1 /* 2 * linux/fs/namespace.c 3 * 4 * (C) Copyright Al Viro 2000, 2001 5 * Released under GPL v2. 6 * 7 * Based on code from fs/super.c, copyright Linus Torvalds and others. 8 * Heavily rewritten. 9 */ 10 11 #include <linux/syscalls.h> 12 #include <linux/slab.h> 13 #include <linux/sched.h> 14 #include <linux/smp_lock.h> 15 #include <linux/init.h> 16 #include <linux/kernel.h> 17 #include <linux/acct.h> 18 #include <linux/capability.h> 19 #include <linux/cpumask.h> 20 #include <linux/module.h> 21 #include <linux/sysfs.h> 22 #include <linux/seq_file.h> 23 #include <linux/mnt_namespace.h> 24 #include <linux/namei.h> 25 #include <linux/nsproxy.h> 26 #include <linux/security.h> 27 #include <linux/mount.h> 28 #include <linux/ramfs.h> 29 #include <linux/log2.h> 30 #include <linux/idr.h> 31 #include <linux/fs_struct.h> 32 #include <asm/uaccess.h> 33 #include <asm/unistd.h> 34 #include "pnode.h" 35 #include "internal.h" 36 37 #define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head)) 38 #define HASH_SIZE (1UL << HASH_SHIFT) 39 40 /* spinlock for vfsmount related operations, inplace of dcache_lock */ 41 __cacheline_aligned_in_smp DEFINE_SPINLOCK(vfsmount_lock); 42 43 static int event; 44 static DEFINE_IDA(mnt_id_ida); 45 static DEFINE_IDA(mnt_group_ida); 46 static int mnt_id_start = 0; 47 static int mnt_group_start = 1; 48 49 static struct list_head *mount_hashtable __read_mostly; 50 static struct kmem_cache *mnt_cache __read_mostly; 51 static struct rw_semaphore namespace_sem; 52 53 /* /sys/fs */ 54 struct kobject *fs_kobj; 55 EXPORT_SYMBOL_GPL(fs_kobj); 56 57 static inline unsigned long hash(struct vfsmount *mnt, struct dentry *dentry) 58 { 59 unsigned long tmp = ((unsigned long)mnt / L1_CACHE_BYTES); 60 tmp += ((unsigned long)dentry / L1_CACHE_BYTES); 61 tmp = tmp + (tmp >> HASH_SHIFT); 62 return tmp & (HASH_SIZE - 1); 63 } 64 65 #define MNT_WRITER_UNDERFLOW_LIMIT -(1<<16) 66 67 /* allocation is serialized by namespace_sem */ 68 static int mnt_alloc_id(struct vfsmount *mnt) 69 { 70 int res; 71 72 retry: 73 ida_pre_get(&mnt_id_ida, GFP_KERNEL); 74 spin_lock(&vfsmount_lock); 75 res = ida_get_new_above(&mnt_id_ida, mnt_id_start, &mnt->mnt_id); 76 if (!res) 77 mnt_id_start = mnt->mnt_id + 1; 78 spin_unlock(&vfsmount_lock); 79 if (res == -EAGAIN) 80 goto retry; 81 82 return res; 83 } 84 85 static void mnt_free_id(struct vfsmount *mnt) 86 { 87 int id = mnt->mnt_id; 88 spin_lock(&vfsmount_lock); 89 ida_remove(&mnt_id_ida, id); 90 if (mnt_id_start > id) 91 mnt_id_start = id; 92 spin_unlock(&vfsmount_lock); 93 } 94 95 /* 96 * Allocate a new peer group ID 97 * 98 * mnt_group_ida is protected by namespace_sem 99 */ 100 static int mnt_alloc_group_id(struct vfsmount *mnt) 101 { 102 int res; 103 104 if (!ida_pre_get(&mnt_group_ida, GFP_KERNEL)) 105 return -ENOMEM; 106 107 res = ida_get_new_above(&mnt_group_ida, 108 mnt_group_start, 109 &mnt->mnt_group_id); 110 if (!res) 111 mnt_group_start = mnt->mnt_group_id + 1; 112 113 return res; 114 } 115 116 /* 117 * Release a peer group ID 118 */ 119 void mnt_release_group_id(struct vfsmount *mnt) 120 { 121 int id = mnt->mnt_group_id; 122 ida_remove(&mnt_group_ida, id); 123 if (mnt_group_start > id) 124 mnt_group_start = id; 125 mnt->mnt_group_id = 0; 126 } 127 128 struct vfsmount *alloc_vfsmnt(const char *name) 129 { 130 struct vfsmount *mnt = kmem_cache_zalloc(mnt_cache, GFP_KERNEL); 131 if (mnt) { 132 int err; 133 134 err = mnt_alloc_id(mnt); 135 if (err) 136 goto out_free_cache; 137 138 if (name) { 139 mnt->mnt_devname = kstrdup(name, GFP_KERNEL); 140 if (!mnt->mnt_devname) 141 goto out_free_id; 142 } 143 144 atomic_set(&mnt->mnt_count, 1); 145 INIT_LIST_HEAD(&mnt->mnt_hash); 146 INIT_LIST_HEAD(&mnt->mnt_child); 147 INIT_LIST_HEAD(&mnt->mnt_mounts); 148 INIT_LIST_HEAD(&mnt->mnt_list); 149 INIT_LIST_HEAD(&mnt->mnt_expire); 150 INIT_LIST_HEAD(&mnt->mnt_share); 151 INIT_LIST_HEAD(&mnt->mnt_slave_list); 152 INIT_LIST_HEAD(&mnt->mnt_slave); 153 #ifdef CONFIG_SMP 154 mnt->mnt_writers = alloc_percpu(int); 155 if (!mnt->mnt_writers) 156 goto out_free_devname; 157 #else 158 mnt->mnt_writers = 0; 159 #endif 160 } 161 return mnt; 162 163 #ifdef CONFIG_SMP 164 out_free_devname: 165 kfree(mnt->mnt_devname); 166 #endif 167 out_free_id: 168 mnt_free_id(mnt); 169 out_free_cache: 170 kmem_cache_free(mnt_cache, mnt); 171 return NULL; 172 } 173 174 /* 175 * Most r/o checks on a fs are for operations that take 176 * discrete amounts of time, like a write() or unlink(). 177 * We must keep track of when those operations start 178 * (for permission checks) and when they end, so that 179 * we can determine when writes are able to occur to 180 * a filesystem. 181 */ 182 /* 183 * __mnt_is_readonly: check whether a mount is read-only 184 * @mnt: the mount to check for its write status 185 * 186 * This shouldn't be used directly ouside of the VFS. 187 * It does not guarantee that the filesystem will stay 188 * r/w, just that it is right *now*. This can not and 189 * should not be used in place of IS_RDONLY(inode). 190 * mnt_want/drop_write() will _keep_ the filesystem 191 * r/w. 192 */ 193 int __mnt_is_readonly(struct vfsmount *mnt) 194 { 195 if (mnt->mnt_flags & MNT_READONLY) 196 return 1; 197 if (mnt->mnt_sb->s_flags & MS_RDONLY) 198 return 1; 199 return 0; 200 } 201 EXPORT_SYMBOL_GPL(__mnt_is_readonly); 202 203 static inline void inc_mnt_writers(struct vfsmount *mnt) 204 { 205 #ifdef CONFIG_SMP 206 (*per_cpu_ptr(mnt->mnt_writers, smp_processor_id()))++; 207 #else 208 mnt->mnt_writers++; 209 #endif 210 } 211 212 static inline void dec_mnt_writers(struct vfsmount *mnt) 213 { 214 #ifdef CONFIG_SMP 215 (*per_cpu_ptr(mnt->mnt_writers, smp_processor_id()))--; 216 #else 217 mnt->mnt_writers--; 218 #endif 219 } 220 221 static unsigned int count_mnt_writers(struct vfsmount *mnt) 222 { 223 #ifdef CONFIG_SMP 224 unsigned int count = 0; 225 int cpu; 226 227 for_each_possible_cpu(cpu) { 228 count += *per_cpu_ptr(mnt->mnt_writers, cpu); 229 } 230 231 return count; 232 #else 233 return mnt->mnt_writers; 234 #endif 235 } 236 237 /* 238 * Most r/o checks on a fs are for operations that take 239 * discrete amounts of time, like a write() or unlink(). 240 * We must keep track of when those operations start 241 * (for permission checks) and when they end, so that 242 * we can determine when writes are able to occur to 243 * a filesystem. 244 */ 245 /** 246 * mnt_want_write - get write access to a mount 247 * @mnt: the mount on which to take a write 248 * 249 * This tells the low-level filesystem that a write is 250 * about to be performed to it, and makes sure that 251 * writes are allowed before returning success. When 252 * the write operation is finished, mnt_drop_write() 253 * must be called. This is effectively a refcount. 254 */ 255 int mnt_want_write(struct vfsmount *mnt) 256 { 257 int ret = 0; 258 259 preempt_disable(); 260 inc_mnt_writers(mnt); 261 /* 262 * The store to inc_mnt_writers must be visible before we pass 263 * MNT_WRITE_HOLD loop below, so that the slowpath can see our 264 * incremented count after it has set MNT_WRITE_HOLD. 265 */ 266 smp_mb(); 267 while (mnt->mnt_flags & MNT_WRITE_HOLD) 268 cpu_relax(); 269 /* 270 * After the slowpath clears MNT_WRITE_HOLD, mnt_is_readonly will 271 * be set to match its requirements. So we must not load that until 272 * MNT_WRITE_HOLD is cleared. 273 */ 274 smp_rmb(); 275 if (__mnt_is_readonly(mnt)) { 276 dec_mnt_writers(mnt); 277 ret = -EROFS; 278 goto out; 279 } 280 out: 281 preempt_enable(); 282 return ret; 283 } 284 EXPORT_SYMBOL_GPL(mnt_want_write); 285 286 /** 287 * mnt_clone_write - get write access to a mount 288 * @mnt: the mount on which to take a write 289 * 290 * This is effectively like mnt_want_write, except 291 * it must only be used to take an extra write reference 292 * on a mountpoint that we already know has a write reference 293 * on it. This allows some optimisation. 294 * 295 * After finished, mnt_drop_write must be called as usual to 296 * drop the reference. 