• Linus Torvalds's avatar
    Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace · 8f502d5b
    Linus Torvalds authored
    Pull usernamespace mount fixes from Eric Biederman:
     "Way back in October Andrey Vagin reported that umount(MNT_DETACH)
      could be used to defeat MNT_LOCKED.  As I worked to fix this I
      discovered that combined with mount propagation and an appropriate
      selection of shared subtrees a reference to a directory on an
      unmounted filesystem is not necessary.
      That MNT_DETACH is allowed in user namespace in a form that can break
      MNT_LOCKED comes from my early misunderstanding what MNT_DETACH does.
      To avoid breaking existing userspace the conflict between MNT_DETACH
      and MNT_LOCKED is fixed by leaving mounts that are locked to their
      parents in the mount hash table until the last reference goes away.
      While investigating this issue I also found an issue with
      __detach_mounts.  The code was unnecessarily and incorrectly
      triggering mount propagation.  Resulting in too many mounts going away
      when a directory is deleted, and too many cpu cycles are burned while
      doing that.
      Looking some more I realized that __detach_mounts by only keeping
      mounts connected that were MNT_LOCKED it had the potential to still
      leak information so I tweaked the code to keep everything locked
      together that possibly could be.
      This code was almost ready last cycle but Al invented fs_pin which
      slightly simplifies this code but required rewrites and retesting, and
      I have not been in top form for a while so it took me a while to get
      all of that done.  Similiarly this pull request is late because I have
      been feeling absolutely miserable all week.
      The issue of being able to escape a bind mount has not yet been
      addressed, as the fixes are not yet mature"
    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
      mnt: Update detach_mounts to leave mounts connected
      mnt: Fix the error check in __detach_mounts
      mnt: Honor MNT_LOCKED when detaching mounts
      fs_pin: Allow for the possibility that m_list or s_list go unused.
      mnt: Factor umount_mnt from umount_tree
      mnt: Factor out unhash_mnt from detach_mnt and umount_tree
      mnt: Fail collect_mounts when applied to unmounted mounts
      mnt: Don't propagate unmounts to locked mounts
      mnt: On an unmount propagate clearing of MNT_LOCKED
      mnt: Delay removal from the mount hash.
      mnt: Add MNT_UMOUNT flag
      mnt: In umount_tree reuse mnt_list instead of mnt_hash
      mnt: Don't propagate umounts in __detach_mounts
      mnt: Improve the umount_tree flags
      mnt: Use hlist_move_list in namespace_unlock
mount.h 3 KB