linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* linux-next: manual merge of the userns tree with the vfs tree
@ 2018-06-20  2:39 Stephen Rothwell
  2018-08-06  7:50 ` Stephen Rothwell
  0 siblings, 1 reply; 16+ messages in thread
From: Stephen Rothwell @ 2018-06-20  2:39 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro
  Cc: Linux-Next Mailing List, Linux Kernel Mailing List

[-- Attachment #1: Type: text/plain, Size: 5130 bytes --]

Hi all,

Today's linux-next merge of the userns tree got a conflict in:

  fs/proc/inode.c
  fs/proc/root.c

between commit:

  0223e0999be2 ("procfs: Move proc_fill_super() to fs/proc/root.c")
  83cd45075c36 ("proc: Add fs_context support to procfs")

from the vfs tree and commit:

  cc8cda3af2ba ("proc: Simplify and fix proc by removing the kernel mount")
  9303f5f81bd4 ("proc: Change proc_parse_options to return an errno value")
  04035aa33a12 ("proc: Don't change mount options on remount failure.")

from the userns tree.

I effectively reverted 9303f5f81bd4 and 04035aa33a12 since (I think)
they are subsumed by the vfs tree changes.

I fixed it up (I think I got it mostly right this time - see below) and
can carry the fix as necessary. This is now fixed as far as linux-next
is concerned, but any non trivial conflicts should be mentioned to your
upstream maintainer when your tree is submitted for merging.  You may
also want to consider cooperating with the maintainer of the
conflicting tree to minimise any particularly complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc fs/proc/root.c
index efbdc08a3c86,3dceff6cd121..91e9b417bc6d
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@@ -80,71 -78,21 +80,74 @@@ static int proc_parse_option(struct fs_
  	return 0;
  }
  
 -int proc_remount(struct super_block *sb, int *flags, char *data)
 +static void proc_set_options(struct super_block *s,
 +			     struct fs_context *fc,
 +			     struct pid_namespace *pid_ns,
 +			     struct user_namespace *user_ns)
  {
 -	struct pid_namespace *pid = sb->s_fs_info;
 -	struct proc_mount_options opts = {
 -		.pid_gid  = pid->pid_gid,
 -		.hide_pid = pid->hide_pid,
 -	};
 +	struct proc_fs_context *ctx = fc->fs_private;
 +
 +	if (ctx->mask & (1 << Opt_gid))
 +		pid_ns->pid_gid = make_kgid(user_ns, ctx->gid);
 +	if (ctx->mask & (1 << Opt_hidepid))
 +		pid_ns->hide_pid = ctx->hidepid;
 +}
 +
 +static int proc_fill_super(struct super_block *s, struct fs_context *fc)
 +{
 +	struct pid_namespace *pid_ns = get_pid_ns(s->s_fs_info);
 +	struct inode *root_inode;
  	int ret;
  
 -	sync_filesystem(sb);
 -	ret = proc_parse_options(data, &opts);
 -	if (ret)
 +	proc_set_options(s, fc, pid_ns, current_user_ns());
 +
 +	/* User space would break if executables or devices appear on proc */
 +	s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC | SB_I_NODEV;
 +	s->s_flags |= SB_NODIRATIME | SB_NOSUID | SB_NOEXEC;
 +	s->s_blocksize = 1024;
 +	s->s_blocksize_bits = 10;
 +	s->s_magic = PROC_SUPER_MAGIC;
 +	s->s_op = &proc_sops;
 +	s->s_time_gran = 1;
 +
 +	/*
 +	 * procfs isn't actually a stacking filesystem; however, there is
 +	 * too much magic going on inside it to permit stacking things on
 +	 * top of it
 +	 */
 +	s->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH;
 +
 +	pde_get(&proc_root);
 +	root_inode = proc_get_inode(s, &proc_root);
 +	if (!root_inode) {
 +		pr_err("proc_fill_super: get root inode failed\n");
 +		return -ENOMEM;
 +	}
 +
 +	s->s_root = d_make_root(root_inode);
 +	if (!s->s_root) {
 +		pr_err("proc_fill_super: allocate dentry failed\n");
 +		return -ENOMEM;
 +	}
 +
 +	ret = proc_setup_self(s);
 +	if (ret) {
  		return ret;
 -	pid->pid_gid  = opts.pid_gid;
 -	pid->hide_pid = opts.hide_pid;
 +	}
- 	return proc_setup_thread_self(s);
++	ret = proc_setup_thread_self(s);
++
++	rcu_assign_pointer(pid_ns->proc_super, s);
++	return ret;
 +}
 +
 +int proc_reconfigure(struct super_block *sb, struct fs_context *fc)
 +{
 +	struct pid_namespace *pid = sb->s_fs_info;
 +
 +	sync_filesystem(sb);
 +
 +	if (fc)
 +		proc_set_options(sb, fc, pid, current_user_ns());
  	return 0;
  }
  
@@@ -288,44 -208,23 +292,22 @@@ struct proc_dir_entry proc_root = 
  	.proc_fops	= &proc_root_operations,
  	.parent		= &proc_root,
  	.subdir		= RB_ROOT,
 -	.name		= proc_root.inline_name,
 -	.inline_name	= "/proc",
 +	.name		= "/proc",
  };
  
- int pid_ns_prepare_proc(struct pid_namespace *ns)
+ #if defined(CONFIG_SYSCTL_SYSCALL) || defined(CONFIG_MCONSOLE)
+ struct file *file_open_proc(const char *pathname, int flags, umode_t mode)
  {
- 	struct proc_fs_context *ctx;
- 	struct fs_context *fc;
  	struct vfsmount *mnt;
- 	int ret;
- 
- 	fc = vfs_new_fs_context(&proc_fs_type, NULL, 0,
- 				FS_CONTEXT_FOR_KERNEL_MOUNT);
- 	if (IS_ERR(fc))
- 		return PTR_ERR(fc);
- 
- 	ctx = fc->fs_private;
- 	if (ctx->pid_ns != ns) {
- 		put_pid_ns(ctx->pid_ns);
- 		get_pid_ns(ns);
- 		ctx->pid_ns = ns;
- 	}
+ 	struct file *file;
  
- 	ret = vfs_get_tree(fc);
- 	if (ret < 0) {
- 		put_fs_context(fc);
- 		return ret;
- 	}
- 
- 	mnt = vfs_create_mount(fc, 0);
- 	put_fs_context(fc);
+ 	mnt = kern_mount(&proc_fs_type);
  	if (IS_ERR(mnt))
- 		return PTR_ERR(mnt);
+ 		return ERR_CAST(mnt);
  
