summaryrefslogtreecommitdiff
path: root/fs/namespace.c
diff options
context:
space:
mode:
authorSrinivasarao P <spathi@codeaurora.org>2018-11-21 18:26:28 +0530
committerSrinivasarao P <spathi@codeaurora.org>2018-11-21 18:27:26 +0530
commitf96a043350c0f9490ec98b48aecfcd6a8c477a98 (patch)
treed8ebf7bcbba04439ed82b1891c29fd981a793eb7 /fs/namespace.c
parentd1d0a3d96fc3ffc7b9065a85e7a5e86321593009 (diff)
parent564ce1b4843605e7dd55fbb6671dc9f47ca72a2b (diff)
Merge android-4.4.164 (564ce1b) into msm-4.4
* refs/heads/tmp-564ce1b Linux 4.4.164 drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values drm/dp_mst: Check if primary mstb is null drm/rockchip: Allow driver to be shutdown on reboot/kexec mm: migration: fix migration of huge PMD shared pages hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! configfs: replace strncpy with memcpy fuse: fix leaked notify reply rtc: hctosys: Add missing range error reporting sunrpc: correct the computation for page_ptr when truncating mount: Prevent MNT_DETACH from disconnecting locked mounts mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts mount: Retest MNT_LOCKED in do_umount ext4: fix buffer leak in __ext4_read_dirblock() on error path ext4: fix buffer leak in ext4_xattr_move_to_block() on error path ext4: release bs.bh before re-using in ext4_xattr_block_find() ext4: fix possible leak of sbi->s_group_desc_leak in error path ext4: avoid possible double brelse() in add_new_gdb() on error path ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing ext4: avoid buffer leak in ext4_orphan_add() after prior errors ext4: fix possible inode leak in the retry loop of ext4_resize_fs() ext4: avoid potential extra brelse in setup_new_flex_group_blocks() ext4: add missing brelse() add_new_gdb_meta_bg()'s error path ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path ext4: add missing brelse() update_backups()'s error path clockevents/drivers/i8253: Add support for PIT shutdown quirk Btrfs: fix data corruption due to cloning of eof block arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 termios, tty/tty_baudrate.c: fix buffer overrun mtd: docg3: don't set conflicting BCH_CONST_PARAMS option mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry vhost/scsi: truncate T10 PI iov_iter to prot_bytes mach64: fix image corruption due to reading accelerator registers mach64: fix display corruption on big endian machines libceph: bump CEPH_MSG_MAX_DATA_LEN clk: s2mps11: Fix matching when built as module and DT node contains compatible xtensa: fix boot parameters address translation xtensa: make sure bFLT stack is 16 byte aligned xtensa: add NOTES section to the linker script MIPS: Loongson-3: Fix BRIDGE irq delivery problem MIPS: Loongson-3: Fix CPU UART irq delivery problem bna: ethtool: Avoid reading past end of buffer e1000: fix race condition between e1000_down() and e1000_watchdog e1000: avoid null pointer dereference on invalid stat type mm: do not bug_on on incorrect length in __mm_populate() fs, elf: make sure to page align bss in load_elf_library mm: refuse wrapped vm_brk requests binfmt_elf: fix calculations for bss padding mm, elf: handle vm_brk error fuse: set FR_SENT while locked fuse: fix blocked_waitq wakeup fuse: Fix use-after-free in fuse_dev_do_write() fuse: Fix use-after-free in fuse_dev_do_read() scsi: qla2xxx: Fix incorrect port speed being set for FC adapters cdrom: fix improper type cast, which can leat to information leak. 9p: clear dangling pointers in p9stat_free 9p locks: fix glock.client_id leak in do_lock media: tvp5150: fix width alignment during set_selection() sc16is7xx: Fix for multi-channel stall powerpc/boot: Ensure _zimage_start is a weak symbol MIPS: kexec: Mark CPU offline before disabling local IRQ media: pci: cx23885: handle adding to list failure drm/omap: fix memory barrier bug in DMM driver powerpc/nohash: fix undefined behaviour when testing page size support tty: check name length in tty_find_polling_driver() MD: fix invalid stored role for a disk - try2 btrfs: set max_extent_size properly Btrfs: fix null pointer dereference on compressed write path error btrfs: qgroup: Dirty all qgroups before rescan Btrfs: fix wrong dentries after fsync of file that got its parent replaced btrfs: make sure we create all new block groups btrfs: reset max_extent_size on clear in a bitmap btrfs: wait on caching when putting the bg cache btrfs: don't attempt to trim devices that don't support it btrfs: iterate all devices during trim, instead of fs_devices::alloc_list btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock btrfs: Handle owner mismatch gracefully when walking up tree soc/tegra: pmc: Fix child-node lookup arm64: dts: stratix10: Correct System Manager register size Cramfs: fix abad comparison when wrap-arounds occur ext4: avoid running out of journal credits when appending to an inline file media: em28xx: make v4l2-compliance happier by starting sequence on zero media: em28xx: fix input name for Terratec AV 350 media: em28xx: use a default format if TRY_FMT fails xen: fix xen_qlock_wait() kgdboc: Passing ekgdboc to command line causes panic TC: Set DMA masks for devices MIPS: OCTEON: fix out of bounds array access on CN68XX powerpc/msi: Fix compile error on mpc83xx dm ioctl: harden copy_params()'s copy_from_user() from