint Date: Fri, 13 Mar 2020 16:24:19 +0100 Message-Id: <20200313152420.138777-2-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200313152420.138777-1-christian.brauner@ubuntu.com> References: <20200312131531.3615556-1-christian.brauner@ubuntu.com> <20200313152420.138777-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Unprivileged users will be able to create directories in there. The unprivileged test for /dev wouldn't have worked on most systems. Cc: Kees Cook : Signed-off-by: Christian Brauner --- /* v2 */ - Kees Cook : - Switch to unique mountpoint through mkdtemp(). --- .../filesystems/binderfs/binderfs_test.c | 47 +++++++++---------- 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/tools/testing/selftests/filesystems/binderfs/binderfs_test.c b/tools/testing/selftests/filesystems/binderfs/binderfs_test.c index 0cfca65e095a..818eb49f8125 100644 --- a/tools/testing/selftests/filesystems/binderfs/binderfs_test.c +++ b/tools/testing/selftests/filesystems/binderfs/binderfs_test.c @@ -139,29 +139,25 @@ static int __do_binderfs_test(void) int fd, ret, saved_errno; size_t len; ssize_t wret; - bool keep = false; struct binderfs_device device = { 0 }; struct binder_version version = { 0 }; + char binderfs_mntpt[] = P_tmpdir "/binderfs_XXXXXX", + device_path[sizeof(P_tmpdir "/binderfs_XXXXXX/") + BINDERFS_MAX_NAME]; change_to_mountns(); - ret = mkdir("/dev/binderfs", 0755); - if (ret < 0) { - if (errno != EEXIST) - ksft_exit_fail_msg( - "%s - Failed to create binderfs mountpoint\n", - strerror(errno)); - - keep = true; - } + if (!mkdtemp(binderfs_mntpt)) + ksft_exit_fail_msg( + "%s - Failed to create binderfs mountpoint\n", + strerror(errno)); - ret = mount(NULL, "/dev/binderfs", "binder", 0, 0); + ret = mount(NULL, binderfs_mntpt, "binder", 0, 0); if (ret < 0) { if (errno != ENODEV) ksft_exit_fail_msg("%s - Failed to mount binderfs\n", strerror(errno)); - keep ? : rmdir_protect_errno("/dev/binderfs"); + rmdir_protect_errno(binderfs_mntpt); return 1; } @@ -170,7 +166,8 @@ static int __do_binderfs_test(void) memcpy(device.name, "my-binder", strlen("my-binder")); - fd = open("/dev/binderfs/binder-control", O_RDONLY | O_CLOEXEC); + snprintf(device_path, sizeof(device_path), "%s/binder-control", binderfs_mntpt); + fd = open(device_path, O_RDONLY | O_CLOEXEC); if (fd < 0) ksft_exit_fail_msg( "%s - Failed to open binder-control device\n", @@ -181,7 +178,7 @@ static int __do_binderfs_test(void) close(fd); errno = saved_errno; if (ret < 0) { - keep ? : rmdir_protect_errno("/dev/binderfs"); + rmdir_protect_errno(binderfs_mntpt); ksft_exit_fail_msg( "%s - Failed to allocate new binder device\n", strerror(errno)); @@ -194,9 +191,10 @@ static int __do_binderfs_test(void) /* binder device allocation test passed */ ksft_inc_pass_cnt(); - fd = open("/dev/binderfs/my-binder", O_CLOEXEC | O_RDONLY); + snprintf(device_path, sizeof(device_path), "%s/my-binder", binderfs_mntpt); + fd = open(device_path, O_CLOEXEC | O_RDONLY); if (fd < 0) { - keep ? : rmdir_protect_errno("/dev/binderfs"); + rmdir_protect_errno(binderfs_mntpt); ksft_exit_fail_msg("%s - Failed to open my-binder device\n", strerror(errno)); } @@ -206,7 +204,7 @@ static int __do_binderfs_test(void) close(fd); errno = saved_errno; if (ret < 0) { - keep ? : rmdir_protect_errno("/dev/binderfs"); + rmdir_protect_errno(binderfs_mntpt); ksft_exit_fail_msg( "%s - Failed to open perform BINDER_VERSION request\n", strerror(errno)); @@ -218,9 +216,9 @@ static int __do_binderfs_test(void) /* binder transaction with binderfs binder device passed */ ksft_inc_pass_cnt(); - ret = unlink("/dev/binderfs/my-binder"); + ret = unlink(device_path); if (ret < 0) { - keep ? : rmdir_protect_errno("/dev/binderfs"); + rmdir_protect_errno(binderfs_mntpt); ksft_exit_fail_msg("%s - Failed to delete binder device\n", strerror(errno)); } @@ -228,12 +226,13 @@ static int __do_binderfs_test(void) /* binder device removal passed */ ksft_inc_pass_cnt(); - ret = unlink("/dev/binderfs/binder-control"); + snprintf(device_path, sizeof(device_path), "%s/binder-control", binderfs_mntpt); + ret = unlink(device_path); if (!ret) { - keep ? : rmdir_protect_errno("/dev/binderfs"); + rmdir_protect_errno(binderfs_mntpt); ksft_exit_fail_msg("Managed to delete binder-control device\n"); } else if (errno != EPERM) { - keep ? : rmdir_protect_errno("/dev/binderfs"); + rmdir_protect_errno(binderfs_mntpt); ksft_exit_fail_msg( "%s - Failed to delete binder-control device but exited with unexpected error code\n", strerror(errno)); @@ -243,8 +242,8 @@ static int __do_binderfs_test(void) ksft_inc_xfail_cnt(); on_error: - ret = umount2("/dev/binderfs", MNT_DETACH); - keep ?: rmdir_protect_errno("/dev/binderfs"); + ret = umount2(binderfs_mntpt, MNT_DETACH); + rmdir_protect_errno(binderfs_mntpt); if (ret < 0) ksft_exit_fail_msg("%s - Failed to unmount binderfs\n", strerror(errno));