- 	ns->proc_mnt = mnt;
- 	return 0;
- }
+ 	file = file_open_root(mnt->mnt_root, mnt, pathname, flags, mode);
+ 	kern_unmount(mnt);
  
- void pid_ns_release_proc(struct pid_namespace *ns)
- {
- 	kern_unmount(ns->proc_mnt);
+ 	return file;
  }
+ #endif

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: linux-next: manual merge of the userns tree with the vfs tree
  2018-06-20  2:39 linux-next: manual merge of the userns tree with the vfs tree Stephen Rothwell
@ 2018-08-06  7:50 ` Stephen Rothwell
  2018-08-06 17:35   ` Eric W. Biederman
  0 siblings, 1 reply; 16+ messages in thread
From: Stephen Rothwell @ 2018-08-06  7:50 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro
  Cc: Linux-Next Mailing List, Linux Kernel Mailing List

[-- Attachment #1: Type: text/plain, Size: 5794 bytes --]

Hi all,

On Wed, 20 Jun 2018 12:39:05 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Today's linux-next merge of the userns tree got a conflict in:
> 
>   fs/proc/inode.c
>   fs/proc/root.c
> 
> between commit:
> 
>   0223e0999be2 ("procfs: Move proc_fill_super() to fs/proc/root.c")
>   83cd45075c36 ("proc: Add fs_context support to procfs")
> 
> from the vfs tree and commit:
> 
>   cc8cda3af2ba ("proc: Simplify and fix proc by removing the kernel mount")
>   9303f5f81bd4 ("proc: Change proc_parse_options to return an errno value")
>   04035aa33a12 ("proc: Don't change mount options on remount failure.")
> 
> from the userns tree.
> 
> I effectively reverted 9303f5f81bd4 and 04035aa33a12 since (I think)
> they are subsumed by the vfs tree changes.
> 
> I fixed it up (I think I got it mostly right this time - see below) and
> can carry the fix as necessary. This is now fixed as far as linux-next
> is concerned, but any non trivial conflicts should be mentioned to your
> upstream maintainer when your tree is submitted for merging.  You may
> also want to consider cooperating with the maintainer of the
> conflicting tree to minimise any particularly complex conflicts.
> 
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc fs/proc/root.c
> index efbdc08a3c86,3dceff6cd121..91e9b417bc6d
> --- a/fs/proc/root.c
> +++ b/fs/proc/root.c
> @@@ -80,71 -78,21 +80,74 @@@ static int proc_parse_option(struct fs_
>   	return 0;
>   }
>   
>  -int proc_remount(struct super_block *sb, int *flags, char *data)
>  +static void proc_set_options(struct super_block *s,
>  +			     struct fs_context *fc,
>  +			     struct pid_namespace *pid_ns,
>  +			     struct user_namespace *user_ns)
>   {
>  -	struct pid_namespace *pid = sb->s_fs_info;
>  -	struct proc_mount_options opts = {
>  -		.pid_gid  = pid->pid_gid,
>  -		.hide_pid = pid->hide_pid,
>  -	};
>  +	struct proc_fs_context *ctx = fc->fs_private;
>  +
>  +	if (ctx->mask & (1 << Opt_gid))
>  +		pid_ns->pid_gid = make_kgid(user_ns, ctx->gid);
>  +	if (ctx->mask & (1 << Opt_hidepid))
>  +		pid_ns->hide_pid = ctx->hidepid;
>  +}
>  +
>  +static int proc_fill_super(struct super_block *s, struct fs_context *fc)
>  +{
>  +	struct pid_namespace *pid_ns = get_pid_ns(s->s_fs_info);
>  +	struct inode *root_inode;
>   	int ret;
>   
>  -	sync_filesystem(sb);
>  -	ret = proc_parse_options(data, &opts);
>  -	if (ret)
>  +	proc_set_options(s, fc, pid_ns, current_user_ns());
>  +
>  +	/* User space would break if executables or devices appear on proc */
>  +	s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC | SB_I_NODEV;
>  +	s->s_flags |= SB_NODIRATIME | SB_NOSUID | SB_NOEXEC;
>  +	s->s_blocksize = 1024;
>  +	s->s_blocksize_bits = 10;
>  +	s->s_magic = PROC_SUPER_MAGIC;
>  +	s->s_op = &proc_sops;
>  +	s->s_time_gran = 1;
>  +
>  +	/*
>  +	 * procfs isn't actually a stacking filesystem; however, there is
>  +	 * too much magic going on inside it to permit stacking things on
>  +	 * top of it
>  +	 */
>  +	s->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH;
>  +
>  +	pde_get(&proc_root);
>  +	root_inode = proc_get_inode(s, &proc_root);
>  +	if (!root_inode) {
>  +		pr_err("proc_fill_super: get root inode failed\n");
>  +		return -ENOMEM;
>  +	}
>  +
>  +	s->s_root = d_make_root(root_inode);
>  +	if (!s->s_root) {
>  +		pr_err("proc_fill_super: allocate dentry failed\n");
>  +		return -ENOMEM;
>  +	}
>  +
>  +	ret = proc_setup_self(s);
>  +	if (ret) {
>   		return ret;
>  -	pid->pid_gid  = opts.pid_gid;
>  -	pid->hide_pid = opts.hide_pid;
>  +	}
> - 	return proc_setup_thread_self(s);
> ++	ret = proc_setup_thread_self(s);
> ++
> ++	rcu_assign_pointer(pid_ns->proc_super, s);
> ++	return ret;
>  +}
>  +
>  +int proc_reconfigure(struct super_block *sb, struct fs_context *fc)
>  +{
>  +	struct pid_namespace *pid = sb->s_fs_info;
>  +
>  +	sync_filesystem(sb);
>  +
>  +	if (fc)
>  +		proc_set_options(sb, fc, pid, current_user_ns());
>   	return 0;
>   }
>   
> @@@ -288,44 -208,23 +292,22 @@@ struct proc_dir_entry proc_root = 
>   	.proc_fops	= &proc_root_operations,
>   	.parent		= &proc_root,
>   	.subdir		= RB_ROOT,
>  -	.name		= proc_root.inline_name,
>  -	.inline_name	= "/proc",
>  +	.name		= "/proc",
>   };
>   
> - int pid_ns_prepare_proc(struct pid_namespace *ns)
> + #if defined(CONFIG_SYSCTL_SYSCALL) || defined(CONFIG_MCONSOLE)
> + struct file *file_open_proc(const char *pathname, int flags, umode_t mode)
>   {
> - 	struct proc_fs_context *ctx;
> - 	struct fs_context *fc;
>   	struct vfsmount *mnt;
> - 	int ret;
> - 
> - 	fc = vfs_new_fs_context(&proc_fs_type, NULL, 0,
> - 				FS_CONTEXT_FOR_KERNEL_MOUNT);
> - 	if (IS_ERR(fc))
> - 		return PTR_ERR(fc);
> - 
> - 	ctx = fc->fs_private;
> - 	if (ctx->pid_ns != ns) {
> - 		put_pid_ns(ctx->pid_ns);
> - 		get_pid_ns(ns);
> - 		ctx->pid_ns = ns;
> - 	}
> + 	struct file *file;
>   
> - 	ret = vfs_get_tree(fc);
> - 	if (ret < 0) {
> - 		put_fs_context(fc);
> - 		return ret;
> - 	}
> - 
> - 	mnt = vfs_create_mount(fc, 0);
> - 	put_fs_context(fc);
> + 	mnt = kern_mount(&proc_fs_type);
>   	if (IS_ERR(mnt))
> - 		return PTR_ERR(mnt);
> + 		return ERR_CAST(mnt);
>   
> - 	ns->proc_mnt = mnt;
> - 	return 0;
> - }
> + 	file = file_open_root(mnt->mnt_root, mnt, pathname, flags, mode);
> + 	kern_unmount(mnt);
>   
> - void pid_ns_release_proc(struct pid_namespace *ns)
> - {
> - 	kern_unmount(ns->proc_mnt);
> + 	return file;
>   }
> + #endif