malicious users lockd: fix access beyond unterminated strings in prints nfsd: Fix an Oops in free_session() NFSv4.1: Fix the r/wsize checking genirq: Fix race on spurious interrupt detection printk: Fix panic caused by passing log_buf_len to command line smb3: on kerberos mount if server doesn't specify auth type use krb5 smb3: do not attempt cifs operation in smb3 query info error path smb3: allow stats which track session and share reconnects to be reset w1: omap-hdq: fix missing bus unregister at removal iio: adc: at91: fix wrong channel number in triggered buffer mode iio: adc: at91: fix acking DRDY irq on simple conversions kbuild: fix kernel/bounds.c 'W=1' warning hugetlbfs: dirty pages as they are added to pagecache ima: fix showing large 'violations' or 'runtime_measurements_count' crypto: lrw - Fix out-of bounds access on counter overflow signal/GenWQE: Fix sending of SIGKILL PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk HID: hiddev: fix potential Spectre v1 ext4: initialize retries variable in ext4_da_write_inline_data_begin() gfs2_meta: ->mount() can get NULL dev_name jbd2: fix use after free in jbd2_log_do_checkpoint() libnvdimm: Hold reference on parent while scheduling async init net/ipv4: defensive cipso option parsing xen: make xen_qlock_wait() nestable xen: fix race in xen_qlock_wait() tpm: Restore functionality to xen vtpm driver. xen-swiotlb: use actually allocated size on check physical continuous ALSA: hda: Check the non-cached stream buffers more explicitly dmaengine: dma-jz4780: Return error if not probed from DT signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init scsi: lpfc: Correct soft lockup when running mds diagnostics uio: ensure class is registered before devices driver/dma/ioat: Call del_timer_sync() without holding prep_lock usb: chipidea: Prevent unbalanced IRQ disable MD: fix invalid stored role for a disk ext4: fix argument checking in EXT4_IOC_MOVE_EXT tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated scsi: megaraid_sas: fix a missing-check bug scsi: esp_scsi: Track residual for PIO transfers ath10k: schedule hardware restart if WMI command times out pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant pinctrl: qcom: spmi-mpp: Fix drive strength setting ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux x86: boot: Fix EFI stub alignment Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 perf tools: Cleanup trace-event-info 'tdata' leak perf tools: Free temporary 'sys' string in read_event_files() tun: Consistently configure generic netdev params via rtnetlink swim: fix cleanup on setup error ataflop: fix error handling during setup locking/lockdep: Fix debug_locks off performance problem selftests: ftrace: Add synthetic event syntax testcase net: qla3xxx: Remove overflowing shift statement x86/fpu: Remove second definition of fpu in __fpu__restore_sig() sparc: Fix single-pcr perf event counter management. x86/kconfig: Fall back to ticket spinlocks x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) parisc: Fix map_pages() to not overwrite existing pte entries parisc: Fix address in HPMC IVA ipmi: Fix timer race with module unload pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges jffs2: free jffs2_sb_info through jffs2_kill_sb() hwmon: (pmbus) Fix page count auto-detection. bcache: fix miss key refill->end in writeback ANDROID: zram: set comp_len to PAGE_SIZE when page is huge Conflicts: drivers/hid/usbhid/hiddev.c Change-Id: I42874613e3b4102ef4ed051e1e8ed25b2d4ae7f2 Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Diffstat (limited to 'fs/namespace.c')
-rw-r--r--fs/namespace.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 297ce252f39a..e6585f285234 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1602,8 +1602,13 @@ static int do_umount(struct mount *mnt, int flags)
namespace_lock();
lock_mount_hash();
- event++;
+ /* Recheck MNT_LOCKED with the locks held */
+ retval = -EINVAL;
+ if (mnt->mnt.mnt_flags & MNT_LOCKED)
+ goto out;
+
+ event++;
if (flags & MNT_DETACH) {
if (!list_empty(&mnt->mnt_list))
umount_tree(mnt, UMOUNT_PROPAGATE);
@@ -1617,6 +1622,7 @@ static int do_umount(struct mount *mnt, int flags)
retval = 0;
}
}
+out:
unlock_mount_hash();
namespace_unlock();
if (retval == -EBUSY)
@@ -1701,7 +1707,7 @@ SYSCALL_DEFINE2(umount, char __user *, name, int, flags)
goto dput_and_out;
if (!check_mnt(mnt))
goto dput_and_out;
- if (mnt->mnt.mnt_flags & MNT_LOCKED)
+ if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
goto dput_and_out;
retval = -EPERM;
if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
@@ -1779,8 +1785,14 @@ struct mount *copy_tree(struct mount *mnt, struct dentry *dentry,
for (s = r; s; s = next_mnt(s, r)) {
if (!(flag & CL_COPY_UNBINDABLE) &&
IS_MNT_UNBINDABLE(s)) {
- s = skip_mnt_tree(s);
- continue;
+ if (s->mnt.mnt_flags & MNT_LOCKED) {
+ /* Both unbindable and locked. */
+ q = ERR_PTR(-EPERM);
+ goto out;
+ } else {
+ s = skip_mnt_tree(s);
+ continue;
+ }
}
if (!(flag & CL_COPY_MNT_NS_FILE) &&
is_mnt_ns_file(s->mnt.mnt_root)) {
@@ -1833,7 +1845,7 @@ void drop_collected_mounts(struct vfsmount *mnt)
{
namespace_lock();
lock_mount_hash();
- umount_tree(real_mount(mnt), UMOUNT_SYNC);
+ umount_tree(real_mount(mnt), 0);
unlock_mount_hash();
namespace_unlock();
}