297 */ 298 int mnt_clone_write(struct vfsmount *mnt) 299 { 300 /* superblock may be r/o */ 301 if (__mnt_is_readonly(mnt)) 302 return -EROFS; 303 preempt_disable(); 304 inc_mnt_writers(mnt); 305 preempt_enable(); 306 return 0; 307 } 308 EXPORT_SYMBOL_GPL(mnt_clone_write); 309 310 /** 311 * mnt_want_write_file - get write access to a file's mount 312 * @file: the file who's mount on which to take a write 313 * 314 * This is like mnt_want_write, but it takes a file and can 315 * do some optimisations if the file is open for write already 316 */ 317 int mnt_want_write_file(struct file *file) 318 { 319 struct inode *inode = file->f_dentry->d_inode; 320 if (!(file->f_mode & FMODE_WRITE) || special_file(inode->i_mode)) 321 return mnt_want_write(file->f_path.mnt); 322 else 323 return mnt_clone_write(file->f_path.mnt); 324 } 325 EXPORT_SYMBOL_GPL(mnt_want_write_file); 326 327 /** 328 * mnt_drop_write - give up write access to a mount 329 * @mnt: the mount on which to give up write access 330 * 331 * Tells the low-level filesystem that we are done 332 * performing writes to it. Must be matched with 333 * mnt_want_write() call above. 334 */ 335 void mnt_drop_write(struct vfsmount *mnt) 336 { 337 preempt_disable(); 338 dec_mnt_writers(mnt); 339 preempt_enable(); 340 } 341 EXPORT_SYMBOL_GPL(mnt_drop_write); 342 343 static int mnt_make_readonly(struct vfsmount *mnt) 344 { 345 int ret = 0; 346 347 spin_lock(&vfsmount_lock); 348 mnt->mnt_flags |= MNT_WRITE_HOLD; 349 /* 350 * After storing MNT_WRITE_HOLD, we'll read the counters. This store 351 * should be visible before we do. 352 */ 353 smp_mb(); 354 355 /* 356 * With writers on hold, if this value is zero, then there are 357 * definitely no active writers (although held writers may subsequently 358 * increment the count, they'll have to wait, and decrement it after 359 * seeing MNT_READONLY). 360 * 361 * It is OK to have counter incremented on one CPU and decremented on 362 * another: the sum will add up correctly. The danger would be when we 363 * sum up each counter, if we read a counter before it is incremented, 364 * but then read another CPU's count which it has been subsequently 365 * decremented from -- we would see more decrements than we should. 366 * MNT_WRITE_HOLD protects against this scenario, because 367 * mnt_want_write first increments count, then smp_mb, then spins on 368 * MNT_WRITE_HOLD, so it can't be decremented by another CPU while 369 * we're counting up here. 370 */ 371 if (count_mnt_writers(mnt) > 0) 372 ret = -EBUSY; 373 else 374 mnt->mnt_flags |= MNT_READONLY; 375 /* 376 * MNT_READONLY must become visible before ~MNT_WRITE_HOLD, so writers 377 * that become unheld will see MNT_READONLY. 378 */ 379 smp_wmb(); 380 mnt->mnt_flags &= ~MNT_WRITE_HOLD; 381 spin_unlock(&vfsmount_lock); 382 return ret; 383 } 384 385 static void __mnt_unmake_readonly(struct vfsmount *mnt) 386 { 387 spin_lock(&vfsmount_lock); 388 mnt->mnt_flags &= ~MNT_READONLY; 389 spin_unlock(&vfsmount_lock); 390 } 391 392 void simple_set_mnt(struct vfsmount *mnt, struct super_block *sb) 393 { 394 mnt->mnt_sb = sb; 395 mnt->mnt_root = dget(sb->s_root); 396 } 397 398 EXPORT_SYMBOL(simple_set_mnt); 399 400 void free_vfsmnt(struct vfsmount *mnt) 401 { 402 kfree(mnt->mnt_devname); 403 mnt_free_id(mnt); 404 #ifdef CONFIG_SMP 405 free_percpu(mnt->mnt_writers); 406 #endif 407 kmem_cache_free(mnt_cache, mnt); 408 } 409 410 /* 411 * find the first or last mount at @dentry on vfsmount @mnt depending on 412 * @dir. If @dir is set return the first mount else return the last mount. 413 */ 414 struct vfsmount *__lookup_mnt(struct vfsmount *mnt, struct dentry *dentry, 415 int dir) 416 { 417 struct list_head *head = mount_hashtable + hash(mnt, dentry); 418 struct list_head *tmp = head; 419 struct vfsmount *p, *found = NULL; 420 421 for (;;) { 422 tmp = dir ? tmp->next : tmp->prev; 423 p = NULL; 424 if (tmp == head) 425 break; 426 p = list_entry(tmp, struct vfsmount, mnt_hash); 427 if (p->mnt_parent == mnt && p->mnt_mountpoint == dentry) { 428 found = p; 429 break; 430 } 431 } 432 return found; 433 } 434 435 /* 436 * lookup_mnt increments the ref count before returning 437 * the vfsmount struct. 438 */ 439 struct vfsmount *lookup_mnt(struct path *path) 440 { 441 struct vfsmount *child_mnt; 442 spin_lock(&vfsmount_lock); 443 if ((child_mnt = __lookup_mnt(path->mnt, path->dentry, 1))) 444 mntget(child_mnt); 445 spin_unlock(&vfsmount_lock); 446 return child_mnt; 447 } 448 449 static inline int check_mnt(struct vfsmount *mnt) 450 { 451 return mnt->mnt_ns == current->nsproxy->mnt_ns; 452 } 453 454 static void touch_mnt_namespace(struct mnt_namespace *ns) 455 { 456 if (ns) { 457 ns->event = ++event; 458 wake_up_interruptible(&ns->poll); 459 } 460 } 461 462 static void __touch_mnt_namespace(struct mnt_namespace *ns) 463 { 464 if (ns && ns->event != event) { 465 ns->event = event; 466 wake_up_interruptible(&ns->poll); 467 } 468 } 469 470 static void detach_mnt(struct vfsmount *mnt, struct path *old_path) 471 { 472 old_path->dentry = mnt->mnt_mountpoint; 473 old_path->mnt = mnt->mnt_parent; 474 mnt->mnt_parent = mnt; 475 mnt->mnt_mountpoint = mnt->mnt_root; 476 list_del_init(&mnt->mnt_child); 477 list_del_init(&mnt->mnt_hash); 478 old_path->dentry->d_mounted--; 479 } 480 481 void mnt_set_mountpoint(struct vfsmount *mnt, struct dentry *dentry, 482 struct vfsmount *child_mnt) 483 { 484 child_mnt->mnt_parent = mntget(mnt); 485 child_mnt->mnt_mountpoint = dget(dentry); 486 dentry->d_mounted++; 487 } 488 489 static void attach_mnt(struct vfsmount *mnt, struct path *path) 490 { 491 mnt_set_mountpoint(path->mnt, path->dentry, mnt); 492 list_add_tail(&mnt->mnt_hash, mount_hashtable + 493 hash(path->mnt, path->dentry)); 494 list_add_tail(&mnt->mnt_child, &path->mnt->mnt_mounts); 495 } 496 497 /* 498 * the caller must hold vfsmount_lock 499 */ 500 static void commit_tree(struct vfsmount *mnt) 501 { 502 struct vfsmount *parent = mnt->mnt_parent; 503 struct vfsmount *m; 504 LIST_HEAD(head); 505 struct mnt_namespace *n = parent->mnt_ns; 506 507 BUG_ON(parent == mnt); 508 509 list_add_tail(&head, &mnt->mnt_list); 510 list_for_each_entry(m, &head, mnt_list) 511 m->mnt_ns = n; 512 list_splice(&head, n->list.prev); 513 514 list_add_tail(&mnt->mnt_hash, mount_hashtable + 515 hash(parent, mnt->mnt_mountpoint)); 516 list_add_tail(&mnt->mnt_child, &parent->mnt_mounts); 517 touch_mnt_namespace(n); 518 } 519 520 static struct vfsmount *next_mnt(struct vfsmount *p, struct vfsmount *root) 521 { 522 struct list_head *next = p->mnt_mounts.next; 523 if (next == &p->mnt_mounts) { 524 while (1) { 525 if (p == root) 526 return NULL; 527 next = p->mnt_child.next; 528 if (next != &p->mnt_parent->mnt_mounts) 529 break; 530 p = p->mnt_parent; 531 } 532 } 533 return list_entry(next, struct vfsmount, mnt_child); 534 } 535 536 static struct vfsmount *skip_mnt_tree(struct vfsmount *p) 537 { 538 struct list_head *prev = p->mnt_mounts.prev; 539 while (prev != &p->mnt_mounts) { 540 p = list_entry(prev, struct vfsmount, mnt_child); 541 prev = p->mnt_mounts.prev; 542 } 543 return p; 544 } 545 546 static struct vfsmount *clone_mnt(struct vfsmount *old, struct dentry *root, 547 int flag) 548 { 549 struct super_block *sb = old->mnt_sb; 550 struct vfsmount *mnt = alloc_vfsmnt(old->mnt_devname); 551 552 if (mnt) { 553 if (flag & (CL_SLAVE | CL_PRIVATE)) 554 mnt->mnt_group_id = 0; /* not a peer of original */ 555 else 556 mnt->mnt_group_id = old->mnt_group_id; 557 558 if ((flag & CL_MAKE_SHARED) && !mnt->mnt_group_id) { 559 int err = mnt_alloc_group_id(mnt); 560 if (err) 561 goto out_free; 562 } 563 564 mnt->mnt_flags = old->mnt_flags; 565 atomic_inc(&sb->s_active); 566 mnt->mnt_sb = sb; 567 mnt->mnt_root = dget(root); 568 mnt->mnt_mountpoint = mnt->mnt_root; 569 mnt->mnt_parent = mnt; 570 571 if (flag & CL_SLAVE) { 572 list_add(&mnt->mnt_slave, &old->mnt_slave_list); 573 mnt->mnt_master = old; 574 CLEAR_MNT_SHARED(mnt); 575 } else if (!(flag & CL_PRIVATE)) { 576 if ((flag & CL_MAKE_SHARED) || IS_MNT_SHARED(old)) 577 list_add(&mnt->mnt_share, &old->mnt_share); 578 if (IS_MNT_SLAVE(old)) 579 list_add(&mnt->mnt_slave, &old->mnt_slave); 580 mnt->mnt_master = old->mnt_master; 581 } 582 if (flag & CL_MAKE_SHARED) 583 set_mnt_shared(mnt); 584 585 /* stick the duplicate mount on the same expiry list 586 * as the original if that was on one */ 587 if (flag & CL_EXPIRE) { 588 if (!list_empty(&old->mnt_expire)) 589 list_add(&mnt->mnt_expire, &old->mnt_expire); 590 } 591 } 592 return mnt; 593 594 out_free: 595 free_vfsmnt(mnt); 596 return NULL; 597 } 598 599 static inline void __mntput(struct vfsmount *mnt) 600 { 601 struct super_block *sb = mnt->mnt_sb; 602 /* 603 * This probably indicates that somebody messed 604 * up a mnt_want/drop_write() pair. If this 605 * happens, the filesystem was probably unable 606 * to make r/w->r/o transitions. 