Are there any comments on this resolution.  I just had to do it all
again due to slight changes in the vfs tree.  What are you guys going
to tell Linus when he comes to merge this?

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: linux-next: manual merge of the userns tree with the vfs tree
  2018-08-06  7:50 ` Stephen Rothwell
@ 2018-08-06 17:35   ` Eric W. Biederman
  0 siblings, 0 replies; 16+ messages in thread
From: Eric W. Biederman @ 2018-08-06 17:35 UTC (permalink / raw)
  To: Stephen Rothwell
  Cc: Al Viro, Linux-Next Mailing List, Linux Kernel Mailing List

Stephen Rothwell <sfr@canb.auug.org.au> writes:

> Hi all,
>
> On Wed, 20 Jun 2018 12:39:05 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Are there any comments on this resolution.  I just had to do it all
> again due to slight changes in the vfs tree.  What are you guys going
> to tell Linus when he comes to merge this?

Currently that the fscontext changes have a gaping security hole in it's
userspace API.  Granted the security hole is copied from the existing
mount api.  But I have had multiple real world problems with the
existing behavior, and I have reported it to David Howells multiple
times.

So I honestly don't think David Howells changes are ready to be merged.

The changes to proc exhibit the security holet and I expect they will
have to be redone to make the patch functional.

Eric


^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: linux-next: manual merge of the userns tree with the vfs tree
  2018-06-20  1:44 Stephen Rothwell
@ 2018-06-20  3:31 ` Stephen Rothwell
  0 siblings, 0 replies; 16+ messages in thread
From: Stephen Rothwell @ 2018-06-20  3:31 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro
  Cc: Linux-Next Mailing List, Linux Kernel Mailing List, David Howells

[-- Attachment #1: Type: text/plain, Size: 1235 bytes --]

Hi all,

On Wed, 20 Jun 2018 11:44:41 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Today's linux-next merge of the userns tree got a conflict in:
> 
>   fs/proc/internal.h
> 
> between commit:
> 
>   0223e0999be2 ("procfs: Move proc_fill_super() to fs/proc/root.c")
> 
> from the vfs tree and commit:
> 
>   04035aa33a12 ("proc: Don't change mount options on remount failure.")
> 
> from the userns tree.
> 
> diff --cc fs/proc/internal.h
> index ea8c5468eafc,69fa8d953cde..000000000000
> --- a/fs/proc/internal.h
> +++ b/fs/proc/internal.h
> @@@ -270,10 -252,16 +270,15 @@@ static inline void proc_tty_init(void) 
>   /*
>    * root.c
>    */
> + struct proc_mount_options {
> + 	kgid_t pid_gid;
> + 	int hide_pid;
> + };
> + 
>   extern struct proc_dir_entry proc_root;
>  -extern int proc_parse_options(char *options, struct proc_mount_options *opts);
>   
>   extern void proc_self_init(void);
>  -extern int proc_remount(struct super_block *, int *, char *);
>  +extern int proc_reconfigure(struct super_block *, struct fs_context *);
>   
>   /*
>    * task_[no]mmu.c

The struct proc_mount_options was removed by my later merge resolution.

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* linux-next: manual merge of the userns tree with the vfs tree
@ 2018-06-20  1:44 Stephen Rothwell
  2018-06-20  3:31 ` Stephen Rothwell
  0 siblings, 1 reply; 16+ messages in thread
From: Stephen Rothwell @ 2018-06-20  1:44 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro
  Cc: Linux-Next Mailing List, Linux Kernel Mailing List, David Howells

[-- Attachment #1: Type: text/plain, Size: 1379 bytes --]

Hi all,

Today's linux-next merge of the userns tree got a conflict in:

  fs/proc/internal.h

between commit:

  0223e0999be2 ("procfs: Move proc_fill_super() to fs/proc/root.c")

from the vfs tree and commit:

  04035aa33a12 ("proc: Don't change mount options on remount failure.")

from the userns tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc fs/proc/internal.h
index ea8c5468eafc,69fa8d953cde..000000000000
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@@ -270,10 -252,16 +270,15 @@@ static inline void proc_tty_init(void) 
  /*
   * root.c
   */
+ struct proc_mount_options {
+ 	kgid_t pid_gid;
+ 	int hide_pid;
+ };
+ 
  extern struct proc_dir_entry proc_root;
 -extern int proc_parse_options(char *options, struct proc_mount_options *opts);
  
  extern void proc_self_init(void);
 -extern int proc_remount(struct super_block *, int *, char *);
 +extern int proc_reconfigure(struct super_block *, struct fs_context *);
  
