[GIT PULL] vfs mount

[Christian Brauner <brauner@kernel.org>]

Hey Linus,

/* Summary */

Recently, we added the ability to list mounts in other mount namespaces
and the ability to retrieve namespace file descriptors without having to
go through procfs by deriving them from pidfds.

This extends nsfs in two ways:

(1) Add the ability to retrieve information about a mount namespace via
    NS_MNT_GET_INFO. This will return the mount namespace id and the
    number of mounts currently in the mount namespace. The number of
    mounts can be used to size the buffer that needs to be used for
    listmount() and is in general useful without having to actually
    iterate through all the mounts.

    The structure is extensible.

(2) Add the ability to iterate through all mount namespaces over which
    the caller holds privilege returning the file descriptor for the
    next or previous mount namespace.

    To retrieve a mount namespace the caller must be privileged wrt to
    it's owning user namespace. This means that PID 1 on the host can
    list all mounts in all mount namespaces or that a container can list
    all mounts of its nested containers.

    Optionally pass a structure for NS_MNT_GET_INFO with
    NS_MNT_GET_{PREV,NEXT} to retrieve information about the mount
    namespace in one go.

(1) and (2) can be implemented for other namespace types easily.

Together with recent api additions this means one can iterate through
all mounts in all mount namespaces without ever touching procfs. The
merge message contains example code how to do this.

/* Testing */

gcc version 14.2.0 (Debian 14.2.0-3)
Debian clang version 16.0.6 (27+b1)

All patches are based on v6.11-rc1 and have been sitting in linux-next.
No build failures or warnings were observed.

/* Conflicts */

Merge conflicts with mainline
=============================

No known conflicts.

Merge conflicts with other trees
================================

(1) linux-next: build failure after merge of the bpf-next tree
    https://lore.kernel.org/r/20240913133240.066ae790@canb.auug.org.au

    The reported merge conflict isn't really with bpf-next but with the
    series to convert to fd_file() accessors for the changed struct fd
    representation.

    The patch you need to fix this however is correct in that draft. But
    honestly, it's pretty easy for you to figure out on your own anyway.

The following changes since commit 8400291e289ee6b2bf9779ff1c83a291501f017b:

  Linux 6.11-rc1 (2024-07-28 14:19:55 -0700)

are available in the Git repository at:

  git@gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-6.12.mount

for you to fetch changes up to 49224a345c488a0e176f193a60a2a76e82349e3e:

  Merge patch series "nsfs: iterate through mount namespaces" (2024-08-09 12:47:05 +0200)

Please consider pulling these changes from the signed vfs-6.12.mount tag.

Thanks!
Christian

----------------------------------------------------------------
vfs-6.12.mount

----------------------------------------------------------------
Christian Brauner (5):
      fs: allow mount namespace fd
      fs: add put_mnt_ns() cleanup helper
      file: add fput() cleanup helper
      nsfs: iterate through mount namespaces
      Merge patch series "nsfs: iterate through mount namespaces"

 fs/mount.h                    |  13 ++++++
 fs/namespace.c                |  74 +++++++++++++++++++++++++-----
 fs/nsfs.c                     | 102 +++++++++++++++++++++++++++++++++++++++++-
 include/linux/file.h          |   2 +
 include/linux/mnt_namespace.h |   4 ++
 include/uapi/linux/nsfs.h     |  16 +++++++
 6 files changed, 198 insertions(+), 13 deletions(-)