diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2012-09-21 08:19:02 -0400 |
|---|---|---|
| committer | Ziyan <jaraidaniel@gmail.com> | 2016-04-03 14:55:52 +0200 |
| commit | 544fa45ee11c022960ad0a23cc78f27b48af891f (patch) | |
| tree | 3d42c02d253bf16b2132c99c3b22010efc7d15ed /fs | |
| parent | d850b9a178a8d6aba2bc0efd09bd9b9a173b277e (diff) | |
| download | kernel_samsung_tuna-544fa45ee11c022960ad0a23cc78f27b48af891f.zip kernel_samsung_tuna-544fa45ee11c022960ad0a23cc78f27b48af891f.tar.gz kernel_samsung_tuna-544fa45ee11c022960ad0a23cc78f27b48af891f.tar.bz2 | |
do_add_mount()/umount -l races
normally we deal with lock_mount()/umount races by checking that
mountpoint to be is still in our namespace after lock_mount() has
been done. However, do_add_mount() skips that check when called
with MNT_SHRINKABLE in flags (i.e. from finish_automount()). The
reason is that ->mnt_ns may be a temporary namespace created exactly
to contain automounts a-la NFS4 referral handling. It's not the
namespace of the caller, though, so check_mnt() would fail here.
We still need to check that ->mnt_ns is non-NULL in that case,
though.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit 156cacb1d0d36b0d0582d9e798e58e0044f516b3)
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/namespace.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index 7df8bf9..99a9f80 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1996,8 +1996,14 @@ static int do_add_mount(struct vfsmount *newmnt, struct path *path, int mnt_flag return err; err = -EINVAL; - if (!(mnt_flags & MNT_SHRINKABLE) && !check_mnt(path->mnt)) - goto unlock; + if (unlikely(!check_mnt(path->mnt))) { + /* that's acceptable only for automounts done in private ns */ + if (!(mnt_flags & MNT_SHRINKABLE)) + goto unlock; + /* ... and for those we'd better have mountpoint still alive */ + if (!path->mnt->mnt_ns) + goto unlock; + } /* Refuse the same filesystem on the same mount point */ err = -EBUSY; |