  /*
   * task_[no]mmu.c

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: linux-next: manual merge of the userns tree with the vfs tree
  2018-06-19  4:56 Stephen Rothwell
@ 2018-06-19 10:11 ` Eric W. Biederman
  0 siblings, 0 replies; 16+ messages in thread
From: Eric W. Biederman @ 2018-06-19 10:11 UTC (permalink / raw)
  To: Stephen Rothwell
  Cc: Al Viro, Linux-Next Mailing List, Linux Kernel Mailing List,
	David Howells

Stephen Rothwell <sfr@canb.auug.org.au> writes:

> Hi all,
>
> Today's linux-next merge of the userns tree got conflicts in:
>
>   fs/proc/inode.c
>   fs/proc/root.c
>
> between commits:
>
>   0223e0999be2 ("procfs: Move proc_fill_super() to fs/proc/root.c")
>   83cd45075c36 ("proc: Add fs_context support to procfs")
>
> from the vfs tree and commit:
>
>   cc8cda3af2ba ("proc: Simplify and fix proc by removing the kernel mount")
>
> from the userns tree.
>
> I don't know how to fix this up, so I just dropped the userns tree for
> today (since it only contained that one commit).

The userns tree is a fix for a regression that I am sending to Linus
ASAP.  I don't remember any fundamental conflicts.  After we get 4.17
sorted out I will worry about this.

Eric


^ permalink raw reply	[flat|nested] 16+ messages in thread

* linux-next: manual merge of the userns tree with the vfs tree
@ 2018-06-19  4:56 Stephen Rothwell
  2018-06-19 10:11 ` Eric W. Biederman
  0 siblings, 1 reply; 16+ messages in thread
From: Stephen Rothwell @ 2018-06-19  4:56 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro
  Cc: Linux-Next Mailing List, Linux Kernel Mailing List, David Howells

[-- Attachment #1: Type: text/plain, Size: 558 bytes --]

Hi all,

Today's linux-next merge of the userns tree got conflicts in:

  fs/proc/inode.c
  fs/proc/root.c

between commits:

  0223e0999be2 ("procfs: Move proc_fill_super() to fs/proc/root.c")
  83cd45075c36 ("proc: Add fs_context support to procfs")

from the vfs tree and commit:

  cc8cda3af2ba ("proc: Simplify and fix proc by removing the kernel mount")

from the userns tree.

I don't know how to fix this up, so I just dropped the userns tree for
today (since it only contained that one commit).

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* linux-next: manual merge of the userns tree with the vfs tree
@ 2015-05-25  9:49 Stephen Rothwell
  0 siblings, 0 replies; 16+ messages in thread
From: Stephen Rothwell @ 2015-05-25  9:49 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro; +Cc: linux-next, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 3633 bytes --]

Hi Eric,

Today's linux-next merge of the userns tree got a conflict in
fs/libfs.c between commit 61ba64fc0768 ("libfs: simple_follow_link()")
from the vfs tree and commit d5044ae07353 ("fs: Add helper functions
for permanently empty directories.") from the userns tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

diff --cc fs/libfs.c
index 65e1feca8b98,02813592e121..000000000000
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@@ -1097,14 -1094,98 +1097,109 @@@ simple_nosetlease(struct file *filp, lo
  }
  EXPORT_SYMBOL(simple_nosetlease);
  
 +const char *simple_follow_link(struct dentry *dentry, void **cookie)
 +{
 +	return d_inode(dentry)->i_link;
 +}
 +EXPORT_SYMBOL(simple_follow_link);
 +
 +const struct inode_operations simple_symlink_inode_operations = {
 +	.follow_link = simple_follow_link,
 +	.readlink = generic_readlink
 +};
 +EXPORT_SYMBOL(simple_symlink_inode_operations);
+ 
+ /*
+  * Operations for a permanently empty directory.
+  */
+ static struct dentry *empty_dir_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags)
+ {
+ 	return ERR_PTR(-ENOENT);
+ }
+ 
+ static int empty_dir_getattr(struct vfsmount *mnt, struct dentry *dentry,
+ 				 struct kstat *stat)
+ {
+ 	struct inode *inode = d_inode(dentry);
+ 	generic_fillattr(inode, stat);
+ 	return 0;
+ }
+ 
+ static int empty_dir_setattr(struct dentry *dentry, struct iattr *attr)
+ {
+ 	return -EPERM;
+ }
+ 
+ static int empty_dir_setxattr(struct dentry *dentry, const char *name,
+ 			      const void *value, size_t size, int flags)
+ {
+ 	return -EOPNOTSUPP;
+ }
+ 
+ static ssize_t empty_dir_getxattr(struct dentry *dentry, const char *name,
+ 				  void *value, size_t size)
+ {
+ 	return -EOPNOTSUPP;
+ }
+ 
+ static int empty_dir_removexattr(struct dentry *dentry, const char *name)
+ {
+ 	return -EOPNOTSUPP;
+ }
+ 
+ static ssize_t empty_dir_listxattr(struct dentry *dentry, char *list, size_t size)
+ {
+ 	return -EOPNOTSUPP;
+ }
+ 
+ static const struct inode_operations empty_dir_inode_operations = {
+ 	.lookup		= empty_dir_lookup,
+ 	.permission	= generic_permission,
+ 	.setattr	= empty_dir_setattr,
+ 	.getattr	= empty_dir_getattr,
+ 	.setxattr	= empty_dir_setxattr,
+ 	.getxattr	= empty_dir_getxattr,
+ 	.removexattr	= empty_dir_removexattr,
+ 	.listxattr	= empty_dir_listxattr,
+ };
+ 
+ static loff_t empty_dir_llseek(struct file *file, loff_t offset, int whence)
+ {
+ 	/* An empty directory has two entries . and .. at offsets 0 and 1 */
+ 	return generic_file_llseek_size(file, offset, whence, 2, 2);
+ }
+ 
+ static int empty_dir_readdir(struct file *file, struct dir_context *ctx)
+ {
+ 	dir_emit_dots(file, ctx);
+ 	return 0;
+ }
+ 
+ static const struct file_operations empty_dir_operations = {
+ 	.llseek		= empty_dir_llseek,
+ 	.read		= generic_read_dir,
+ 	.iterate	= empty_dir_readdir,
+ 	.fsync		= noop_fsync,
+ };
+ 
+ 
+ void make_empty_dir_inode(struct inode *inode)
+ {
+ 	set_nlink(inode, 2);
+ 	inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO;
+ 	inode->i_uid = GLOBAL_ROOT_UID;
+ 	inode->i_gid = GLOBAL_ROOT_GID;
+ 	inode->i_rdev = 0;
+ 	inode->i_size = 2;
+ 	inode->i_blkbits = PAGE_SHIFT;
+ 	inode->i_blocks = 0;
+ 
+ 	inode->i_op = &empty_dir_inode_operations;
+ 	inode->i_fop = &empty_dir_operations;
+ }
+ 
+ bool is_empty_dir_inode(struct inode *inode)
+ {
+ 	return (inode->i_fop == &empty_dir_operations) &&
+ 		(inode->i_op == &empty_dir_inode_operations);
+ }

