Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752448AbcDOPuS (ORCPT ); Fri, 15 Apr 2016 11:50:18 -0400 Received: from out02.mta.xmission.com ([166.70.13.232]:50657 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751581AbcDOPuK (ORCPT ); Fri, 15 Apr 2016 11:50:10 -0400 From: "Eric W. Biederman" To: Linus Torvalds Cc: "H. Peter Anvin" , Andy Lutomirski , security@debian.org, security@kernel.org, Al Viro , security@ubuntu.com, Peter Hurley , Serge Hallyn , Willy Tarreau , Aurelien Jarno , One Thousand Gnomes , Jann Horn , Greg KH , Linux Kernel Mailing List , Jiri Slaby , Florian Weimer , "Eric W. Biederman" Date: Fri, 15 Apr 2016 10:35:30 -0500 Message-Id: <1460734532-20134-14-git-send-email-ebiederm@xmission.com> X-Mailer: git-send-email 2.8.1 In-Reply-To: <1460734532-20134-1-git-send-email-ebiederm@xmission.com> References: <877ffyzy1j.fsf_-_@x220.int.ebiederm.org> <1460734532-20134-1-git-send-email-ebiederm@xmission.com> X-XM-AID: U2FsdGVkX19ZS2hqt0n3ff+W+kcHWrMa4Rh0alD8UbU= X-SA-Exim-Connect-IP: 67.3.249.252 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 1.5 XMNoVowels Alpha-numberic number with no vowels * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa07 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: *;Linus Torvalds X-Spam-Relay-Country: X-Spam-Timing: total 498 ms - load_scoreonly_sql: 0.09 (0.0%), signal_user_changed: 9 (1.8%), b_tie_ro: 6 (1.2%), parse: 1.32 (0.3%), extract_message_metadata: 16 (3.2%), get_uri_detail_list: 3.2 (0.6%), tests_pri_-1000: 7 (1.3%), tests_pri_-950: 1.33 (0.3%), tests_pri_-900: 1.11 (0.2%), tests_pri_-400: 28 (5.6%), check_bayes: 26 (5.3%), b_tokenize: 9 (1.8%), b_tok_get_all: 8 (1.6%), b_comp_prob: 2.9 (0.6%), b_tok_touch_all: 3.7 (0.7%), b_finish: 0.83 (0.2%), tests_pri_0: 426 (85.5%), check_dkim_signature: 0.60 (0.1%), check_dkim_adsp: 3.3 (0.7%), tests_pri_500: 5 (1.0%), rewrite_mail: 0.00 (0.0%) Subject: [PATCH 14/16] vfs: Implement mount_super_once X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3287 Lines: 90 The devpts filesystem has a notion of a system or primary instance of devpts. To retain the notion of a primary system instance of devpts the code needs a way to allow userspace to mount the internally mounted instance of devpts when it is not currently mounted by userspace. The new helper mount_super_once allows that. The function mount_super_once ignores vfsmounts that are in use but are not mounted in userspace. The set of ignored mounts includes internal mounts, lazily unmounted instances of mounts, and loopback/bind mounts show root directory is not a filesystems root directory. Furthermore mount_super_once only allows exporting a mount to userspace if it can account for every reference in s_active on the superblock. Ensuring races do not allow two simultaneous mount requestions export the same filesystem to userspace. Signed-off-by: "Eric W. Biederman" --- fs/super.c | 34 ++++++++++++++++++++++++++++++++++ include/linux/fs.h | 2 ++ 2 files changed, 36 insertions(+) diff --git a/fs/super.c b/fs/super.c index 74914b1bae70..4a6552395fad 100644 --- a/fs/super.c +++ b/fs/super.c @@ -33,6 +33,7 @@ #include #include #include +#include "mount.h" #include "internal.h" @@ -1101,6 +1102,39 @@ struct dentry *mount_single(struct file_system_type *fs_type, } EXPORT_SYMBOL(mount_single); +struct dentry *mount_super_once(struct super_block *sb, int flags, void *data) +{ + /* Allow mounting the specified superblock by userspace if there + * are not any existing userspace mounts of it. + */ + struct mount *mnt; + int count = 0; + + /* Walk through the existing mounts of this superblock. Fail + * if any of those mounts are exported to userspace. Otherwise + * increment s_active if the superblock s_active count matches + * the number of mounts in the list. This ensures that multiple + * simultaneous calls to mount_super_once do not race and result + * in the filesystem exported to userspace multiple times. + */ + lock_mount_hash(); + list_for_each_entry(mnt, &sb->s_mounts, mnt_instance) { + if (is_mounted(&mnt->mnt) && (mnt->mnt.mnt_root == sb->s_root)) { + unlock_mount_hash(); + return ERR_PTR(-EBUSY); + } + count++; + } + if (atomic_cmpxchg(&sb->s_active, count, count + 1) != count) { + unlock_mount_hash(); + return ERR_PTR(-EBUSY); + } + unlock_mount_hash(); + down_write(&sb->s_umount); + do_remount_sb(sb, flags, data, 0); + return dget(sb->s_root); +} + struct dentry * mount_fs(struct file_system_type *type, int flags, const char *name, void *data) { diff --git a/include/linux/fs.h b/include/linux/fs.h index aade033bed49..465c1155bf72 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2002,6 +2002,8 @@ extern struct dentry *mount_single(struct file_system_type *fs_type, extern struct dentry *mount_nodev(struct file_system_type *fs_type, int flags, void *data, int (*fill_super)(struct super_block *, void *, int)); +extern struct dentry *mount_super_once(struct super_block *sb, + int flags, void *data); extern struct dentry *mount_subtree(struct vfsmount *mnt, const char *path); void generic_shutdown_super(struct super_block *sb); void kill_block_super(struct super_block *sb); -- 2.8.1