607 */ 608 /* 609 * atomic_dec_and_lock() used to deal with ->mnt_count decrements 610 * provides barriers, so count_mnt_writers() below is safe. AV 611 */ 612 WARN_ON(count_mnt_writers(mnt)); 613 dput(mnt->mnt_root); 614 free_vfsmnt(mnt); 615 deactivate_super(sb); 616 } 617 618 void mntput_no_expire(struct vfsmount *mnt) 619 { 620 repeat: 621 if (atomic_dec_and_lock(&mnt->mnt_count, &vfsmount_lock)) { 622 if (likely(!mnt->mnt_pinned)) { 623 spin_unlock(&vfsmount_lock); 624 __mntput(mnt); 625 return; 626 } 627 atomic_add(mnt->mnt_pinned + 1, &mnt->mnt_count); 628 mnt->mnt_pinned = 0; 629 spin_unlock(&vfsmount_lock); 630 acct_auto_close_mnt(mnt); 631 goto repeat; 632 } 633 } 634 635 EXPORT_SYMBOL(mntput_no_expire); 636 637 void mnt_pin(struct vfsmount *mnt) 638 { 639 spin_lock(&vfsmount_lock); 640 mnt->mnt_pinned++; 641 spin_unlock(&vfsmount_lock); 642 } 643 644 EXPORT_SYMBOL(mnt_pin); 645 646 void mnt_unpin(struct vfsmount *mnt) 647 { 648 spin_lock(&vfsmount_lock); 649 if (mnt->mnt_pinned) { 650 atomic_inc(&mnt->mnt_count); 651 mnt->mnt_pinned--; 652 } 653 spin_unlock(&vfsmount_lock); 654 } 655 656 EXPORT_SYMBOL(mnt_unpin); 657 658 static inline void mangle(struct seq_file *m, const char *s) 659 { 660 seq_escape(m, s, " \t\n\\"); 661 } 662 663 /* 664 * Simple .show_options callback for filesystems which don't want to 665 * implement more complex mount option showing. 666 * 667 * See also save_mount_options(). 668 */ 669 int generic_show_options(struct seq_file *m, struct vfsmount *mnt) 670 { 671 const char *options; 672 673 rcu_read_lock(); 674 options = rcu_dereference(mnt->mnt_sb->s_options); 675 676 if (options != NULL && options[0]) { 677 seq_putc(m, ','); 678 mangle(m, options); 679 } 680 rcu_read_unlock(); 681 682 return 0; 683 } 684 EXPORT_SYMBOL(generic_show_options); 685 686 /* 687 * If filesystem uses generic_show_options(), this function should be 688 * called from the fill_super() callback. 689 * 690 * The .remount_fs callback usually needs to be handled in a special 691 * way, to make sure, that previous options are not overwritten if the 692 * remount fails. 693 * 694 * Also note, that if the filesystem's .remount_fs function doesn't 695 * reset all options to their default value, but changes only newly 696 * given options, then the displayed options will not reflect reality 697 * any more. 698 */ 699 void save_mount_options(struct super_block *sb, char *options) 700 { 701 BUG_ON(sb->s_options); 702 rcu_assign_pointer(sb->s_options, kstrdup(options, GFP_KERNEL)); 703 } 704 EXPORT_SYMBOL(save_mount_options); 705 706 void replace_mount_options(struct super_block *sb, char *options) 707 { 708 char *old = sb->s_options; 709 rcu_assign_pointer(sb->s_options, options); 710 if (old) { 711 synchronize_rcu(); 712 kfree(old); 713 } 714 } 715 EXPORT_SYMBOL(replace_mount_options); 716 717 #ifdef CONFIG_PROC_FS 718 /* iterator */ 719 static void *m_start(struct seq_file *m, loff_t *pos) 720 { 721 struct proc_mounts *p = m->private; 722 723 down_read(&namespace_sem); 724 return seq_list_start(&p->ns->list, *pos); 725 } 726 727 static void *m_next(struct seq_file *m, void *v, loff_t *pos) 728 { 729 struct proc_mounts *p = m->private; 730 731 return seq_list_next(v, &p->ns->list, pos); 732 } 733 734 static void m_stop(struct seq_file *m, void *v) 735 { 736 up_read(&namespace_sem); 737 } 738 739 int mnt_had_events(struct proc_mounts *p) 740 { 741 struct mnt_namespace *ns = p->ns; 742 int res = 0; 743 744 spin_lock(&vfsmount_lock); 745 if (p->event != ns->event) { 746 p->event = ns->event; 747 res = 1; 748 } 749 spin_unlock(&vfsmount_lock); 750 751 return res; 752 } 753 754 struct proc_fs_info { 755 int flag; 756 const char *str; 757 }; 758 759 static int show_sb_opts(struct seq_file *m, struct super_block *sb) 760 { 761 static const struct proc_fs_info fs_info[] = { 762 { MS_SYNCHRONOUS, ",sync" }, 763 { MS_DIRSYNC, ",dirsync" }, 764 { MS_MANDLOCK, ",mand" }, 765 { 0, NULL } 766 }; 767 const struct proc_fs_info *fs_infop; 768 769 for (fs_infop = fs_info; fs_infop->flag; fs_infop++) { 770 if (sb->s_flags & fs_infop->flag) 771 seq_puts(m, fs_infop->str); 772 } 773 774 return security_sb_show_options(m, sb); 775 } 776 777 static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt) 778 { 779 static const struct proc_fs_info mnt_info[] = { 780 { MNT_NOSUID, ",nosuid" }, 781 { MNT_NODEV, ",nodev" }, 782 { MNT_NOEXEC, ",noexec" }, 783 { MNT_NOATIME, ",noatime" }, 784 { MNT_NODIRATIME, ",nodiratime" }, 785 { MNT_RELATIME, ",relatime" }, 786 { MNT_STRICTATIME, ",strictatime" }, 787 { 0, NULL } 788 }; 789 const struct proc_fs_info *fs_infop; 790 791 for (fs_infop = mnt_info; fs_infop->flag; fs_infop++) { 792 if (mnt->mnt_flags & fs_infop->flag) 793 seq_puts(m, fs_infop->str); 794 } 795 } 796 797 static void show_type(struct seq_file *m, struct super_block *sb) 798 { 799 mangle(m, sb->s_type->name); 800 if (sb->s_subtype && sb->s_subtype[0]) { 801 seq_putc(m, '.'); 802 mangle(m, sb->s_subtype); 803 } 804 } 805 806 static int show_vfsmnt(struct seq_file *m, void *v) 807 { 808 struct vfsmount *mnt = list_entry(v, struct vfsmount, mnt_list); 809 int err = 0; 810 struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt }; 811 812 mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none"); 813 seq_putc(m, ' '); 814 seq_path(m, &mnt_path, " \t\n\\"); 815 seq_putc(m, ' '); 816 show_type(m, mnt->mnt_sb); 817 seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw"); 818 err = show_sb_opts(m, mnt->mnt_sb); 819 if (err) 820 goto out; 821 show_mnt_opts(m, mnt); 822 if (mnt->mnt_sb->s_op->show_options) 823 err = mnt->mnt_sb->s_op->show_options(m, mnt); 824 seq_puts(m, " 0 0\n"); 825 out: 826 return err; 827 } 828 829 const struct seq_operations mounts_op = { 830 .start = m_start, 831 .next = m_next, 832 .stop = m_stop, 833 .show = show_vfsmnt 834 }; 835 836 static int show_mountinfo(struct seq_file *m, void *v) 837 { 838 struct proc_mounts *p = m->private; 839 struct vfsmount *mnt = list_entry(v, struct vfsmount, mnt_list); 840 struct super_block *sb = mnt->mnt_sb; 841 struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt }; 842 struct path root = p->root; 843 int err = 0; 844 845 seq_printf(m, "%i %i %u:%u ", mnt->mnt_id, mnt->mnt_parent->mnt_id, 846 MAJOR(sb->s_dev), MINOR(sb->s_dev)); 847 seq_dentry(m, mnt->mnt_root, " \t\n\\"); 848 seq_putc(m, ' '); 849 seq_path_root(m, &mnt_path, &root, " \t\n\\"); 850 if (root.mnt != p->root.mnt || root.dentry != p->root.dentry) { 851 /* 852 * Mountpoint is outside root, discard that one. Ugly, 853 * but less so than trying to do that in iterator in a 854 * race-free way (due to renames). 855 */ 856 return SEQ_SKIP; 857 } 858 seq_puts(m, mnt->mnt_flags & MNT_READONLY ? " ro" : " rw"); 859 show_mnt_opts(m, mnt); 860 861 /* Tagged fields ("foo:X" or "bar") */ 862 if (IS_MNT_SHARED(mnt)) 863 seq_printf(m, " shared:%i", mnt->mnt_group_id); 864 if (IS_MNT_SLAVE(mnt)) { 865 int master = mnt->mnt_master->mnt_group_id; 866 int dom = get_dominating_id(mnt, &p->root); 867 seq_printf(m, " master:%i", master); 868 if (dom && dom != master) 869 seq_printf(m, " propagate_from:%i", dom); 870 } 871 if (IS_MNT_UNBINDABLE(mnt)) 872 seq_puts(m, " unbindable"); 873 874 /* Filesystem specific data */ 875 seq_puts(m, " - "); 876 show_type(m, sb); 877 seq_putc(m, ' '); 878 mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none"); 879 seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw"); 880 err = show_sb_opts(m, sb); 881 if (err) 882 goto out; 883 if (sb->s_op->show_options) 884 err = sb->s_op->show_options(m, mnt); 885 seq_putc(m, '\n'); 886 out: 887 return err; 888 } 889 890 const struct seq_operations mountinfo_op = { 891 .start = m_start, 892 .next = m_next, 893 .stop = m_stop, 894 .show = show_mountinfo, 895 }; 896 897 static int show_vfsstat(struct seq_file *m, void *v) 898 { 899 struct vfsmount *mnt = list_entry(v, struct vfsmount, mnt_list); 900 struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt }; 901 int err = 0; 902 903 /* device */ 904 if (mnt->mnt_devname) { 905 seq_puts(m, "device "); 906 mangle(m, mnt->mnt_devname); 907 } else 908 seq_puts(m, "no device"); 909 910 /* mount point */ 911 seq_puts(m, " mounted on "); 912 seq_path(m, &mnt_path, " \t\n\\"); 913 seq_putc(m, ' '); 914 915 /* file system type */ 916 seq_puts(m, "with fstype "); 917 show_type(m, mnt->mnt_sb); 918 919 /* optional statistics */ 920 if (mnt->mnt_sb->s_op->show_stats) { 921 seq_putc(m, ' '); 922 err = mnt->mnt_sb->s_op->show_stats(m, mnt); 923 } 924 925 seq_putc(m, '\n'); 926 return err; 927 } 928 929 const struct seq_operations mountstats_op = { 930 .start = m_start, 931 .next = m_next, 932 .stop = m_stop, 933 .show = show_vfsstat, 934 }; 935 #endif /* CONFIG_PROC_FS */ 936 937 /** 938 * may_umount_tree - check if a mount tree is busy 939 * @mnt: root of mount tree 940 * 941 * This is called to check if a tree of mounts has any 942 * open files, pwds, chroots or sub mounts that are 943 * busy. 944 */ 945 int may_umount_tree(struct vfsmount *mnt) 946 { 947 int actual_refs = 0; 948 int minimum_refs = 0; 949 struct vfsmount *p; 950 951 spin_lock(&vfsmount_lock); 952 for (p = mnt; p; p = next_mnt(p, mnt)) { 953 actual_refs += atomic_read(&p->mnt_count); 954 minimum_refs += 2; 955 } 956 spin_unlock(&vfsmount_lock); 957 958 if (actual_refs > minimum_refs) 959 return 0; 960 961 return 1; 962 } 963 964 EXPORT_SYMBOL(may_umount_tree); 965 966 /** 967 * may_umount - check if a mount point is busy 968 * @mnt: root of mount 969 * 970 * This is called to check if a mount point has any 971 * open files, pwds, chroots or sub mounts. If the 972 * mount has sub mounts this will return busy 973 * regardless of whether the sub mounts are busy. 974 * 975 * Doesn't take quota and stuff into account. IOW, in some cases it will 976 * give false negatives. The main reason why it's here is that we need 977 * a non-destructive way to look for easily umountable filesystems. 978 */ 979 int may_umount(struct vfsmount *mnt) 980 { 981 int ret = 1; 982 down_read(&namespace_sem); 983 spin_lock(&vfsmount_lock); 984 if (propagate_mount_busy(mnt, 2)) 985 ret = 0; 986 spin_unlock(&vfsmount_lock); 987 up_read(&namespace_sem); 988 return ret; 989 } 990 991 EXPORT_SYMBOL(may_umount); 992 993 void release_mounts(struct list_head *head) 994 { 995 struct vfsmount *mnt; 996 while (!list_empty(head)) { 997 mnt = list_first_entry(head, struct vfsmount, mnt_hash); 998 list_del_init(&mnt->mnt_hash); 999 if (mnt->mnt_parent != mnt) { 1000 struct dentry *dentry; 1001 struct vfsmount *m; 1002 spin_lock(&vfsmount_lock); 1003 dentry = mnt->mnt_mountpoint; 1004 m = mnt->mnt_parent; 1005 mnt->mnt_mountpoint = mnt->mnt_root; 1006 mnt->mnt_parent = mnt; 1007 m->mnt_ghosts--; 1008 spin_unlock(&vfsmount_lock); 1009 dput(dentry); 1010 mntput(m); 1011 } 1012 mntput(mnt); 1013 } 1014 } 1015 1016 void umount_tree(struct vfsmount *mnt, int propagate, struct list_head *kill) 1017 { 1018 struct vfsmount *p; 1019 1020 for (p = mnt; p; p = next_mnt(p, mnt)) 1021 list_move(&p->mnt_hash, kill); 1022 1023 if (propagate) 1024 propagate_umount(kill); 1025 1026 list_for_each_entry(p, kill, mnt_hash) { 1027 list_del_init(&p->mnt_expire); 1028 list_del_init(&p->mnt_list); 1029 __touch_mnt_namespace(p->mnt_ns); 1030 p->mnt_ns = NULL; 1031 list_del_init(&p->mnt_child); 1032 if (p->mnt_parent != p) { 1033 p->mnt_parent->mnt_ghosts++; 1034 p->mnt_mountpoint->d_mounted--; 1035 } 1036 change_mnt_propagation(p, MS_PRIVATE); 1037 } 1038 } 1039 1040 static void shrink_submounts(struct vfsmount *mnt, struct list_head *umounts); 1041 1042 static int do_umount(struct vfsmount *mnt, int flags) 1043 { 1044 struct super_block *sb = mnt->mnt_sb; 1045 int retval; 1046 LIST_HEAD(umount_list); 1047 1048 retval = security_sb_umount(mnt, flags); 1049 if (retval) 1050 return retval; 1051 1052 /* 1053 * Allow userspace to request a mountpoint be expired rather than 1054 * unmounting unconditionally. Unmount only happens if: 1055 * (1) the mark is already set (the mark is cleared by mntput()) 1056 * (2) the usage count == 1 [parent vfsmount] + 1 [sys_umount] 1057 */ 1058 if (flags & MNT_EXPIRE) { 1059 if (mnt == current->fs->root.mnt || 1060 flags & (MNT_FORCE | MNT_DETACH)) 1061 return -EINVAL; 1062 1063 if (atomic_read(&mnt->mnt_count) != 2) 1064 return -EBUSY; 1065 1066 if (!xchg(&mnt->mnt_expiry_mark, 1)) 1067 return -EAGAIN; 1068 } 1069 1070 /* 1071 * If we may have to abort operations to get out of this 1072 * mount, and they will themselves hold resources we must 1073 * allow the fs to do things. In the Unix tradition of 1074 * 'Gee thats tricky lets do it in userspace' the umount_begin 1075 * might fail to complete on the first run through as other tasks 1076 * must return, and the like. Thats for the mount program to worry 1077 * about for the moment. 1078 */ 1079 1080 if (flags & MNT_FORCE && sb->s_op->umount_begin) { 1081 sb->s_op->umount_begin(sb); 1082 } 1083 1084 /* 1085 * No sense to grab the lock for this test, but test itself looks 1086 * somewhat bogus. Suggestions for better replacement? 1087 * Ho-hum... In principle, we might treat that as umount + switch 1088 * to rootfs. GC would eventually take care of the old vfsmount. 1089 * Actually it makes sense, especially if rootfs would contain a 1090 * /reboot - static binary that would close all descriptors and 1091 * call reboot(9). Then init(8) could umount root and exec /reboot. 1092 */ 1093 if (mnt == current->fs->root.mnt && !(flags & MNT_DETACH)) { 1094 /* 1095 * Special case for "unmounting" root ... 1096 * we just try to remount it readonly. 1097 */ 1098 down_write(&sb->s_umount); 1099 if (!(sb->s_flags & MS_RDONLY)) 1100 retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); 1101 up_write(&sb->s_umount); 1102 return retval; 1103 } 1104 1105 down_write(&namespace_sem); 1106 spin_lock(&vfsmount_lock); 1107 event++; 1108 1109 if (!(flags & MNT_DETACH)) 1110 shrink_submounts(mnt, &umount_list); 1111 1112 retval = -EBUSY; 1113 if (flags & MNT_DETACH || !propagate_mount_busy(mnt, 2)) { 1114 if (!list_empty(&mnt->mnt_list)) 1115 umount_tree(mnt, 1, &umount_list); 1116 retval = 0; 1117 } 1118 spin_unlock(&vfsmount_lock); 1119 up_write(&namespace_sem); 1120 release_mounts(&umount_list); 1121 return retval; 1122 } 1123 1124 /* 1125 * Now umount can handle mount points as well as block devices. 1126 * This is important for filesystems which use unnamed block devices. 1127 * 1128 * We now support a flag for forced unmount like the other 'big iron' 1129 * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD 1130 */ 1131 1132 SYSCALL_DEFINE2(umount, char __user *, name, int, flags) 1133 { 1134 struct path path; 1135 int retval; 1136 int lookup_flags = 0; 1137 1138 if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW)) 1139 return -EINVAL; 1140 1141 if (!(flags & UMOUNT_NOFOLLOW)) 1142 lookup_flags |= LOOKUP_FOLLOW; 1143 1144 retval = user_path_at(AT_FDCWD, name, lookup_flags, &path); 1145 if (retval) 1146 goto out; 1147 retval = -EINVAL; 1148 if (path.dentry != path.mnt->mnt_root) 1149 goto dput_and_out; 1150 if (!check_mnt(path.mnt)) 1151 goto dput_and_out; 1152 1153 retval = -EPERM; 1154 if (!capable(CAP_SYS_ADMIN)) 1155 goto dput_and_out; 1156 1157 retval = do_umount(path.mnt, flags); 1158 dput_and_out: 1159 /* we mustn't call path_put() as that would clear mnt_expiry_mark */ 1160 dput(path.dentry); 1161 mntput_no_expire(path.mnt); 1162 out: 1163 return retval; 1164 } 1165 1166 #ifdef __ARCH_WANT_SYS_OLDUMOUNT 1167 1168 /* 1169 * The 2.0 compatible umount. No flags. 1170 */ 1171 SYSCALL_DEFINE1(oldumount, char __user *, name) 1172 { 1173 return sys_umount(name, 0); 1174 } 1175 1176 #endif 1177 1178 static int mount_is_safe(struct path *path) 1179 { 1180 if (capable(CAP_SYS_ADMIN)) 1181 return 0; 1182 return -EPERM; 1183 #ifdef notyet 1184 if (S_ISLNK(path->dentry->d_inode->i_mode)) 1185 return -EPERM; 1186 if (path->dentry->d_inode->i_mode & S_ISVTX) { 1187 if (current_uid() != path->dentry->d_inode->i_uid) 1188 return -EPERM; 1189 } 1190 if (inode_permission(path->dentry->d_inode, MAY_WRITE)) 1191 return -EPERM; 1192 return 0; 1193 #endif 1194 } 1195 1196 struct vfsmount *copy_tree(struct vfsmount *mnt, struct dentry *dentry, 1197 int flag) 1198 { 1199 struct vfsmount *res, *p, *q, *r, *s; 1200 struct path path; 1201 1202 if (!