Patch "mnt: Update fs_fully_visible to test for permanently empty directories" has been added to the 4.1-stable tree

[<gregkh@linuxfoundation.org>]

This is a note to let you know that I've just added the patch titled

    mnt: Update fs_fully_visible to test for permanently empty directories

to the 4.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     mnt-update-fs_fully_visible-to-test-for-permanently-empty-directories.patch
and it can be found in the queue-4.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 7236c85e1be51a9e25ba0f6e087a66ca89605a49 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Wed, 13 May 2015 20:51:09 -0500
Subject: mnt: Update fs_fully_visible to test for permanently empty directories

From: "Eric W. Biederman" <ebiederm@xmission.com>

commit 7236c85e1be51a9e25ba0f6e087a66ca89605a49 upstream.

fs_fully_visible attempts to make fresh mounts of proc and sysfs give
the mounter no more access to proc and sysfs than if they could have
by creating a bind mount.  One aspect of proc and sysfs that makes
this particularly tricky is that there are other filesystems that
typically mount on top of proc and sysfs.  As those filesystems are
mounted on empty directories in practice it is safe to ignore them.
However testing to ensure filesystems are mounted on empty directories
has not been something the in kernel data structures have supported so
the current test for an empty directory which checks to see
if nlink <= 2 is a bit lacking.

proc and sysfs have recently been modified to use the new empty_dir
infrastructure to create all of their dedicated mount points.  Instead
of testing for S_ISDIR(inode->i_mode) && i_nlink <= 2 to see if a
directory is empty, test for is_empty_dir_inode(inode).  That small
change guaranteess mounts found on proc and sysfs really are safe to
ignore, because the directories are not only empty but nothing can
ever be added to them.  This guarantees there is nothing to worry
about when mounting proc and sysfs.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/namespace.c |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3194,9 +3194,8 @@ bool fs_fully_visible(struct file_system
 			/* Only worry about locked mounts */
 			if (!(mnt->mnt.mnt_flags & MNT_LOCKED))
 				continue;
-			if (!S_ISDIR(inode->i_mode))
-				goto next;
-			if (inode->i_nlink > 2)
+			/* Is the directory permanetly empty? */
+			if (!is_empty_dir_inode(inode))
 				goto next;
 		}
 		visible = true;


Patches currently in stable-queue which might be from ebiederm@xmission.com are

queue-4.1/sysfs-create-mountpoints-with-sysfs_create_mount_point.patch
queue-4.1/sysfs-add-support-for-permanently-empty-directories-to-serve-as-mount-points.patch
queue-4.1/mnt-update-fs_fully_visible-to-test-for-permanently-empty-directories.patch
queue-4.1/mnt-refactor-the-logic-for-mounting-sysfs-and-proc-in-a-user-namespace.patch
queue-4.1/mnt-modify-fs_fully_visible-to-deal-with-locked-ro-nodev-and-atime.patch
queue-4.1/fs-add-helper-functions-for-permanently-empty-directories.patch
queue-4.1/sysctl-allow-creating-permanently-empty-directories-that-serve-as-mountpoints.patch
queue-4.1/kernfs-add-support-for-always-empty-directories.patch
queue-4.1/proc-allow-creating-permanently-empty-directories-that-serve-as-mount-points.patch