[PATCH review 0/9] Call for testing and review of mount detach fixes
Eric W. Biederman
ebiederm at xmission.com
Fri Jan 2 21:42:21 UTC 2015
Way back in October Andrey Vagin reported that umount(MNT_DETACH) could
be used to defeat MNT_LOCKED.
That MNT_DETACH is allowed in user namespace comes from my early
misunderstanding what MNT_DETACH does. My mistake.
To avoid breaking existing userspace the conflict between MNT_DETACH
and MNT_LOCKED is fixed by leaving locked umounts attached in the mount
hash table until the last reference goes away.
While investigating this issue I also found an issue with
__detach_mounts. The code was unnecessarily and incorrectly triggering
mount propagation. Resulting in too many mounts going away when a
directory is deleted, and too many cpu cycles burned while doing that.
For those who like to see everything in a single tree the code is at:
Eric W. Biederman (9):
mnt: Improve the umount_tree flags
mnt: Don't propagate umounts in __detach_mounts
mnt: In umount_tree reuse mnt_list instead of mnt_hash
mnt: Add MNT_UMOUNT flag
mnt: Delay removal from the mount hash.
mnt: Factor out __detach_mnt from detach_mnt
mnt: Simplify umount_tree
mnt: Remove redundant NULL tests in namespace_unlock
mnt: Honor MNT_LOCKED when detaching mounts
fs/namespace.c | 150 +++++++++++++++++++++++++++++++-------------------
fs/pnode.c | 8 +--
fs/pnode.h | 3 +-
include/linux/mount.h | 1 +
4 files changed, 99 insertions(+), 63 deletions(-)
More information about the Containers