(flag & CL_COPY_ALL) && IS_MNT_UNBINDABLE(mnt)) 1203 return NULL; 1204 1205 res = q = clone_mnt(mnt, dentry, flag); 1206 if (!q) 1207 goto Enomem; 1208 q->mnt_mountpoint = mnt->mnt_mountpoint; 1209 1210 p = mnt; 1211 list_for_each_entry(r, &mnt->mnt_mounts, mnt_child) { 1212 if (!is_subdir(r->mnt_mountpoint, dentry)) 1213 continue; 1214 1215 for (s = r; s; s = next_mnt(s, r)) { 1216 if (!(flag & CL_COPY_ALL) && IS_MNT_UNBINDABLE(s)) { 1217 s = skip_mnt_tree(s); 1218 continue; 1219 } 1220 while (p != s->mnt_parent) { 1221 p = p->mnt_parent; 1222 q = q->mnt_parent; 1223 } 1224 p = s; 1225 path.mnt = q; 1226 path.dentry = p->mnt_mountpoint; 1227 q = clone_mnt(p, p->mnt_root, flag); 1228 if (!q) 1229 goto Enomem; 1230 spin_lock(&vfsmount_lock); 1231 list_add_tail(&q->mnt_list, &res->mnt_list); 1232 attach_mnt(q, &path); 1233 spin_unlock(&vfsmount_lock); 1234 } 1235 } 1236 return res; 1237 Enomem: 1238 if (res) { 1239 LIST_HEAD(umount_list); 1240 spin_lock(&vfsmount_lock); 1241 umount_tree(res, 0, &umount_list); 1242 spin_unlock(&vfsmount_lock); 1243 release_mounts(&umount_list); 1244 } 1245 return NULL; 1246 } 1247 1248 struct vfsmount *collect_mounts(struct path *path) 1249 { 1250 struct vfsmount *tree; 1251 down_write(&namespace_sem); 1252 tree = copy_tree(path->mnt, path->dentry, CL_COPY_ALL | CL_PRIVATE); 1253 up_write(&namespace_sem); 1254 return tree; 1255 } 1256 1257 void drop_collected_mounts(struct vfsmount *mnt) 1258 { 1259 LIST_HEAD(umount_list); 1260 down_write(&namespace_sem); 1261 spin_lock(&vfsmount_lock); 1262 umount_tree(mnt, 0, &umount_list); 1263 spin_unlock(&vfsmount_lock); 1264 up_write(&namespace_sem); 1265 release_mounts(&umount_list); 1266 } 1267 1268 int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg, 1269 struct vfsmount *root) 1270 { 1271 struct vfsmount *mnt; 1272 int res = f(root, arg); 1273 if (res) 1274 return res; 1275 list_for_each_entry(mnt, &root->mnt_list, mnt_list) { 1276 res = f(mnt, arg); 1277 if (res) 1278 return res; 1279 } 1280 return 0; 1281 } 1282 1283 static void cleanup_group_ids(struct vfsmount *mnt, struct vfsmount *end) 1284 { 1285 struct vfsmount *p; 1286 1287 for (p = mnt; p != end; p = next_mnt(p, mnt)) { 1288 if (p->mnt_group_id && !IS_MNT_SHARED(p)) 1289 mnt_release_group_id(p); 1290 } 1291 } 1292 1293 static int invent_group_ids(struct vfsmount *mnt, bool recurse) 1294 { 1295 struct vfsmount *p; 1296 1297 for (p = mnt; p; p = recurse ? next_mnt(p, mnt) : NULL) { 1298 if (!p->mnt_group_id && !IS_MNT_SHARED(p)) { 1299 int err = mnt_alloc_group_id(p); 1300 if (err) { 1301 cleanup_group_ids(mnt, p); 1302 return err; 1303 } 1304 } 1305 } 1306 1307 return 0; 1308 } 1309 1310 /* 1311 * @source_mnt : mount tree to be attached 1312 * @nd : place the mount tree @source_mnt is attached 1313 * @parent_nd : if non-null, detach the source_mnt from its parent and 1314 * store the parent mount and mountpoint dentry. 1315 * (done when source_mnt is moved) 1316 * 1317 * NOTE: in the table below explains the semantics when a source mount 1318 * of a given type is attached to a destination mount of a given type. 1319 * --------------------------------------------------------------------------- 1320 * | BIND MOUNT OPERATION | 1321 * |************************************************************************** 1322 * | source-->| shared | private | slave | unbindable | 1323 * | dest | | | | | 1324 * | | | | | | | 1325 * | v | | | | | 1326 * |************************************************************************** 1327 * | shared | shared (++) | shared (+) | shared(+++)| invalid | 1328 * | | | | | | 1329 * |non-shared| shared (+) | private | slave (*) | invalid | 1330 * *************************************************************************** 1331 * A bind operation clones the source mount and mounts the clone on the 1332 * destination mount. 1333 * 1334 * (++) the cloned mount is propagated to all the mounts in the propagation 1335 * tree of the destination mount and the cloned mount is added to 1336 * the peer group of the source mount. 1337 * (+) the cloned mount is created under the destination mount and is marked 1338 * as shared. The cloned mount is added to the peer group of the source 1339 * mount. 1340 * (+++) the mount is propagated to all the mounts in the propagation tree 1341 * of the destination mount and the cloned mount is made slave 1342 * of the same master as that of the source mount. The cloned mount 1343 * is marked as 'shared and slave'. 1344 * (*) the cloned mount is made a slave of the same master as that of the 1345 * source mount. 1346 * 1347 * --------------------------------------------------------------------------- 1348 * | MOVE MOUNT OPERATION | 1349 * |************************************************************************** 1350 * | source-->| shared | private | slave | unbindable | 1351 * | dest | | | | | 1352 * | | | | | | | 1353 * | v | | | | | 1354 * |************************************************************************** 1355 * | shared | shared (+) | shared (+) | shared(+++) | invalid | 1356 * | | | | | | 1357 * |non-shared| shared (+*) | private | slave (*) | unbindable | 1358 * *************************************************************************** 1359 * 1360 * (+) the mount is moved to the destination. And is then propagated to 1361 * all the mounts in the propagation tree of the destination mount. 1362 * (+*) the mount is moved to the destination. 1363 * (+++) the mount is moved to the destination and is then propagated to 1364 * all the mounts belonging to the destination mount's propagation tree. 1365 * the mount is marked as 'shared and slave'. 1366 * (*) the mount continues to be a slave at the new location. 1367 * 1368 * if the source mount is a tree, the operations explained above is 1369 * applied to each mount in the tree. 1370 * Must be called without spinlocks held, since this function can sleep 1371 * in allocations. 1372 */ 1373 static int attach_recursive_mnt(struct vfsmount *source_mnt, 1374 struct path *path, struct path *parent_path) 1375 { 1376 LIST_HEAD(tree_list); 1377 struct vfsmount *dest_mnt = path->mnt; 1378 struct dentry *dest_dentry = path->dentry; 1379 struct vfsmount *child, *p; 1380 int err; 1381 1382 if (IS_MNT_SHARED(dest_mnt)) { 1383 err = invent_group_ids(source_mnt, true); 1384 if (err) 1385 goto out; 1386 } 1387 err = propagate_mnt(dest_mnt, dest_dentry, source_mnt, &tree_list); 1388 if (err) 1389 goto out_cleanup_ids; 1390 1391 spin_lock(&vfsmount_lock); 1392 1393 if (IS_MNT_SHARED(dest_mnt)) { 1394 for (p = source_mnt; p; p = next_mnt(p, source_mnt)) 1395 set_mnt_shared(p); 1396 } 1397 if (parent_path) { 1398 detach_mnt(source_mnt, parent_path); 1399 attach_mnt(source_mnt, path); 1400 touch_mnt_namespace(parent_path->mnt->mnt_ns); 1401 } else { 1402 mnt_set_mountpoint(dest_mnt, dest_dentry, source_mnt); 1403 commit_tree(source_mnt); 1404 } 1405 1406 list_for_each_entry_safe(child, p, &tree_list, mnt_hash) { 1407 list_del_init(&child->mnt_hash); 1408 commit_tree(child); 1409 } 1410 spin_unlock(&vfsmount_lock); 1411 return 0; 1412 1413 out_cleanup_ids: 1414 if (IS_MNT_SHARED(dest_mnt)) 1415 cleanup_group_ids(source_mnt, NULL); 1416 out: 1417 return err; 1418 } 1419 1420 static int graft_tree(struct vfsmount *mnt, struct path *path) 1421 { 1422 int err; 1423 if (mnt->mnt_sb->s_flags & MS_NOUSER) 1424 return -EINVAL; 1425 1426 if (S_ISDIR(path->dentry->d_inode->i_mode) != 1427 S_ISDIR(mnt->mnt_root->d_inode->i_mode)) 1428 return -ENOTDIR; 1429 1430 err = -ENOENT; 1431 mutex_lock(&path->dentry->d_inode->i_mutex); 1432 if (cant_mount(path->dentry)) 1433 goto out_unlock; 1434 1435 if (!d_unlinked(path->dentry)) 1436 err = attach_recursive_mnt(mnt, path, NULL); 1437 out_unlock: 1438 mutex_unlock(&path->dentry->d_inode->i_mutex); 1439 return err; 1440 } 1441 1442 /* 1443 * recursively change the type of the mountpoint. 