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: linux-next: manual merge of the userns tree with the vfs tree
  2014-12-16  3:21 Stephen Rothwell
@ 2014-12-16  4:40 ` Eric W. Biederman
  0 siblings, 0 replies; 16+ messages in thread
From: Eric W. Biederman @ 2014-12-16  4:40 UTC (permalink / raw)
  To: Stephen Rothwell; +Cc: Al Viro, linux-next, linux-kernel

Stephen Rothwell <sfr@canb.auug.org.au> writes:

> Hi Eric,
>
> Today's linux-next merge of the userns tree got a conflict in
> kernel/user_namespace.c between commits 3c0411846118 ("switch the rest
> of proc_ns_operations to working with &...->ns") and 64964528b24e
> ("make proc_ns_operations work with struct ns_common * instead of void
> *") from the vfs tree and commits 273d2c67c3e1 ("userns: Don't allow
> setgroups until a gid mapping has been setablished") and 9cc46516ddf4
> ("userns: Add a knob to disable setgroups on a per user namespace
> basis") from the userns tree.
>
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

The fix is fine.

It might be a hair better if to_user_ns was below the code I added,
but it doesn't affect functionality so it doesn't matter.

Eric


^ permalink raw reply	[flat|nested] 16+ messages in thread

* linux-next: manual merge of the userns tree with the vfs tree
@ 2014-12-16  3:21 Stephen Rothwell
  2014-12-16  4:40 ` Eric W. Biederman
  0 siblings, 1 reply; 16+ messages in thread
From: Stephen Rothwell @ 2014-12-16  3:21 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro; +Cc: linux-next, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 3704 bytes --]

Hi Eric,

Today's linux-next merge of the userns tree got a conflict in
kernel/user_namespace.c between commits 3c0411846118 ("switch the rest
of proc_ns_operations to working with &...->ns") and 64964528b24e
("make proc_ns_operations work with struct ns_common * instead of void
*") from the vfs tree and commits 273d2c67c3e1 ("userns: Don't allow
setgroups until a gid mapping has been setablished") and 9cc46516ddf4
("userns: Add a knob to disable setgroups on a per user namespace
basis") from the userns tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

diff --cc kernel/user_namespace.c
index 1491ad00388f,ad419b04c146..000000000000
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@@ -842,12 -849,101 +850,106 @@@ static bool new_idmap_permitted(const s
  	return false;
  }
  
 +static inline struct user_namespace *to_user_ns(struct ns_common *ns)
 +{
 +	return container_of(ns, struct user_namespace, ns);
 +}
 +
+ int proc_setgroups_show(struct seq_file *seq, void *v)
+ {
+ 	struct user_namespace *ns = seq->private;
+ 	unsigned long userns_flags = ACCESS_ONCE(ns->flags);
+ 
+ 	seq_printf(seq, "%s\n",
+ 		   (userns_flags & USERNS_SETGROUPS_ALLOWED) ?
+ 		   "allow" : "deny");
+ 	return 0;
+ }
+ 
+ ssize_t proc_setgroups_write(struct file *file, const char __user *buf,
+ 			     size_t count, loff_t *ppos)
+ {
+ 	struct seq_file *seq = file->private_data;
+ 	struct user_namespace *ns = seq->private;
+ 	char kbuf[8], *pos;
+ 	bool setgroups_allowed;
+ 	ssize_t ret;
+ 
+ 	/* Only allow a very narrow range of strings to be written */
+ 	ret = -EINVAL;
+ 	if ((*ppos != 0) || (count >= sizeof(kbuf)))
+ 		goto out;
+ 
+ 	/* What was written? */
+ 	ret = -EFAULT;
+ 	if (copy_from_user(kbuf, buf, count))
+ 		goto out;
+ 	kbuf[count] = '\0';
+ 	pos = kbuf;
+ 
+ 	/* What is being requested? */
+ 	ret = -EINVAL;
+ 	if (strncmp(pos, "allow", 5) == 0) {
+ 		pos += 5;
+ 		setgroups_allowed = true;
+ 	}
+ 	else if (strncmp(pos, "deny", 4) == 0) {
+ 		pos += 4;
+ 		setgroups_allowed = false;
+ 	}
+ 	else
+ 		goto out;
+ 
+ 	/* Verify there is not trailing junk on the line */
+ 	pos = skip_spaces(pos);
+ 	if (*pos != '\0')
+ 		goto out;
+ 
+ 	ret = -EPERM;
+ 	mutex_lock(&userns_state_mutex);
+ 	if (setgroups_allowed) {
+ 		/* Enabling setgroups after setgroups has been disabled
+ 		 * is not allowed.
+ 		 */
+ 		if (!(ns->flags & USERNS_SETGROUPS_ALLOWED))
+ 			goto out_unlock;
+ 	} else {
+ 		/* Permanently disabling setgroups after setgroups has
+ 		 * been enabled by writing the gid_map is not allowed.
+ 		 */
+ 		if (ns->gid_map.nr_extents != 0)
+ 			goto out_unlock;
+ 		ns->flags &= ~USERNS_SETGROUPS_ALLOWED;
+ 	}
+ 	mutex_unlock(&userns_state_mutex);
+ 
+ 	/* Report a successful write */
+ 	*ppos = count;
+ 	ret = count;
+ out:
+ 	return ret;
+ out_unlock:
+ 	mutex_unlock(&userns_state_mutex);
+ 	goto out;
+ }
+ 
+ bool userns_may_setgroups(const struct user_namespace *ns)
+ {
+ 	bool allowed;
+ 
+ 	mutex_lock(&userns_state_mutex);
+ 	/* It is not safe to use setgroups until a gid mapping in
+ 	 * the user namespace has been established.
+ 	 */
+ 	allowed = ns->gid_map.nr_extents != 0;
+ 	/* Is setgroups allowed? */
+ 	allowed = allowed && (ns->flags & USERNS_SETGROUPS_ALLOWED);
+ 	mutex_unlock(&userns_state_mutex);
+ 
+ 	return allowed;
+ }
+ 
 -static void *userns_get(struct task_struct *task)
 +static struct ns_common *userns_get(struct task_struct *task)
  {
  	struct user_namespace *user_ns;
  

