From: Valerie Aurora <vaurora@redhat.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: viro@zeniv.linux.org.uk, hch@infradead.org, agruen@suse.de,
npiggin@kernel.dk, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 23/34] union-mount: Prevent topmost file system from being mounted elsewhere
Date: Thu, 30 Sep 2010 17:47:16 -0400 [thread overview]
Message-ID: <20100930214716.GC490@shell> (raw)
In-Reply-To: <E1P1FaG-0001wr-Nn@pomaz-ex.szeredi.hu>
On Thu, Sep 30, 2010 at 11:37:48AM +0200, Miklos Szeredi wrote:
> On Thu, 16 Sep 2010, Valerie Aurora wrote:
> > The device underlying the topmost read-write layer of a file system
> > cannot be mounted anywhere else on the system. We keep a pointer to
> > the union stack in the dentry of the topmost directory, so that dentry
> > can't be part of a different mount, since dentries are shared between
> > different mounts of the same device.
> >
> > Signed-off-by: Valerie Aurora <vaurora@redhat.com>
> > ---
> > fs/namespace.c | 5 +++++
> > 1 files changed, 5 insertions(+), 0 deletions(-)
> >
> > diff --git a/fs/namespace.c b/fs/namespace.c
> > index 61256e6..26efaf3 100644
> > --- a/fs/namespace.c
> > +++ b/fs/namespace.c
> > @@ -1998,6 +1998,11 @@ int do_add_mount(struct vfsmount *newmnt, struct path *path,
> > if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
> > goto unlock;
> >
> > + /* Top layers of union mounts can't be mounted elsewhere */
> > + err = -EBUSY;
> > + if (newmnt->mnt_sb->s_union_lower_mnts)
> > + goto unlock;
> > +
>
> This is insufficient: the super block may be mounted elsewhere later.
> And no, preventing bind mounts is not enough.
My mistake, that's a bug in the comment/commit message - s/mount/union
mount/. The patch that prevents not-union mounts is:
union-mount: Create check_topmost_union_mnt()
check_topmost_union_mnt() checks that the topmost layer of a proposed
union mount is read-write, supports fallthrus and whiteouts, and isn't
mounted elsewhere.
And the patch that prevents bind mounts is:
union-mount: Prevent bind mounts of union mounts
Prevent bind mounts of parts of union mounts.
XXX - Bind mounting parts of union mounts is probably easy to
implement, but requires some careful thought about corner cases,
extensive testing, and some refactoring of the code.
If you see any problems in those patches, I'd appreciate the comment.
> BTW, what about CLONE_NEWNS? I think it's a rather big limitation if
> that doesn't work...
Great segue - I think the same code will make both CLONE_NEWNS and
bind mounts work. We can allow multiple mounts of a union if it's the
exact same stack in each mount. I will work on this.
-VAL
next prev parent reply other threads:[~2010-09-30 21:47 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-16 22:11 [PATCH 00/34] Union mount core for review Valerie Aurora
2010-09-16 22:11 ` [PATCH 01/34] VFS: Make clone_mnt() and copy_tree() return error codes Valerie Aurora
2010-09-20 21:26 ` Andreas Gruenbacher
2010-09-21 18:53 ` Valerie Aurora
2010-09-30 9:51 ` Miklos Szeredi
2010-09-30 21:41 ` Valerie Aurora
2010-09-30 21:44 ` Valerie Aurora
2010-10-01 0:33 ` Ram Pai
2010-10-01 1:58 ` Ram Pai
2010-10-01 9:12 ` Szeredi Miklos
2010-10-01 18:32 ` Ram Pai
2010-10-06 18:24 ` Valerie Aurora
2010-10-12 7:41 ` Ram Pai
2010-10-06 18:31 ` Valerie Aurora
2010-10-07 9:42 ` Miklos Szeredi
2010-09-16 22:11 ` [PATCH 02/34] VFS: Add CL_NO_SHARED flag to clone_mnt()/copy_tree() Valerie Aurora
2010-09-16 22:11 ` [PATCH 03/34] VFS: Add CL_NO_SLAVE " Valerie Aurora
[not found] ` <AANLkTim1bbGrrPcFHThx3XOm8GmudQFSmFUs3NAXT5yC@mail.gmail.com>
