[patch 0/2] r/o bind mount fixes for 2.6.23-mm1

[patch 0/2] r/o bind mount fixes for 2.6.23-mm1

[Jan Blunck]

Here are two small patches for 2.6.23-mm1 that fix some issues with the r/o
bind mount code. Besides that, I can see that you handle files opened by
dentry_open() somewhere. Nevertheless this files are also fput'ed later.

Regards,
Jan

-- 

[patch 1/2] r/o bind mounts: Dont touch the vfsmount after path_put()

[Jan Blunck]

[-- Attachment #1: vfs/r-o-af_unix-bind-mnt_drop_write-fix.diff --]
[-- Type: text/plain, Size: 630 bytes --]

mnt_drop_write() is called after releasing the reference to the path with
path_put().

Signed-off-by: Jan Blunck <jblunck@suse.de>
---
 net/unix/af_unix.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: b/net/unix/af_unix.c
===================================================================
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -752,8 +752,8 @@ static struct sock *unix_find_other(stru
 		if (u->sk_type == type)
 			touch_atime(nd.path.mnt, nd.path.dentry);
 
-		path_put(&nd.path);
 		mnt_drop_write(nd.path.mnt);
+		path_put(&nd.path);
 
 		err=-EPROTOTYPE;
 		if (u->sk_type != type) {

-- 

[patch 2/2] r/o bind mounts: Accept passing a mnt NULL pointer to mnt_drop_write()

[Jan Blunck]

[-- Attachment #1: vfs/r-o-bind-mnt_drop_write-mnt-NULL-fix.diff --]
[-- Type: text/plain, Size: 613 bytes --]

In case of somebody opens a file with dentry_open(dentry, NULL, ...) we don't
want to stumble on the NULL pointer mnt in struct file.

Signed-off-by: Jan Blunck <jblunck@suse.de>
---
 fs/namespace.c |    3 +++
 1 file changed, 3 insertions(+)

Index: b/fs/namespace.c
===================================================================
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -253,6 +253,9 @@ void mnt_drop_write(struct vfsmount *mnt
 	int must_check_underflow = 0;
 	struct mnt_writer *cpu_writer;
 
+	if (!mnt)
+		return;
+
 	cpu_writer = &get_cpu_var(mnt_writers);
 	spin_lock(&cpu_writer->lock);
 

-- 

Re: [patch 1/2] r/o bind mounts: Dont touch the vfsmount after path_put()

[Dave Hansen]

On Fri, 2007-10-12 at 17:50 +0200, Jan Blunck wrote:
> plain text document attachment (vfs)
> mnt_drop_write() is called after releasing the reference to the path with
> path_put().
> 
> Signed-off-by: Jan Blunck <jblunck@suse.de>

Ugh.  Yeah.  Thanks for finding that.

Acked-by: Dave Hansen <haveblue@us.ibm.com>

-- Dave

Re: [patch 2/2] r/o bind mounts: Accept passing a mnt NULL pointer to mnt_drop_write()

[Dave Hansen]

On Fri, 2007-10-12 at 17:50 +0200, Jan Blunck wrote:
> In case of somebody opens a file with dentry_open(dentry, NULL, ...) we don't
> want to stumble on the NULL pointer mnt in struct file. 
...
> +++ b/fs/namespace.c
> @@ -253,6 +253,9 @@ void mnt_drop_write(struct vfsmount *mnt
>         int must_check_underflow = 0;
>         struct mnt_writer *cpu_writer;
> 
> +       if (!mnt)
> +               return;

I kinda wish we'd fix these in the callers.  I know we do something
similar to this with mntput(), but I worry a bit that this just
discourages people from using the right interfaces.

Do you have a case where we're actually getting a NULL mount in here?
We had at least one in reiser4 that really revealed some nastiness in
the fs that needed fixing.

-- Dave

Re: [patch 2/2] r/o bind mounts: Accept passing a mnt NULL pointer to mnt_drop_write()

[Christoph Hellwig]

On Fri, Oct 12, 2007 at 05:50:21PM +0200, Jan Blunck wrote:
> In case of somebody opens a file with dentry_open(dentry, NULL, ...) we don't
> want to stumble on the NULL pointer mnt in struct file.

We should just not allow a NULL vfsmount in dentry_open.  Dave and I have
fixes for reiserfs, and I'll look at the uml use.