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* linux-next: manual merge of the userns tree with the vfs tree
@ 2014-12-10  6:27 Stephen Rothwell
  0 siblings, 0 replies; 16+ messages in thread
From: Stephen Rothwell @ 2014-12-10  6:27 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro; +Cc: linux-next, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 3307 bytes --]

Hi Eric,

Today's linux-next merge of the userns tree got a conflict in
kernel/user_namespace.c between commits 3c0411846118 ("switch the rest
of proc_ns_operations to working with &...->ns") and 64964528b24e
("make proc_ns_operations work with struct ns_common * instead of void
*") from the vfs tree and commit 2b714ea67ed4 ("userns: Add a knob to
disable setgroups on a per user namespace basis") from the userns tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

diff --cc kernel/user_namespace.c
index 1491ad00388f,1db950ec08ce..000000000000
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@@ -842,12 -851,99 +852,104 @@@ static bool new_idmap_permitted(const s
  	return false;
  }
  
 +static inline struct user_namespace *to_user_ns(struct ns_common *ns)
 +{
 +	return container_of(ns, struct user_namespace, ns);
 +}
 +
+ static void *setgroups_m_start(struct seq_file *seq, loff_t *ppos)
+ {
+ 	struct user_namespace *ns = seq->private;
+ 
+ 	return (*ppos == 0) ?  ns : NULL;
+ }
+ 
+ static void *setgroups_m_next(struct seq_file *seq, void *v, loff_t *ppos)
+ {
+ 	++*ppos;
+ 	return NULL;
+ }
+ 
+ static void setgroups_m_stop(struct seq_file *seq, void *v)
+ {
+ }
+ 
+ static int setgroups_m_show(struct seq_file *seq, void *v)
+ {
+ 	struct user_namespace *ns = seq->private;
+ 
+ 	seq_printf(seq, "%s\n",
+ 		   test_bit(USERNS_SETGROUPS_ALLOWED, &ns->flags) ?
+ 		   "allow" : "deny");
+ 	return 0;
+ }
+ 
+ const struct seq_operations proc_setgroups_seq_operations = {
+ 	.start	= setgroups_m_start,
+ 	.stop = setgroups_m_stop,
+ 	.next = setgroups_m_next,
+ 	.show = setgroups_m_show,
+ };
+ 
+ ssize_t proc_setgroups_write(struct file *file, const char __user *buf,
+ 			     size_t count, loff_t *ppos)
+ {
+ 	struct seq_file *seq = file->private_data;
+ 	struct user_namespace *ns = seq->private;
+ 	char kbuf[8], *pos;
+ 	bool setgroups_allowed;
+ 	ssize_t ret;
+ 
+ 	ret = -EACCES;
+ 	if (!file_ns_capable(file, ns, CAP_SYS_ADMIN))
+ 		goto out;
+ 
+ 	/* Only allow a very narrow range of strings to be written */
+ 	ret = -EINVAL;
+ 	if ((*ppos != 0) || (count >= sizeof(kbuf)))
+ 		goto out;
+ 
+ 	/* What was written? */
+ 	ret = -EFAULT;
+ 	if (copy_from_user(kbuf, buf, count))
+ 		goto out;
+ 	kbuf[count] = '\0';
+ 	pos = kbuf;
+ 
+ 	/* What is being requested? */
+ 	ret = -EINVAL;
+ 	if (strncmp(pos, "allow", 5) == 0) {
+ 		pos += 5;
+ 		setgroups_allowed = true;
+ 	}
+ 	else if (strncmp(pos, "deny", 4) == 0) {
+ 		pos += 4;
+ 		setgroups_allowed = false;
+ 	}
+ 	else
+ 		goto out;
+ 
+ 	/* Verify there is not trailing junk on the line */
+ 	pos = skip_spaces(pos);
+ 	if (*pos != '\0')
+ 		goto out;
+ 
+ 	if (setgroups_allowed) {
+ 		ret = -EPERM;
+ 		if (!userns_setgroups_allowed(ns))
+ 			goto out;
+ 	} else {
+ 		userns_disable_setgroups(ns);
+ 	}
+ 
+ 	/* Report a successful write */
+ 	*ppos = count;
+ 	ret = count;
+ out:
+ 	return ret;
+ }
+ 
 -static void *userns_get(struct task_struct *task)
 +static struct ns_common *userns_get(struct task_struct *task)
  {
  	struct user_namespace *user_ns;
  

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* linux-next: manual merge of the userns tree with the vfs tree
@ 2014-12-10  6:21 Stephen Rothwell
  0 siblings, 0 replies; 16+ messages in thread
From: Stephen Rothwell @ 2014-12-10  6:21 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro; +Cc: linux-next, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 1565 bytes --]

Hi Eric,

Today's linux-next merge of the userns tree got conflicts in
include/linux/user_namespace.h and kernel/user.c between commit
435d5f4bb2cc ("common object embedded into various struct ....ns") from
the vfs tree and commit 2b714ea67ed4 ("userns: Add a knob to disable
setgroups on a per user namespace basis") from the userns tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

diff --cc include/linux/user_namespace.h
index 4cf06c140e21,6451c401dcf6..000000000000
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@@ -27,7 -32,8 +33,8 @@@ struct user_namespace 
  	int			level;
  	kuid_t			owner;
  	kgid_t			group;
 -	unsigned int		proc_inum;
 +	struct ns_common	ns;
+ 	unsigned long		flags;
  
  	/* Register of per-UID persistent keyrings for this namespace */
  #ifdef CONFIG_PERSISTENT_KEYRINGS
diff --cc kernel/user.c
index 69b800aebf13,2d09940c9632..000000000000
--- a/kernel/user.c
+++ b/kernel/user.c
@@@ -50,10 -50,8 +50,11 @@@ struct user_namespace init_user_ns = 
  	.count = ATOMIC_INIT(3),
  	.owner = GLOBAL_ROOT_UID,
  	.group = GLOBAL_ROOT_GID,
 -	.proc_inum = PROC_USER_INIT_INO,
 +	.ns.inum = PROC_USER_INIT_INO,
 +#ifdef CONFIG_USER_NS
 +	.ns.ops = &userns_operations,
 +#endif
+ 	.flags = USERNS_INIT_FLAGS,
  #ifdef CONFIG_PERSISTENT_KEYRINGS
  	.persistent_keyring_register_sem =
  	__RWSEM_INITIALIZER(init_user_ns.persistent_keyring_register_sem),

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* linux-next: manual merge of the userns tree with the vfs tree
@ 2013-11-08  6:50 Stephen Rothwell
  0 siblings, 0 replies; 16+ messages in thread
From: Stephen Rothwell @ 2013-11-08  6:50 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro; +Cc: linux-next, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 3836 bytes --]

Hi Eric,

Today's linux-next merge of the userns tree got a conflict in fs/dcache.c
between commit 84550b9356af ("RCU'd vfsmounts") from the vfs tree and
commit 40216baa0101 ("vfs: Lazily remove mounts on unlinked files and
directories. v2") from the userns tree.