1444 */ 1445 static int do_change_type(struct path *path, int flag) 1446 { 1447 struct vfsmount *m, *mnt = path->mnt; 1448 int recurse = flag & MS_REC; 1449 int type = flag & ~MS_REC; 1450 int err = 0; 1451 1452 if (!capable(CAP_SYS_ADMIN)) 1453 return -EPERM; 1454 1455 if (path->dentry != path->mnt->mnt_root) 1456 return -EINVAL; 1457 1458 down_write(&namespace_sem); 1459 if (type == MS_SHARED) { 1460 err = invent_group_ids(mnt, recurse); 1461 if (err) 1462 goto out_unlock; 1463 } 1464 1465 spin_lock(&vfsmount_lock); 1466 for (m = mnt; m; m = (recurse ? next_mnt(m, mnt) : NULL)) 1467 change_mnt_propagation(m, type); 1468 spin_unlock(&vfsmount_lock); 1469 1470 out_unlock: 1471 up_write(&namespace_sem); 1472 return err; 1473 } 1474 1475 /* 1476 * do loopback mount. 1477 */ 1478 static int do_loopback(struct path *path, char *old_name, 1479 int recurse) 1480 { 1481 struct path old_path; 1482 struct vfsmount *mnt = NULL; 1483 int err = mount_is_safe(path); 1484 if (err) 1485 return err; 1486 if (!old_name || !*old_name) 1487 return -EINVAL; 1488 err = kern_path(old_name, LOOKUP_FOLLOW, &old_path); 1489 if (err) 1490 return err; 1491 1492 down_write(&namespace_sem); 1493 err = -EINVAL; 1494 if (IS_MNT_UNBINDABLE(old_path.mnt)) 1495 goto out; 1496 1497 if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt)) 1498 goto out; 1499 1500 err = -ENOMEM; 1501 if (recurse) 1502 mnt = copy_tree(old_path.mnt, old_path.dentry, 0); 1503 else 1504 mnt = clone_mnt(old_path.mnt, old_path.dentry, 0); 1505 1506 if (!mnt) 1507 goto out; 1508 1509 err = graft_tree(mnt, path); 1510 if (err) { 1511 LIST_HEAD(umount_list); 1512 spin_lock(&vfsmount_lock); 1513 umount_tree(mnt, 0, &umount_list); 1514 spin_unlock(&vfsmount_lock); 1515 release_mounts(&umount_list); 1516 } 1517 1518 out: 1519 up_write(&namespace_sem); 1520 path_put(&old_path); 1521 return err; 1522 } 1523 1524 static int change_mount_flags(struct vfsmount *mnt, int ms_flags) 1525 { 1526 int error = 0; 1527 int readonly_request = 0; 1528 1529 if (ms_flags & MS_RDONLY) 1530 readonly_request = 1; 1531 if (readonly_request == __mnt_is_readonly(mnt)) 1532 return 0; 1533 1534 if (readonly_request) 1535 error = mnt_make_readonly(mnt); 1536 else 1537 __mnt_unmake_readonly(mnt); 1538 return error; 1539 } 1540 1541 /* 1542 * change filesystem flags. dir should be a physical root of filesystem. 1543 * If you've mounted a non-root directory somewhere and want to do remount 1544 * on it - tough luck. 1545 */ 1546 static int do_remount(struct path *path, int flags, int mnt_flags, 1547 void *data) 1548 { 1549 int err; 1550 struct super_block *sb = path->mnt->mnt_sb; 1551 1552 if (!capable(CAP_SYS_ADMIN)) 1553 return -EPERM; 1554 1555 if (!check_mnt(path->mnt)) 1556 return -EINVAL; 1557 1558 if (path->dentry != path->mnt->mnt_root) 1559 return -EINVAL; 1560 1561 down_write(&sb->s_umount); 1562 if (flags & MS_BIND) 1563 err = change_mount_flags(path->mnt, flags); 1564 else 1565 err = do_remount_sb(sb, flags, data, 0); 1566 if (!err) { 1567 spin_lock(&vfsmount_lock); 1568 mnt_flags |= path->mnt->mnt_flags & MNT_PROPAGATION_MASK; 1569 path->mnt->mnt_flags = mnt_flags; 1570 spin_unlock(&vfsmount_lock); 1571 } 1572 up_write(&sb->s_umount); 1573 if (!err) { 1574 spin_lock(&vfsmount_lock); 1575 touch_mnt_namespace(path->mnt->mnt_ns); 1576 spin_unlock(&vfsmount_lock); 1577 } 1578 return err; 1579 } 1580 1581 static inline int tree_contains_unbindable(struct vfsmount *mnt) 1582 { 1583 struct vfsmount *p; 1584 for (p = mnt; p; p = next_mnt(p, mnt)) { 1585 if (IS_MNT_UNBINDABLE(p)) 1586 return 1; 1587 } 1588 return 0; 1589 } 1590 1591 static int do_move_mount(struct path *path, char *old_name) 1592 { 1593 struct path old_path, parent_path; 1594 struct vfsmount *p; 1595 int err = 0; 1596 if (!capable(CAP_SYS_ADMIN)) 1597 return -EPERM; 1598 if (!old_name || !*old_name) 1599 return -EINVAL; 1600 err = kern_path(old_name, LOOKUP_FOLLOW, &old_path); 1601 if (err) 1602 return err; 1603 1604 down_write(&namespace_sem); 1605 while (d_mountpoint(path->dentry) && 1606 follow_down(path)) 1607 ; 1608 err = -EINVAL; 1609 if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt)) 1610 goto out; 1611 1612 err = -ENOENT; 1613 mutex_lock(&path->dentry->d_inode->i_mutex); 1614 if (cant_mount(path->dentry)) 1615 goto out1; 1616 1617 if (d_unlinked(path->dentry)) 1618 goto out1; 1619 1620 err = -EINVAL; 1621 if (old_path.dentry != old_path.mnt->mnt_root) 1622 goto out1; 1623 1624 if (old_path.mnt == old_path.mnt->mnt_parent) 1625 goto out1; 1626 1627 if (S_ISDIR(path->dentry->d_inode->i_mode) != 1628 S_ISDIR(old_path.dentry->d_inode->i_mode)) 1629 goto out1; 1630 /* 1631 * Don't move a mount residing in a shared parent. 1632 */ 1633 if (old_path.mnt->mnt_parent && 1634 IS_MNT_SHARED(old_path.mnt->mnt_parent)) 1635 goto out1; 1636 /* 1637 * Don't move a mount tree containing unbindable mounts to a destination 1638 * mount which is shared. 1639 */ 1640 if (IS_MNT_SHARED(path->mnt) && 1641 tree_contains_unbindable(old_path.mnt)) 1642 goto out1; 1643 err = -ELOOP; 1644 for (p = path->mnt; p->mnt_parent != p; p = p->mnt_parent) 1645 if (p == old_path.mnt) 1646 goto out1; 1647 1648 err = attach_recursive_mnt(old_path.mnt, path, &parent_path); 1649 if (err) 1650 goto out1; 1651 1652 /* if the mount is moved, it should no longer be expire 1653 * automatically */ 1654 list_del_init(&old_path.mnt->mnt_expire); 1655 out1: 1656 mutex_unlock(&path->dentry->d_inode->i_mutex); 1657 out: 1658 up_write(&namespace_sem); 1659 if (!err) 1660 path_put(&parent_path); 1661 path_put(&old_path); 1662 return err; 1663 } 1664 1665 /* 1666 * create a new mount for userspace and request it to be added into the 1667 * namespace's tree 1668 */ 1669 static int do_new_mount(struct path *path, char *type, int flags, 1670 int mnt_flags, char *name, void *data) 1671 { 1672 struct vfsmount *mnt; 1673 1674 if (!type) 1675 return -EINVAL; 1676 1677 /* we need capabilities... */ 1678 if (!capable(CAP_SYS_ADMIN)) 1679 return -EPERM; 1680 1681 lock_kernel(); 1682 mnt = do_kern_mount(type, flags, name, data); 1683 unlock_kernel(); 1684 if (IS_ERR(mnt)) 1685 return PTR_ERR(mnt); 1686 1687 return do_add_mount(mnt, path, mnt_flags, NULL); 1688 } 1689 1690 /* 1691 * add a mount into a namespace's mount tree 1692 * - provide the option of adding the new mount to an expiration list 1693 */ 1694 int do_add_mount(struct vfsmount *newmnt, struct path *path, 1695 int mnt_flags, struct list_head *fslist) 1696 { 1697 int err; 1698 1699 mnt_flags &= ~(MNT_SHARED | MNT_WRITE_HOLD | MNT_INTERNAL); 1700 1701 down_write(&namespace_sem); 1702 /* Something was mounted here while we slept */ 1703 while (d_mountpoint(path->dentry) && 1704 follow_down(path)) 1705 ; 1706 err = -EINVAL; 1707 if (!(mnt_flags & MNT_SHRINKABLE) && !check_mnt(path->mnt)) 1708 goto unlock; 1709 1710 /* Refuse the same filesystem on the same mount point */ 1711 err = -EBUSY; 1712 if (path->mnt->mnt_sb == newmnt->mnt_sb && 1713 path->mnt->mnt_root == path->dentry) 1714 goto unlock; 1715 1716 err = -EINVAL; 1717 if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode)) 1718 goto unlock; 1719 1720 newmnt->mnt_flags = mnt_flags; 1721 if ((err = graft_tree(newmnt, path))) 1722 goto unlock; 1723 1724 if (fslist) /* add to the specified expiration list */ 1725 list_add_tail(&newmnt->mnt_expire, fslist); 1726 1727 up_write(&namespace_sem); 1728 return 0; 1729 1730 unlock: 1731 up_write(&namespace_sem); 1732 mntput(newmnt); 1733 return err; 1734 } 1735 1736 EXPORT_SYMBOL_GPL(do_add_mount); 1737 1738 /* 1739 * process a list of expirable mountpoints with the intent of discarding any 1740 * mountpoints that aren't in use and haven't been touched since last we came 1741 * here 1742 */ 1743 void mark_mounts_for_expiry(struct list_head *mounts) 1744 { 1745 struct vfsmount *mnt, *next; 1746 LIST_HEAD(graveyard); 1747 LIST_HEAD(umounts); 1748 1749 if (list_empty(mounts)) 1750 return; 1751 1752 down_write(&namespace_sem); 1753 spin_lock(&vfsmount_lock); 1754 1755 /* extract from the expiration list every vfsmount that matches the 1756 * following criteria: 1757 * - only referenced by its parent vfsmount 1758 * - still marked for expiry (marked on the last call here; marks are 1759 * cleared by mntput()) 1760 */ 1761 list_for_each_entry_safe(mnt, next, mounts, mnt_expire) { 1762 if (!xchg(&mnt->mnt_expiry_mark, 1) || 1763 propagate_mount_busy(mnt, 1)) 1764 continue; 1765 list_move(&mnt->mnt_expire, &graveyard); 1766 } 1767 while (!list_empty(&graveyard)) { 1768 mnt = list_first_entry(&graveyard, struct vfsmount, mnt_expire); 1769 touch_mnt_namespace(mnt->mnt_ns); 1770 umount_tree(mnt, 1, &umounts); 1771 } 1772 spin_unlock(&vfsmount_lock); 1773 up_write(&namespace_sem); 1774 1775 release_mounts(&umounts); 1776 } 1777 1778 EXPORT_SYMBOL_GPL(mark_mounts_for_expiry); 1779 1780 /* 1781 * Ripoff of 'select_parent()' 1782 * 1783 * search the list of submounts for a given mountpoint, and move any 1784 * shrinkable submounts to the 'graveyard' list. 1785 */ 1786 static int select_submounts(struct vfsmount *parent, struct list_head *graveyard) 1787 { 1788 struct vfsmount *this_parent = parent; 1789 struct list_head *next; 1790 int found = 0; 1791 1792 repeat: 1793 next = this_parent->mnt_mounts.next; 1794 resume: 1795 while (next != &this_parent->mnt_mounts) { 1796 struct list_head *tmp = next; 1797 struct vfsmount *mnt = list_entry(tmp, struct vfsmount, mnt_child); 1798 1799 next = tmp->next; 1800 if (!