Re: [PATCH 1/2] mount: fix detached mount regression

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Al Viro <viro@zeniv.linux.org.uk>
To: Christian Brauner <brauner@kernel.org>
Cc: linux-fsdevel@vger.kernel.org, Miklos Szeredi <miklos@szeredi.hu>,
	Jan Kara <jack@suse.cz>, Allison Karlitskaya <lis@redhat.com>
Subject: Re: [PATCH 1/2] mount: fix detached mount regression
Date: Fri, 6 Jun 2025 05:54:41 +0100	[thread overview]
Message-ID: <20250606045441.GS299672@ZenIV> (raw)
In-Reply-To: <20250605-work-mount-regression-v1-1-60c89f4f4cf5@kernel.org>

On Thu, Jun 05, 2025 at 02:50:53PM +0200, Christian Brauner wrote:
> When we disabled mount propagation into detached trees again this
> accidently broke mounting detached mount trees onto other detached mount
> trees. The mount_setattr_tests selftests fail and Allison reported it as
> well. Fix the regression.
> 
> Fixes: 3b5260d12b1f ("Don't propagate mounts into detached trees")
> Reported-by: Allison Karlitskaya <lis@redhat.com>
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
>  fs/namespace.c | 28 ++++++++++++++--------------
>  1 file changed, 14 insertions(+), 14 deletions(-)
> 
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 2f2e93927f46..cc08eab031db 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -3634,22 +3634,22 @@ static int do_move_mount(struct path *old_path,
>  	if (!(attached ? check_mnt(old) : is_anon_ns(ns)))
>  		goto out;
>  
> -	if (is_anon_ns(ns) && ns == p->mnt_ns) {
> -		/*
> -		 * Ending up with two files referring to the root of the
> -		 * same anonymous mount namespace would cause an error
> -		 * as this would mean trying to move the same mount
> -		 * twice into the mount tree which would be rejected
> -		 * later. But be explicit about it right here.
> -		 */
> +	/*
> +	 * Ending up with two files referring to the root of the
> +	 * as this would mean trying to move the same mount
> +	 * twice into the mount tree which would be rejected
> +	 * later. But be explicit about it right here.
> +	 */
> +	if (is_anon_ns(ns) && ns == p->mnt_ns)
>  		goto out;
> -	} else if (is_anon_ns(p->mnt_ns)) {
> -		/*
> -		 * Don't allow moving an attached mount tree to an
> -		 * anonymous mount tree.
> -		 */
> +
> +	/*
> +	 * Don't allow moving an attached mount tree to an
> +	 * anonymous mount tree.
> +	 */
> +	if (!is_anon_ns(ns) && is_anon_ns(p->mnt_ns))
>  		goto out;

UGH...

This is much too convoluted.  How about this:

        /* The thing moved must be mounted... */
	if (!is_mounted(&old->mnt))
		goto out;

	/* ... and either ours or the root of anon namespace */
	if (check_mnt(old)) {
		/* should be detachable from parent */
		if (!mnt_has_parent(old) || IS_MNT_LOCKED(old))
			goto out;
		/* target should be ours */
		if (!check_mount(p))
			goto out;
	} else {
		if (!is_anon_ns(ns) || mnt_has_parent(old))
			goto out;
		/* not into the same anon ns - bail early in that case */
		if (p->mnt_ns == ns)
			goto out;
		/* target should be ours or in an acceptable anon */
		if (!may_use_mount(p))
			goto out;
	}

Would that work for all cases?

next prev parent reply	other threads:[~2025-06-06  4:54 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-05 12:50 [PATCH 0/2] mount: fix detached mount regression Christian Brauner
2025-06-05 12:50 ` [PATCH 1/2] " Christian Brauner
2025-06-06  4:54   ` Al Viro [this message]
2025-06-06  5:14     ` Al Viro
2025-06-06  7:01       ` Al Viro
2025-06-06  7:58         ` Christian Brauner
2025-06-06 17:45           ` Al Viro
2025-06-07  5:20             ` Al Viro
2025-06-11  9:36               ` Christian Brauner
2025-06-11 17:29                 ` Al Viro
2025-06-12 12:16                   ` Christian Brauner
2025-06-05 12:50 ` [PATCH 2/2] selftests/mount_setattr: adapt detached mount propagation test Christian Brauner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250606045441.GS299672@ZenIV \
    --to=viro@zeniv.linux.org.uk \
    --cc=brauner@kernel.org \
    --cc=jack@suse.cz \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=lis@redhat.com \
    --cc=miklos@szeredi.hu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.