linux.git/fs/namespace.c, branch v2.6.34

Fix the regression created by "set S_DEAD on unlink()..." commit

2010-05-15T11:16:33+00:00

1) i_flags simply doesn't work for mount/unlink race prevention;
we may have many links to file and rm on one of those obviously
shouldn't prevent bind on top of another later on.  To fix it
right way we need to mark _dentry_ as unsuitable for mounting
upon; new flag (DCACHE_CANT_MOUNT) is protected by d_flags and
i_mutex on the inode in question.  Set it (with dont_mount(dentry))
in unlink/rmdir/etc., check (with cant_mount(dentry)) in places
in namespace.c that used to check for S_DEAD.  Setting S_DEAD
is still needed in places where we used to set it (for directories
getting killed), since we rely on it for readdir/rmdir race
prevention.

2) rename()/mount() protection has another bogosity - we unhash
the target before we'd checked that it's not a mountpoint.  Fixed.

3) ancient bogosity in pivot_root() - we locked i_mutex on the
right directory, but checked S_DEAD on the different (and wrong)
one.  Noticed and fixed.

Signed-off-by: Al Viro

vfs: add NOFOLLOW flag to umount(2)

2010-03-03T19:08:00+00:00

Add a new UMOUNT_NOFOLLOW flag to umount(2).  This is needed to prevent
symlink attacks in unprivileged unmounts (fuse, samba, ncpfs).

Additionally, return -EINVAL if an unknown flag is used (and specify
an explicitly unused flag: UMOUNT_UNUSED).  This makes it possible for
the caller to determine if a flag is supported or not.

CC: Eugene Teo 
CC: Michael Kerrisk 
Signed-off-by: Miklos Szeredi 
Signed-off-by: Al Viro

Mirror MS_KERNMOUNT in ->mnt_flags

2010-03-03T19:08:00+00:00

Signed-off-by: Al Viro

get rid of useless vfsmount_lock use in put_mnt_ns()

2010-03-03T19:07:59+00:00

It hadn't been needed since we'd sanitized the logics in
mark_mounts_for_expiry() (which, in turn, used to be a
rudiment of bad old times when namespace_sem was per-ns).

Signed-off-by: Al Viro

take check for new events in namespace (guts of mounts_poll()) to namespace.c

2010-03-03T19:07:59+00:00

Signed-off-by: Al Viro

new helper: iterate_mounts()

2010-03-03T19:07:57+00:00

apply function to vfsmounts in set returned by collect_mounts(),
stop if it returns non-zero.

Signed-off-by: Al Viro

VFS: Clean up shared mount flag propagation

2010-03-03T19:07:55+00:00

The handling of mount flags in set_mnt_shared() got a little tangled
up during previous cleanups, with the following problems:

* MNT_PNODE_MASK is defined as a literal constant when it should be a
bitwise xor of other MNT_* flags
* set_mnt_shared() clears and then sets MNT_SHARED (part of MNT_PNODE_MASK)
* MNT_PNODE_MASK could use a comment in mount.h
* MNT_PNODE_MASK is a terrible name, change to MNT_SHARED_MASK

This patch fixes these problems.

Signed-off-by: Al Viro

Kill CL_PROPAGATION, sanitize fs/pnode.c:get_source()

2010-03-03T18:00:22+00:00

First of all, get_source() never results in CL_PROPAGATION
alone.  We either get CL_MAKE_SHARED (for the continuation
of peer group) or CL_SLAVE (slave that is not shared) or both
(beginning of peer group among slaves).  Massage the code to
make that explicit, kill CL_PROPAGATION test in clone_mnt()
(nothing sets CL_MAKE_SHARED without CL_PROPAGATION and in
clone_mnt() we are checking CL_PROPAGATION after we'd found
that there's no CL_SLAVE, so the check for CL_MAKE_SHARED
would do just as well).

Fix comments, while we are at it...

Signed-off-by: Al Viro

do_add_mount() should sanitize mnt_flags

2010-01-16T18:07:36+00:00

MNT_WRITE_HOLD shouldn't leak into new vfsmount and neither
should MNT_SHARED (the latter will be set properly, along with
the rest of shared-subtree data structures)

Signed-off-by: Al Viro

mnt_flags fixes in do_remount()

2010-01-16T18:01:26+00:00

* need vfsmount_lock over modifying it
* need to preserve MNT_SHARED/MNT_UNBINDABLE

Signed-off-by: Al Viro