(mnt->mnt_flags & MNT_SHRINKABLE)) 1801 continue; 1802 /* 1803 * Descend a level if the d_mounts list is non-empty. 1804 */ 1805 if (!list_empty(&mnt->mnt_mounts)) { 1806 this_parent = mnt; 1807 goto repeat; 1808 } 1809 1810 if (!propagate_mount_busy(mnt, 1)) { 1811 list_move_tail(&mnt->mnt_expire, graveyard); 1812 found++; 1813 } 1814 } 1815 /* 1816 * All done at this level ... ascend and resume the search 1817 */ 1818 if (this_parent != parent) { 1819 next = this_parent->mnt_child.next; 1820 this_parent = this_parent->mnt_parent; 1821 goto resume; 1822 } 1823 return found; 1824 } 1825 1826 /* 1827 * process a list of expirable mountpoints with the intent of discarding any 1828 * submounts of a specific parent mountpoint 1829 */ 1830 static void shrink_submounts(struct vfsmount *mnt, struct list_head *umounts) 1831 { 1832 LIST_HEAD(graveyard); 1833 struct vfsmount *m; 1834 1835 /* extract submounts of 'mountpoint' from the expiration list */ 1836 while (select_submounts(mnt, &graveyard)) { 1837 while (!list_empty(&graveyard)) { 1838 m = list_first_entry(&graveyard, struct vfsmount, 1839 mnt_expire); 1840 touch_mnt_namespace(m->mnt_ns); 1841 umount_tree(m, 1, umounts); 1842 } 1843 } 1844 } 1845 1846 /* 1847 * Some copy_from_user() implementations do not return the exact number of 1848 * bytes remaining to copy on a fault. But copy_mount_options() requires that. 1849 * Note that this function differs from copy_from_user() in that it will oops 1850 * on bad values of `to', rather than returning a short copy. 1851 */ 1852 static long exact_copy_from_user(void *to, const void __user * from, 1853 unsigned long n) 1854 { 1855 char *t = to; 1856 const char __user *f = from; 1857 char c; 1858 1859 if (!access_ok(VERIFY_READ, from, n)) 1860 return n; 1861 1862 while (n) { 1863 if (__get_user(c, f)) { 1864 memset(t, 0, n); 1865 break; 1866 } 1867 *t++ = c; 1868 f++; 1869 n--; 1870 } 1871 return n; 1872 } 1873 1874 int copy_mount_options(const void __user * data, unsigned long *where) 1875 { 1876 int i; 1877 unsigned long page; 1878 unsigned long size; 1879 1880 *where = 0; 1881 if (!data) 1882 return 0; 1883 1884 if (!(page = __get_free_page(GFP_KERNEL))) 1885 return -ENOMEM; 1886 1887 /* We only care that *some* data at the address the user 1888 * gave us is valid. Just in case, we'll zero 1889 * the remainder of the page. 1890 */ 1891 /* copy_from_user cannot cross TASK_SIZE ! */ 1892 size = TASK_SIZE - (unsigned long)data; 1893 if (size > PAGE_SIZE) 1894 size = PAGE_SIZE; 1895 1896 i = size - exact_copy_from_user((void *)page, data, size); 1897 if (!i) { 1898 free_page(page); 1899 return -EFAULT; 1900 } 1901 if (i != PAGE_SIZE) 1902 memset((char *)page + i, 0, PAGE_SIZE - i); 1903 *where = page; 1904 return 0; 1905 } 1906 1907 int copy_mount_string(const void __user *data, char **where) 1908 { 1909 char *tmp; 1910 1911 if (!data) { 1912 *where = NULL; 1913 return 0; 1914 } 1915 1916 tmp = strndup_user(data, PAGE_SIZE); 1917 if (IS_ERR(tmp)) 1918 return PTR_ERR(tmp); 1919 1920 *where = tmp; 1921 return 0; 1922 } 1923 1924 /* 1925 * Flags is a 32-bit value that allows up to 31 non-fs dependent flags to 1926 * be given to the mount() call (ie: read-only, no-dev, no-suid etc). 1927 * 1928 * data is a (void *) that can point to any structure up to 1929 * PAGE_SIZE-1 bytes, which can contain arbitrary fs-dependent 1930 * information (or be NULL). 1931 * 1932 * Pre-0.97 versions of mount() didn't have a flags word. 1933 * When the flags word was introduced its top half was required 1934 * to have the magic value 0xC0ED, and this remained so until 2.4.0-test9. 1935 * Therefore, if this magic number is present, it carries no information 1936 * and must be discarded. 1937 */ 1938 long do_mount(char *dev_name, char *dir_name, char *type_page, 1939 unsigned long flags, void *data_page) 1940 { 1941 struct path path; 1942 int retval = 0; 1943 int mnt_flags = 0; 1944 1945 /* Discard magic */ 1946 if ((flags & MS_MGC_MSK) == MS_MGC_VAL) 1947 flags &= ~MS_MGC_MSK; 1948 1949 /* Basic sanity checks */ 1950 1951 if (!dir_name || !*dir_name || !memchr(dir_name, 0, PAGE_SIZE)) 1952 return -EINVAL; 1953 1954 if (data_page) 1955 ((char *)data_page)[PAGE_SIZE - 1] = 0; 1956 1957 /* ... and get the mountpoint */ 1958 retval = kern_path(dir_name, LOOKUP_FOLLOW, &path); 1959 if (retval) 1960 return retval; 1961 1962 retval = security_sb_mount(dev_name, &path, 1963 type_page, flags, data_page); 1964 if (retval) 1965 goto dput_out; 1966 1967 /* Default to relatime unless overriden */ 1968 if (!(flags & MS_NOATIME)) 1969 mnt_flags |= MNT_RELATIME; 1970 1971 /* Separate the per-mountpoint flags */ 1972 if (flags & MS_NOSUID) 1973 mnt_flags |= MNT_NOSUID; 1974 if (flags & MS_NODEV) 1975 mnt_flags |= MNT_NODEV; 1976 if (flags & MS_NOEXEC) 1977 mnt_flags |= MNT_NOEXEC; 1978 if (flags & MS_NOATIME) 1979 mnt_flags |= MNT_NOATIME; 1980 if (flags & MS_NODIRATIME) 1981 mnt_flags |= MNT_NODIRATIME; 1982 if (flags & MS_STRICTATIME) 1983 mnt_flags &= ~(MNT_RELATIME | MNT_NOATIME); 1984 if (flags & MS_RDONLY) 1985 mnt_flags |= MNT_READONLY; 1986 1987 flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | 1988 MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | 1989 MS_STRICTATIME); 1990 1991 if (flags & MS_REMOUNT) 1992 retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, 1993 data_page); 1994 else if (flags & MS_BIND) 1995 retval = do_loopback(&path, dev_name, flags & MS_REC); 1996 else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE)) 1997 retval = do_change_type(&path, flags); 1998 else if (flags & MS_MOVE) 1999 retval = do_move_mount(&path, dev_name); 2000 else 2001 retval = do_new_mount(&path, type_page, flags, mnt_flags, 2002 dev_name, data_page); 2003 dput_out: 2004 path_put(&path); 2005 return retval; 2006 } 2007 2008 static struct mnt_namespace *alloc_mnt_ns(void) 2009 { 2010 struct mnt_namespace *new_ns; 2011 2012 new_ns = kmalloc(sizeof(struct mnt_namespace), GFP_KERNEL); 2013 if (!new_ns) 2014 return ERR_PTR(-ENOMEM); 2015 atomic_set(&new_ns->count, 1); 2016 new_ns->root = NULL; 2017 INIT_LIST_HEAD(&new_ns->list); 2018 init_waitqueue_head(&new_ns->poll); 2019 new_ns->event = 0; 2020 return new_ns; 2021 } 2022 2023 /* 2024 * Allocate a new namespace structure and populate it with contents 2025 * copied from the namespace of the passed in task structure. 2026 */ 2027 static struct mnt_namespace *dup_mnt_ns(struct mnt_namespace *mnt_ns, 2028 struct fs_struct *fs) 2029 { 2030 struct mnt_namespace *new_ns; 2031 struct vfsmount *rootmnt = NULL, *pwdmnt = NULL; 2032 struct vfsmount *p, *q; 2033 2034 new_ns = alloc_mnt_ns(); 2035 if (IS_ERR(new_ns)) 2036 return new_ns; 2037 2038 down_write(&namespace_sem); 2039 /* First pass: copy the tree topology */ 2040 new_ns->root = copy_tree(mnt_ns->root, mnt_ns->root->mnt_root, 2041 CL_COPY_ALL | CL_EXPIRE); 2042 if (!new_ns->root) { 2043 up_write(&namespace_sem); 2044 kfree(new_ns); 2045 return ERR_PTR(-ENOMEM); 2046 } 2047 spin_lock(&vfsmount_lock); 2048 list_add_tail(&new_ns->list, &new_ns->root->mnt_list); 2049 spin_unlock(&vfsmount_lock); 2050 2051 /* 2052 * Second pass: switch the tsk->fs->* elements and mark new vfsmounts 2053 * as belonging to new namespace. We have already acquired a private 2054 * fs_struct, so tsk->fs->lock is not needed. 