[GIT PULL] Usernamespace related locked mount fixes

Eric W. Biederman ebiederm at xmission.com
Thu Apr 16 23:40:44 UTC 2015


Linus,

Please pull the for-linus branch from the git tree:

   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus

   HEAD: e0c9c0afd2fc958ffa34b697972721d81df8a56f mnt: Update detach_mounts to leave mounts connected

Way back in October Andrey Vagin reported that umount(MNT_DETACH) could
be used to defeat MNT_LOCKED.  As I worked to fix this I discovered
that combined with mount propagation and an appropriate selection of
shared subtrees a reference to a directory on an unmounted filesystem is
not necessary.

That MNT_DETACH is allowed in user namespace in a form that can break
MNT_LOCKED comes from my early misunderstanding what MNT_DETACH does.

To avoid breaking existing userspace the conflict between MNT_DETACH and
MNT_LOCKED is fixed by leaving mounts that are locked to their parents
in the mount hash table until the last reference goes away.

While investigating this issue I also found an issue with
__detach_mounts.  The code was unnecessarily and incorrectly triggering
mount propagation.  Resulting in too many mounts going away when a
directory is deleted, and too many cpu cycles are burned while doing
that.

Looking some more I realized that __detach_mounts by only keeping mounts
connected that were MNT_LOCKED it had the potential to still leak
information so I tweaked the code to keep everything locked together
that possibly could be.

This code was almost ready last cycle but Al invented fs_pin which
slightly simplifies this code but required rewrites and retesting,
and I have not been in top form for a while so it took me a while to get
all of that done.  Similiarly this pull request is late because I have
been feeling absolutely miserable all week.

The issue of being able to escape a bind mount has not yet been
addressed, as the fixes are not yet mature.

Eric W. Biederman (15):
      mnt: Use hlist_move_list in namespace_unlock
      mnt: Improve the umount_tree flags
      mnt: Don't propagate umounts in __detach_mounts
      mnt: In umount_tree reuse mnt_list instead of mnt_hash
      mnt: Add MNT_UMOUNT flag
      mnt: Delay removal from the mount hash.
      mnt: On an unmount propagate clearing of MNT_LOCKED
      mnt: Don't propagate unmounts to locked mounts
      mnt: Fail collect_mounts when applied to unmounted mounts
      mnt: Factor out unhash_mnt from detach_mnt and umount_tree
      mnt: Factor umount_mnt from umount_tree
      fs_pin: Allow for the possibility that m_list or s_list go unused.
      mnt: Honor MNT_LOCKED when detaching mounts
      mnt: Fix the error check in __detach_mounts
      mnt: Update detach_mounts to leave mounts connected

 fs/fs_pin.c            |   4 +-
 fs/namespace.c         | 142 +++++++++++++++++++++++++++++++++----------------
 fs/pnode.c             |  60 ++++++++++++++++++---
 fs/pnode.h             |   7 ++-
 include/linux/fs_pin.h |   2 +
 include/linux/mount.h  |   1 +
 6 files changed, 159 insertions(+), 57 deletions(-)



More information about the Containers mailing list