I fixed it up (I think - see below) and can carry the fix as necessary
(no action is required).

Al, I do have to wonder why a commit whose whole commit message is:

"RCU'd vfsmounts
    
_very_ preliminary, barely tested."

is in linux-next as is not being kept over for v3.14 at this point.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

diff --cc fs/dcache.c
index 6f418c540f76,1e9bf96b0132..000000000000
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@@ -1362,110 -1478,17 +1362,101 @@@ void shrink_dcache_parent(struct dentr
  }
  EXPORT_SYMBOL(shrink_dcache_parent);
  
 +static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry)
 +{
 +	struct select_data *data = _data;
 +	enum d_walk_ret ret = D_WALK_CONTINUE;
 +
 +	if (dentry->d_lockref.count) {
 +		dentry_lru_del(dentry);
 +		if (likely(!list_empty(&dentry->d_subdirs)))
 +			goto out;
 +		if (dentry == data->start && dentry->d_lockref.count == 1)
 +			goto out;
 +		printk(KERN_ERR
 +		       "BUG: Dentry %p{i=%lx,n=%s}"
 +		       " still in use (%d)"
 +		       " [unmount of %s %s]\n",
 +		       dentry,
 +		       dentry->d_inode ?
 +		       dentry->d_inode->i_ino : 0UL,
 +		       dentry->d_name.name,
 +		       dentry->d_lockref.count,
 +		       dentry->d_sb->s_type->name,
 +		       dentry->d_sb->s_id);
 +		BUG();
 +	} else if (!(dentry->d_flags & DCACHE_SHRINK_LIST)) {
 +		/*
 +		 * We can't use d_lru_shrink_move() because we
 +		 * need to get the global LRU lock and do the
 +		 * LRU accounting.
 +		 */
 +		d_lru_del(dentry);
 +		d_shrink_add(dentry, &data->dispose);
 +		data->found++;
 +		ret = D_WALK_NORETRY;
 +	}
 +out:
 +	if (data->found && need_resched())
 +		ret = D_WALK_QUIT;
 +	return ret;
 +}
 +
 +/*
 + * destroy the dentries attached to a superblock on unmounting
 + */
 +void shrink_dcache_for_umount(struct super_block *sb)
 +{
 +	struct dentry *dentry;
 +
 +	if (down_read_trylock(&sb->s_umount))
 +		BUG();
 +
 +	dentry = sb->s_root;
 +	sb->s_root = NULL;
 +	for (;;) {
 +		struct select_data data;
 +
 +		INIT_LIST_HEAD(&data.dispose);
 +		data.start = dentry;
 +		data.found = 0;
 +
 +		d_walk(dentry, &data, umount_collect, NULL);
 +		if (!data.found)
 +			break;
 +
 +		shrink_dentry_list(&data.dispose);
 +		cond_resched();
 +	}
 +	d_drop(dentry);
 +	dput(dentry);
 +
 +	while (!hlist_bl_empty(&sb->s_anon)) {
 +		struct select_data data;
 +		dentry = hlist_bl_entry(hlist_bl_first(&sb->s_anon), struct dentry, d_hash);
 +
 +		INIT_LIST_HEAD(&data.dispose);
 +		data.start = NULL;
 +		data.found = 0;
 +
 +		d_walk(dentry, &data, umount_collect, NULL);
 +		if (data.found)
 +			shrink_dentry_list(&data.dispose);
 +		cond_resched();
 +	}
 +}
 +
- static enum d_walk_ret check_and_collect(void *_data, struct dentry *dentry)
+ struct detach_data {
+ 	struct dentry *found;
+ };
+ static enum d_walk_ret do_detach_submounts(void *ptr, struct dentry *dentry)
  {
- 	struct select_data *data = _data;
+ 	struct detach_data *data = ptr;
  
- 	if (d_mountpoint(dentry)) {
- 		data->found = -EBUSY;
- 		return D_WALK_QUIT;
- 	}
+ 	if (d_mountpoint(dentry))
+ 		data->found = dentry;
  
- 	return select_collect(_data, dentry);
- }
- 
- static void check_and_drop(void *_data)
- {
- 	struct select_data *data = _data;
- 
- 	if (d_mountpoint(data->start))
- 		data->found = -EBUSY;
- 	if (!data->found)
- 		__d_drop(data->start);
+ 	return data->found ? D_WALK_QUIT : D_WALK_CONTINUE;
  }
  
  /**

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* linux-next: manual merge of the userns tree with the vfs tree
@ 2013-11-08  6:50 Stephen Rothwell
  0 siblings, 0 replies; 16+ messages in thread
From: Stephen Rothwell @ 2013-11-08  6:50 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro; +Cc: linux-next, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 1174 bytes --]

Hi Eric,

Today's linux-next merge of the userns tree got a conflict in fs/mount.h
between commits 84550b9356af ("RCU'd vfsmounts") and 474279dc0f77 ("split
__lookup_mnt() in two functions") from the vfs tree and commit
d7e58b8abc4f ("vfs: Add a function to lazily unmount all mounts from any
dentry. v3") from the userns tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

diff --cc fs/mount.h
index d64c594be6c4,7a6a2bb3f290..000000000000
--- a/fs/mount.h
+++ b/fs/mount.h
@@@ -77,11 -78,9 +79,12 @@@ static inline int is_mounted(struct vfs
  	return !IS_ERR_OR_NULL(real_mount(mnt));
  }
  
 -extern struct mount *__lookup_mnt(struct vfsmount *, struct dentry *, int);
 +extern struct mount *__lookup_mnt(struct vfsmount *, struct dentry *);
 +extern struct mount *__lookup_mnt_last(struct vfsmount *, struct dentry *);
+ extern void detach_mounts(struct dentry *dentry);
  