2055 */ 2056 p = mnt_ns->root; 2057 q = new_ns->root; 2058 while (p) { 2059 q->mnt_ns = new_ns; 2060 if (fs) { 2061 if (p == fs->root.mnt) { 2062 rootmnt = p; 2063 fs->root.mnt = mntget(q); 2064 } 2065 if (p == fs->pwd.mnt) { 2066 pwdmnt = p; 2067 fs->pwd.mnt = mntget(q); 2068 } 2069 } 2070 p = next_mnt(p, mnt_ns->root); 2071 q = next_mnt(q, new_ns->root); 2072 } 2073 up_write(&namespace_sem); 2074 2075 if (rootmnt) 2076 mntput(rootmnt); 2077 if (pwdmnt) 2078 mntput(pwdmnt); 2079 2080 return new_ns; 2081 } 2082 2083 struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns, 2084 struct fs_struct *new_fs) 2085 { 2086 struct mnt_namespace *new_ns; 2087 2088 BUG_ON(!ns); 2089 get_mnt_ns(ns); 2090 2091 if (!(flags & CLONE_NEWNS)) 2092 return ns; 2093 2094 new_ns = dup_mnt_ns(ns, new_fs); 2095 2096 put_mnt_ns(ns); 2097 return new_ns; 2098 } 2099 2100 /** 2101 * create_mnt_ns - creates a private namespace and adds a root filesystem 2102 * @mnt: pointer to the new root filesystem mountpoint 2103 */ 2104 struct mnt_namespace *create_mnt_ns(struct vfsmount *mnt) 2105 { 2106 struct mnt_namespace *new_ns; 2107 2108 new_ns = alloc_mnt_ns(); 2109 if (!IS_ERR(new_ns)) { 2110 mnt->mnt_ns = new_ns; 2111 new_ns->root = mnt; 2112 list_add(&new_ns->list, &new_ns->root->mnt_list); 2113 } 2114 return new_ns; 2115 } 2116 EXPORT_SYMBOL(create_mnt_ns); 2117 2118 SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name, 2119 char __user *, type, unsigned long, flags, void __user *, data) 2120 { 2121 int ret; 2122 char *kernel_type; 2123 char *kernel_dir; 2124 char *kernel_dev; 2125 unsigned long data_page; 2126 2127 ret = copy_mount_string(type, &kernel_type); 2128 if (ret < 0) 2129 goto out_type; 2130 2131 kernel_dir = getname(dir_name); 2132 if (IS_ERR(kernel_dir)) { 2133 ret = PTR_ERR(kernel_dir); 2134 goto out_dir; 2135 } 2136 2137 ret = copy_mount_string(dev_name, &kernel_dev); 2138 if (ret < 0) 2139 goto out_dev; 2140 2141 ret = copy_mount_options(data, &data_page); 2142 if (ret < 0) 2143 goto out_data; 2144 2145 ret = do_mount(kernel_dev, kernel_dir, kernel_type, flags, 2146 (void *) data_page); 2147 2148 free_page(data_page); 2149 out_data: 2150 kfree(kernel_dev); 2151 out_dev: 2152 putname(kernel_dir); 2153 out_dir: 2154 kfree(kernel_type); 2155 out_type: 2156 return ret; 2157 } 2158 2159 /* 2160 * pivot_root Semantics: 2161 * Moves the root file system of the current process to the directory put_old, 2162 * makes new_root as the new root file system of the current process, and sets 2163 * root/cwd of all processes which had them on the current root to new_root. 2164 * 2165 * Restrictions: 2166 * The new_root and put_old must be directories, and must not be on the 2167 * same file system as the current process root. The put_old must be 2168 * underneath new_root, i.e. adding a non-zero number of /.. to the string 2169 * pointed to by put_old must yield the same directory as new_root. No other 2170 * file system may be mounted on put_old. After all, new_root is a mountpoint. 2171 * 2172 * Also, the current root cannot be on the 'rootfs' (initial ramfs) filesystem. 2173 * See Documentation/filesystems/ramfs-rootfs-initramfs.txt for alternatives 2174 * in this situation. 2175 * 2176 * Notes: 2177 * - we don't move root/cwd if they are not at the root (reason: if something 2178 * cared enough to change them, it's probably wrong to force them elsewhere) 2179 * - it's okay to pick a root that isn't the root of a file system, e.g. 2180 * /nfs/my_root where /nfs is the mount point. It must be a mountpoint, 2181 * though, so you may need to say mount --bind /nfs/my_root /nfs/my_root 2182 * first. 2183 */ 2184 SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, 2185 const char __user *, put_old) 2186 { 2187 struct vfsmount *tmp; 2188 struct path new, old, parent_path, root_parent, root; 2189 int error; 2190 2191 if (!capable(CAP_SYS_ADMIN)) 2192 return -EPERM; 2193 2194 error = user_path_dir(new_root, &new); 2195 if (error) 2196 goto out0; 2197 error = -EINVAL; 2198 if (!check_mnt(new.mnt)) 2199 goto out1; 2200 2201 error = user_path_dir(put_old, &old); 2202 if (error) 2203 goto out1; 2204 2205 error = security_sb_pivotroot(&old, &new); 2206 if (error) { 2207 path_put(&old); 2208 goto out1; 2209 } 2210 2211 read_lock(¤t->fs->lock); 2212 root = current->fs->root; 2213 path_get(¤t->fs->root); 2214 read_unlock(¤t->fs->lock); 2215 down_write(&namespace_sem); 2216 mutex_lock(&old.dentry->d_inode->i_mutex); 2217 error = -EINVAL; 2218 if (IS_MNT_SHARED(old.mnt) || 2219 IS_MNT_SHARED(new.mnt->mnt_parent) || 2220 IS_MNT_SHARED(root.mnt->mnt_parent)) 2221 goto out2; 2222 if (!check_mnt(root.mnt)) 2223 goto out2; 2224 error = -ENOENT; 2225 if (cant_mount(old.dentry)) 2226 goto out2; 2227 if (d_unlinked(new.dentry)) 2228 goto out2; 2229 if (d_unlinked(old.dentry)) 2230 goto out2; 2231 error = -EBUSY; 2232 if (new.mnt == root.mnt || 2233 old.mnt == root.mnt) 2234 goto out2; /* loop, on the same file system */ 2235 error = -EINVAL; 2236 if (root.mnt->mnt_root != root.dentry) 2237 goto out2; /* not a mountpoint */ 2238 if (root.mnt->mnt_parent == root.mnt) 2239 goto out2; /* not attached */ 2240 if (new.mnt->mnt_root != new.dentry) 2241 goto out2; /* not a mountpoint */ 2242 if (new.mnt->mnt_parent == new.mnt) 2243 goto out2; /* not attached */ 2244 /* make sure we can reach put_old from new_root */ 2245 tmp = old.mnt; 2246 spin_lock(&vfsmount_lock); 2247 if (tmp != new.mnt) { 2248 for (;;) { 2249 if (tmp->mnt_parent == tmp) 2250 goto out3; /* already mounted on put_old */ 2251 if (tmp->mnt_parent == new.mnt) 2252 break; 2253 tmp = tmp->mnt_parent; 2254 } 2255 if (!is_subdir(tmp->mnt_mountpoint, new.dentry)) 2256 goto out3; 2257 } else if (!is_subdir(old.dentry, new.dentry)) 2258 goto out3; 2259 detach_mnt(new.mnt, &parent_path); 2260 detach_mnt(root.mnt, &root_parent); 2261 /* mount old root on put_old */ 2262 attach_mnt(root.mnt, &old); 2263 /* mount new_root on / */ 2264 attach_mnt(new.mnt, &root_parent); 2265 touch_mnt_namespace(current->nsproxy->mnt_ns); 2266 spin_unlock(&vfsmount_lock); 2267 chroot_fs_refs(&root, &new); 2268 error = 0; 2269 path_put(&root_parent); 2270 path_put(&parent_path); 2271 out2: 2272 mutex_unlock(&old.dentry->d_inode->i_mutex); 2273 up_write(&namespace_sem); 2274 path_put(&root); 2275 path_put(&old); 2276 out1: 2277 path_put(&new); 2278 out0: 2279 return error; 2280 out3: 2281 spin_unlock(&vfsmount_lock); 2282 goto out2; 2283 } 2284 2285 static void __init init_mount_tree(void) 2286 { 2287 struct vfsmount *mnt; 2288 struct mnt_namespace *ns; 2289 struct path root; 2290 2291 mnt = do_kern_mount("rootfs", 0, "rootfs", NULL); 2292 if (IS_ERR(mnt)) 2293 panic("Can't create rootfs"); 2294 ns = create_mnt_ns(mnt); 2295 if (IS_ERR(ns)) 2296 panic("Can't allocate initial namespace"); 2297 2298 init_task.nsproxy->mnt_ns = ns; 2299 get_mnt_ns(ns); 2300 2301 root.mnt = ns->root; 2302 root.dentry = ns->root->mnt_root; 2303 2304 set_fs_pwd(current->fs, &root); 2305 set_fs_root(current->fs, &root); 2306 } 2307 2308 void __init mnt_init(void) 2309 { 2310 unsigned u; 2311 int err; 2312 2313 init_rwsem(&namespace_sem); 2314 2315 mnt_cache = kmem_cache_create("mnt_cache", sizeof(struct vfsmount), 2316 0, SLAB_HWCACHE_ALIGN | SLAB_PANIC, NULL); 2317 2318 mount_hashtable = (struct list_head *)__get_free_page(GFP_ATOMIC); 2319 2320 if (!mount_hashtable) 2321 panic("Failed to allocate mount hash table\n"); 2322 2323 printk("Mount-cache hash table entries: %lu\n", HASH_SIZE); 2324 2325 for (u = 0; u < HASH_SIZE; u++) 2326 INIT_LIST_HEAD(&mount_hashtable[u]); 2327 2328 err = sysfs_init(); 2329 if (err) 2330 printk(KERN_WARNING "%s: sysfs_init error: %d\n", 2331 __func__, err); 2332 fs_kobj = kobject_create_and_add("fs", NULL); 2333 if (!fs_kobj) 2334 printk(KERN_WARNING "%s: kobj create error\n", __func__); 2335 init_rootfs(); 2336 init_mount_tree(); 2337 } 2338 2339 void put_mnt_ns(struct mnt_namespace *ns) 2340 { 2341 LIST_HEAD(umount_list); 2342 2343 if (!atomic_dec_and_test(&ns->count)) 2344 return; 2345 down_write(&namespace_sem); 2346 spin_lock(&vfsmount_lock); 2347 umount_tree(ns->root, 0, &umount_list); 2348 spin_unlock(&vfsmount_lock); 2349 up_write(&namespace_sem); 2350 release_mounts(&umount_list); 2351 kfree(ns); 2352 } 2353 EXPORT_SYMBOL(put_mnt_ns); 2354