| Message ID | 1460736438-44967-1-git-send-email-seth.forshee@canonical.com |
|---|---|
| State | New |
| Headers | show |
On 04/15/2016 09:07 AM, Seth Forshee wrote: > BugLink: http://bugs.launchpad.net/bugs/1570906 > > Two kernfs-based filesystems are currently mountable from > non-init user namespaces, sysfs and cgroupfs. Both of these have > use cases which end up attempting to mount the same superblock > from different user namespaces, but sget() no longer allows this > so these mount attempts will fail. > > Update kernfs_test_super() to return false whenever s_user_ns is > not the current user namespace, resulting in a new super block > being allocated for these mounts. kernfs, sysfs, and cgroupfs are > all equipped to handle this situation. > > Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Tested-by: Tycho Andersen <tycho.andersen@canonical.com> Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com> > --- > fs/kernfs/mount.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c > index 9f05c5a..6d178f2 100644 > --- a/fs/kernfs/mount.c > +++ b/fs/kernfs/mount.c > @@ -171,7 +171,8 @@ static int kernfs_test_super(struct super_block *sb, void *data) > struct kernfs_super_info *sb_info = kernfs_info(sb); > struct kernfs_super_info *info = data; > > - return sb_info->root == info->root && sb_info->ns == info->ns; > + return sb_info->root == info->root && sb_info->ns == info->ns && > + sb->s_user_ns == current_user_ns(); > } > > static int kernfs_set_super(struct super_block *sb, void *data) >
diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c index 9f05c5a..6d178f2 100644 --- a/fs/kernfs/mount.c +++ b/fs/kernfs/mount.c @@ -171,7 +171,8 @@ static int kernfs_test_super(struct super_block *sb, void *data) struct kernfs_super_info *sb_info = kernfs_info(sb); struct kernfs_super_info *info = data; - return sb_info->root == info->root && sb_info->ns == info->ns; + return sb_info->root == info->root && sb_info->ns == info->ns && + sb->s_user_ns == current_user_ns(); } static int kernfs_set_super(struct super_block *sb, void *data)
BugLink: http://bugs.launchpad.net/bugs/1570906 Two kernfs-based filesystems are currently mountable from non-init user namespaces, sysfs and cgroupfs. Both of these have use cases which end up attempting to mount the same superblock from different user namespaces, but sget() no longer allows this so these mount attempts will fail. Update kernfs_test_super() to return false whenever s_user_ns is not the current user namespace, resulting in a new super block being allocated for these mounts. kernfs, sysfs, and cgroupfs are all equipped to handle this situation. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> --- fs/kernfs/mount.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)