 +extern bool legitimize_mnt(struct vfsmount *, unsigned);
 +
  static inline void get_mnt_ns(struct mnt_namespace *ns)
  {
  	atomic_inc(&ns->count);

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* linux-next: manual merge of the userns tree with the vfs tree
@ 2013-11-08  6:49 Stephen Rothwell
  0 siblings, 0 replies; 16+ messages in thread
From: Stephen Rothwell @ 2013-11-08  6:49 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro; +Cc: linux-next, linux-kernel, J. Bruce Fields

[-- Attachment #1: Type: text/plain, Size: 2734 bytes --]

Hi Eric,

Today's linux-next merge of the userns tree got a conflict in fs/namei.c
between commits 45b1139e249d ("namei: minor vfs_unlink cleanup"),
0e22d7c4652b ("locks: break delegations on unlink"), 5d375b9f8afb
("locks: helper functions for delegation breaking") and 909b30216356
("locks: break delegations on rename") from the vfs tree and commit
40216baa0101 ("vfs: Lazily remove mounts on unlinked files and
directories. v2") from the userns tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

diff --cc fs/namei.c
index a4a30e396136,a12c1d31d4c8..000000000000
--- a/fs/namei.c
+++ b/fs/namei.c
@@@ -3645,22 -3670,16 +3659,20 @@@ int vfs_unlink(struct inode *dir, struc
  	if (!dir->i_op->unlink)
  		return -EPERM;
  
 -	mutex_lock(&dentry->d_inode->i_mutex);
 +	mutex_lock(&target->i_mutex);
- 	if (d_mountpoint(dentry))
- 		error = -EBUSY;
- 	else {
- 		error = security_inode_unlink(dir, dentry);
+ 	error = security_inode_unlink(dir, dentry);
+ 	if (!error) {
++		error = try_break_deleg(target, delegated_inode);
++		if (error)
++			goto out;
+ 		error = dir->i_op->unlink(dir, dentry);
  		if (!error) {
- 			error = try_break_deleg(target, delegated_inode);
- 			if (error)
- 				goto out;
- 			error = dir->i_op->unlink(dir, dentry);
- 			if (!error)
- 				dont_mount(dentry);
+ 			dont_mount(dentry);
+ 			detach_mounts(dentry);
  		}
  	}
 -	mutex_unlock(&dentry->d_inode->i_mutex);
 +out:
 +	mutex_unlock(&target->i_mutex);
  
  	/* We don't d_delete() NFS sillyrenamed files--they still exist. */
  	if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
@@@ -3708,8 -3726,11 +3720,11 @@@ retry_deleg
  		if (nd.last.name[nd.last.len])
  			goto slashes;
  		inode = dentry->d_inode;
 -		if (!inode)
 +		if (d_is_negative(dentry))
  			goto slashes;
+ 		error = -EBUSY;
+ 		if (covered(nd.path.mnt, dentry))
+ 			goto exit2;
  		ihold(inode);
  		error = security_path_unlink(&nd.path, dentry);
  		if (error)
@@@ -4063,20 -4040,9 +4075,16 @@@ static int vfs_rename_other(struct inod
  		return error;
  
  	dget(new_dentry);
 -	if (target)
 -		mutex_lock(&target->i_mutex);
 +	lock_two_nondirectories(source, target);
  
- 	error = -EBUSY;
- 	if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
- 		goto out;
- 
 +	error = try_break_deleg(source, delegated_inode);
 +	if (error)
 +		goto out;
 +	if (target) {
 +		error = try_break_deleg(target, delegated_inode);
 +		if (error)
 +			goto out;
 +	}
  	error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
  	if (error)
  		goto out;

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* linux-next: manual merge of the userns tree with the vfs tree
@ 2013-11-08  6:49 Stephen Rothwell
  0 siblings, 0 replies; 16+ messages in thread
From: Stephen Rothwell @ 2013-11-08  6:49 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro; +Cc: linux-next, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 1280 bytes --]

Hi Eric,

Today's linux-next merge of the userns tree got a conflict in
fs/namespace.c between commit aba809cf0944 ("namespace.c: get rid of
mnt_ghosts") from the vfs tree and commit 484df667efe9 ("vfs: Keep a list
of mounts on a mount point") from the userns tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

diff --cc fs/namespace.c
index ac2ce8a766e1,78f7c5c9e673..000000000000
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@@ -1207,16 -1193,11 +1212,17 @@@ void umount_tree(struct mount *mnt, in
  		list_del_init(&p->mnt_list);
  		__touch_mnt_namespace(p->mnt_ns);
  		p->mnt_ns = NULL;
 +		if (how < 2)
 +			p->mnt.mnt_flags |= MNT_SYNC_UMOUNT;
  		list_del_init(&p->mnt_child);
  		if (mnt_has_parent(p)) {
 -			p->mnt_parent->mnt_ghosts++;
+ 			list_del_init(&p->mnt_mp_list);
  			put_mountpoint(p->mnt_mp);
 +			/* move the reference to mountpoint into ->mnt_ex_mountpoint */
 +			p->mnt_ex_mountpoint.dentry = p->mnt_mountpoint;
 +			p->mnt_ex_mountpoint.mnt = &p->mnt_parent->mnt;
 +			p->mnt_mountpoint = p->mnt.mnt_root;
 +			p->mnt_parent = p;
  			p->mnt_mp = NULL;
  		}
  		change_mnt_propagation(p, MS_PRIVATE);

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

end of thread, other threads:[~2018-08-06 17:35 UTC | newest]

Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-20  2:39 linux-next: manual merge of the userns tree with the vfs tree Stephen Rothwell
2018-08-06  7:50 ` Stephen Rothwell
2018-08-06 17:35   ` Eric W. Biederman
  -- strict thread matches above, loose matches on Subject: below --
2018-06-20  1:44 Stephen Rothwell
2018-06-20  3:31 ` Stephen Rothwell
2018-06-19  4:56 Stephen Rothwell
2018-06-19 10:11 ` Eric W. Biederman
2015-05-25  9:49 Stephen Rothwell
2014-12-16  3:21 Stephen Rothwell
2014-12-16  4:40 ` Eric W. Biederman
2014-12-10  6:27 Stephen Rothwell
2014-12-10  6:21 Stephen Rothwell
2013-11-08  6:50 Stephen Rothwell
2013-11-08  6:50 Stephen Rothwell
2013-11-08  6:49 Stephen Rothwell
2013-11-08  6:49 Stephen Rothwell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).