2010-09-17 4:34 ` Ram Pai
2010-09-17 17:15 ` Valerie Aurora
2010-09-20 5:25 ` Ram Pai
2010-09-21 0:03 ` Valerie Aurora
2010-09-27 5:42 ` Ram Pai
2010-09-27 18:50 ` Valerie Aurora
2010-10-01 0:44 ` Ram Pai
2010-09-16 22:11 ` [PATCH 04/34] VFS: Add CL_MAKE_HARD_READONLY " Valerie Aurora
2010-09-16 22:11 ` [PATCH 05/34] union-mount: Union mounts documentation Valerie Aurora
2010-09-16 22:11 ` [PATCH 06/34] union-mount: Introduce MNT_UNION and MS_UNION flags Valerie Aurora
2010-09-16 22:11 ` [PATCH 07/34] union-mount: Add CONFIG_UNION_MOUNT option Valerie Aurora
2010-09-16 22:11 ` [PATCH 08/34] union-mount: Create union_stack structure Valerie Aurora
2010-09-16 22:12 ` [PATCH 09/34] union-mount: Add two superblock fields for union mounts Valerie Aurora
2010-09-16 22:12 ` [PATCH 10/34] union-mount: Add union_alloc() Valerie Aurora
2010-09-16 22:12 ` [PATCH 11/34] union-mount: Add union_find_dir() Valerie Aurora
2010-09-16 22:12 ` [PATCH 12/34] union-mount: Create d_free_unions() Valerie Aurora
2010-09-16 22:12 ` [PATCH 13/34] union-mount: Free union stack on removal of topmost dentry from dcache Valerie Aurora
2010-09-16 22:12 ` [PATCH 14/34] union-mount: Create union_add_dir() Valerie Aurora
2010-09-16 22:12 ` [PATCH 15/34] union-mount: Add union_create_topmost_dir() Valerie Aurora
2010-09-16 22:12 ` [PATCH 16/34] union-mount: Create IS_MNT_UNION() Valerie Aurora
2010-09-16 22:12 ` [PATCH 17/34] union-mount: Create needs_lookup_union() Valerie Aurora
2010-09-16 22:12 ` [PATCH 18/34] union-mount: Create check_topmost_union_mnt() Valerie Aurora
2010-09-16 22:12 ` [PATCH 19/34] union-mount: Add clone_union_tree() and put_union_sb() Valerie Aurora
2010-09-16 22:12 ` [PATCH 20/34] union-mount: Create build_root_union() Valerie Aurora
2010-09-16 22:12 ` [PATCH 21/34] union-mount: Create prepare_mnt_union() and cleanup_mnt_union() Valerie Aurora
2010-09-16 22:12 ` [PATCH 22/34] union-mount: Prevent improper union-related remounts Valerie Aurora
2010-09-16 22:12 ` [PATCH 23/34] union-mount: Prevent topmost file system from being mounted elsewhere Valerie Aurora
2010-09-30 9:37 ` Miklos Szeredi
2010-09-30 21:47 ` Valerie Aurora [this message]
2010-09-16 22:12 ` [PATCH 24/34] union-mount: Prevent bind mounts of union mounts Valerie Aurora
2010-09-16 22:12 ` [PATCH 25/34] union-mount: Implement union mount Valerie Aurora
2010-09-16 22:12 ` [PATCH 26/34] union-mount: Temporarily disable some syscalls Valerie Aurora
2010-09-16 22:12 ` [PATCH 27/34] union-mount: Basic infrastructure of __union_lookup() Valerie Aurora
2010-09-16 22:12 ` [PATCH 28/34] union-mount: Process negative dentries in __union_lookup() Valerie Aurora
2010-09-16 22:12 ` [PATCH 29/34] union-mount: Return files found in lower layers " Valerie Aurora
2010-09-16 22:12 ` [PATCH 30/34] union-mount: Build union stack in __lookup_union() Valerie Aurora
2010-09-16 22:12 ` [PATCH 31/34] union-mount: Follow mount " Valerie Aurora
2010-09-16 22:12 ` [PATCH 32/34] union-mount: Add lookup_union() wrapper for __lookup_union() Valerie Aurora
2010-09-16 22:12 ` [PATCH 33/34] union-mount: Add do_lookup_union() " Valerie Aurora
2010-09-16 22:12 ` [PATCH 34/34] union-mount: Call union lookup functions in lookup path Valerie Aurora
2010-09-21 0:02 ` [PATCH -1/34] VFS: Add hard read-only users count to superblock Valerie Aurora
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100930214716.GC490@shell \
--to=vaurora@redhat.com \
--cc=agruen@suse.de \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=npiggin@kernel.dk \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).