v4: description corrected
v3: patch inline
Currently umount on symlink blocks following umount:
/vz is separate mount
# ls /vz/ -al | grep test
drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir
lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir
# umount -l /vz/testlink
umount: /vz/testlink: not mounted (expected)
# lsof /vz
# umount /vz
umount: /vz: device is busy. (unexpected)
In this case mountpoint_last() gets an extra refcount on path->mnt
Signed-off-by: Vasily Averin <[email protected]>
---
fs/namei.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 985c6f3..9eb787e 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2256,9 +2256,10 @@ done:
goto out;
}
path->dentry = dentry;
- path->mnt = mntget(nd->path.mnt);
+ path->mnt = nd->path.mnt;
if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW))
return 1;
+ mntget(path->mnt);
follow_mount(path);
error = 0;
out:
--
1.7.5.4
On Mon, 21 Jul 2014 12:30:23 +0400
Vasily Averin <[email protected]> wrote:
> v4: description corrected
> v3: patch inline
>
> Currently umount on symlink blocks following umount:
>
> /vz is separate mount
>
> # ls /vz/ -al | grep test
> drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir
> lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir
> # umount -l /vz/testlink
> umount: /vz/testlink: not mounted (expected)
>
> # lsof /vz
> # umount /vz
> umount: /vz: device is busy. (unexpected)
>
> In this case mountpoint_last() gets an extra refcount on path->mnt
>
> Signed-off-by: Vasily Averin <[email protected]>
> ---
> fs/namei.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/fs/namei.c b/fs/namei.c
> index 985c6f3..9eb787e 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -2256,9 +2256,10 @@ done:
> goto out;
> }
> path->dentry = dentry;
> - path->mnt = mntget(nd->path.mnt);
> + path->mnt = nd->path.mnt;
> if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW))
> return 1;
> + mntget(path->mnt);
> follow_mount(path);
> error = 0;
> out:
Looks correct, I think...
Acked-by:
--
Jeff Layton <[email protected]>
On Mon, 2014-07-21 at 12:30 +0400, Vasily Averin wrote:
> v4: description corrected
> v3: patch inline
>
> Currently umount on symlink blocks following umount:
>
> /vz is separate mount
>
> # ls /vz/ -al | grep test
> drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir
> lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir
> # umount -l /vz/testlink
> umount: /vz/testlink: not mounted (expected)
>
> # lsof /vz
> # umount /vz
> umount: /vz: device is busy. (unexpected)
>
> In this case mountpoint_last() gets an extra refcount on path->mnt
>
> Signed-off-by: Vasily Averin <[email protected]>
Acked-by: Ian Kent <[email protected]>
I was working on this too.
I prefer this patch over my own.
Haven't tested it yet but it is very similar to the patch I was working
with which had seen some basic testing.
> ---
> fs/namei.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/fs/namei.c b/fs/namei.c
> index 985c6f3..9eb787e 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -2256,9 +2256,10 @@ done:
> goto out;
> }
> path->dentry = dentry;
> - path->mnt = mntget(nd->path.mnt);
> + path->mnt = nd->path.mnt;
> if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW))
> return 1;
> + mntget(path->mnt);
> follow_mount(path);
> error = 0;
> out:
CVE-2014-5045 was assigned for this issue
On 07/23/2014 10:06 AM, Ian Kent wrote:
> On Mon, 2014-07-21 at 12:30 +0400, Vasily Averin wrote:
>> Currently umount on symlink blocks following umount:
>>
>> /vz is separate mount
>>
>> # ls /vz/ -al | grep test
>> drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir
>> lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir
>> # umount -l /vz/testlink
>> umount: /vz/testlink: not mounted (expected)
>>
>> # lsof /vz
>> # umount /vz
>> umount: /vz: device is busy. (unexpected)
>>
>> In this case mountpoint_last() gets an extra refcount on path->mnt
>>
>> Signed-off-by: Vasily Averin <[email protected]>
>
> Acked-by: Ian Kent <[email protected]>