From: Al Viro <viro@zeniv.linux.org.uk>
To: linux-fsdevel@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>
Subject: [PATCHES][CFR] vfs fixes
Date: Wed, 4 Jun 2025 00:15:00 +0100 [thread overview]
Message-ID: <20250603231500.GC299672@ZenIV> (raw)
Fixes for assorted bugs caught by struct mount audit.
This stuff sits in
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #fixes
Please, review; I'm going to push those to Linus in a few days.
Individual patches in followups.
1) fs/fhandle.c: fix a race in call of has_locked_children()
traversing the list of children without mount_lock; oopsable,
present since v6.11.
2) path_overmount(): avoid false negatives
namespace_sem is not enough to prevent false negatives from
__lookup_mnt(); rcu_read_lock() makes it memory-safe, but mount_lock
seqretry is needed for valid result. Present since _way_ back -
predates path_overmount(), actually. Originally introduced in v5.7
3) finish_automount(): don't leak MNT_LOCKED from parent to child
MNT_LOCKED is incompatible with MNT_SHRINKABLE and such
combinations had been prevented from the very beginning; unfortunately,
one case got missed - automount triggered within an MNT_LOCKED mount.
Goes all the way back to v3.12...
4) fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2)
In case when old mount both receives and transmits mount events,
do_set_group() end up corrupting the data structures. Introduced in
v5.15
5) fs: allow clone_private_mount() for a path on real rootfs
v6.15 introduced a way to use locations in detached
trees as overlayfs layers; unfortunately, the way it had
been done ended up breaking something that used to be allowed -
using locations on initramfs as overlayfs layers. Turns out
that people really used such setups...
next reply other threads:[~2025-06-03 23:15 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-03 23:15 Al Viro [this message]
2025-06-03 23:16 ` [PATCH 1/5] fs/fhandle.c: fix a race in call of has_locked_children() Al Viro
2025-06-04 7:37 ` Christian Brauner
2025-06-04 11:57 ` Jeff Layton
2025-06-03 23:17 ` [PATCH 2/5] path_overmount(): avoid false negatives Al Viro
2025-06-04 7:38 ` Christian Brauner
2025-06-03 23:18 ` [PATCH 3/5] finish_automount(): don't leak MNT_LOCKED from parent to child Al Viro
2025-06-04 7:39 ` Christian Brauner
2025-06-03 23:19 ` [PATCH 4/5] fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) Al Viro
2025-06-04 7:39 ` Christian Brauner
2025-06-03 23:20 ` [PATCH 5/5] fs: allow clone_private_mount() for a path on real rootfs Al Viro
2025-06-04 7:40 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250603231500.GC299672@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.