This source file includes following definitions.
- set_mhash_entries
- set_mphash_entries
- m_hash
- mp_hash
- mnt_alloc_id
- mnt_free_id
- mnt_alloc_group_id
- mnt_release_group_id
- mnt_add_count
- mnt_get_count
- alloc_vfsmnt
- __mnt_is_readonly
- mnt_inc_writers
- mnt_dec_writers
- mnt_get_writers
- mnt_is_readonly
- __mnt_want_write
- mnt_want_write
- mnt_clone_write
- __mnt_want_write_file
- mnt_want_write_file
- __mnt_drop_write
- mnt_drop_write
- __mnt_drop_write_file
- mnt_drop_write_file
- mnt_make_readonly
- __mnt_unmake_readonly
- sb_prepare_remount_readonly
- free_vfsmnt
- delayed_free_vfsmnt
- __legitimize_mnt
- legitimize_mnt
- __lookup_mnt
- lookup_mnt
- __is_local_mountpoint
- lookup_mountpoint
- get_mountpoint
- __put_mountpoint
- put_mountpoint
- check_mnt
- touch_mnt_namespace
- __touch_mnt_namespace
- unhash_mnt
- umount_mnt
- mnt_set_mountpoint
- __attach_mnt
- attach_mnt
- mnt_change_mountpoint
- commit_tree
- next_mnt
- skip_mnt_tree
- vfs_create_mount
- fc_mount
- vfs_kern_mount
- vfs_submount
- clone_mnt
- cleanup_mnt
- __cleanup_mnt
- delayed_mntput
- mntput_no_expire
- mntput
- mntget
- path_is_mountpoint
- mnt_clone_internal
- m_start
- m_next
- m_stop
- m_show
- may_umount_tree
- may_umount
- namespace_unlock
- namespace_lock
- disconnect_mount
- umount_tree
- do_umount_root
- do_umount
- __detach_mounts
- may_mount
- may_mandlock
- may_mandlock
- ksys_umount
- SYSCALL_DEFINE2
- SYSCALL_DEFINE1
- is_mnt_ns_file
- to_mnt_ns
- mnt_ns_loop
- copy_tree
- collect_mounts
- dissolve_on_fput
- drop_collected_mounts
- clone_private_mount
- iterate_mounts
- lock_mnt_tree
- cleanup_group_ids
- invent_group_ids
- count_mounts
- attach_recursive_mnt
- lock_mount
- unlock_mount
- graft_tree
- flags_to_propagation_type
- do_change_type
- has_locked_children
- __do_loopback
- do_loopback
- open_detached_copy
- SYSCALL_DEFINE3
- can_change_locked_flags
- change_mount_ro_state
- set_mount_attributes
- mnt_warn_timestamp_expiry
- do_reconfigure_mnt
- do_remount
- tree_contains_unbindable
- check_for_nsfs_mounts
- do_move_mount
- do_move_mount_old
- do_add_mount
- do_new_mount_fc
- do_new_mount
- finish_automount
- mnt_set_expiry
- mark_mounts_for_expiry
- select_submounts
- shrink_submounts
- exact_copy_from_user
- copy_mount_options
- copy_mount_string
- do_mount
- inc_mnt_namespaces
- dec_mnt_namespaces
- free_mnt_ns
- alloc_mnt_ns
- copy_mnt_ns
- mount_subtree
- ksys_mount
- SYSCALL_DEFINE5
- SYSCALL_DEFINE3
- SYSCALL_DEFINE5
- is_path_reachable
- path_is_under
- SYSCALL_DEFINE2
- init_mount_tree
- mnt_init
- put_mnt_ns
- kern_mount
- kern_unmount
- our_mnt
- current_chrooted
- mnt_already_visible
- mount_too_revealing
- mnt_may_suid
- mntns_get
- mntns_put
- mntns_install
- mntns_owner
1
2
3
4
5
6
7
8
9
10
11 #include <linux/syscalls.h>
12 #include <linux/export.h>
13 #include <linux/capability.h>
14 #include <linux/mnt_namespace.h>
15 #include <linux/user_namespace.h>
16 #include <linux/namei.h>
17 #include <linux/security.h>
18 #include <linux/cred.h>
19 #include <linux/idr.h>
20 #include <linux/init.h>
21 #include <linux/fs_struct.h>
22 #include <linux/fsnotify.h>
23 #include <linux/file.h>
24 #include <linux/uaccess.h>
25 #include <linux/proc_ns.h>
26 #include <linux/magic.h>
27 #include <linux/memblock.h>
28 #include <linux/task_work.h>
29 #include <linux/sched/task.h>
30 #include <uapi/linux/mount.h>
31 #include <linux/fs_context.h>
32 #include <linux/shmem_fs.h>
33
34 #include "pnode.h"
35 #include "internal.h"
36
37
38 unsigned int sysctl_mount_max __read_mostly = 100000;
39
40 static unsigned int m_hash_mask __read_mostly;
41 static unsigned int m_hash_shift __read_mostly;
42 static unsigned int mp_hash_mask __read_mostly;
43 static unsigned int mp_hash_shift __read_mostly;
44
45 static __initdata unsigned long mhash_entries;
46 static int __init set_mhash_entries(char *str)
47 {
48 if (!str)
49 return 0;
50 mhash_entries = simple_strtoul(str, &str, 0);
51 return 1;
52 }
53 __setup("mhash_entries=", set_mhash_entries);
54
55 static __initdata unsigned long mphash_entries;
56 static int __init set_mphash_entries(char *str)
57 {
58 if (!str)
59 return 0;
60 mphash_entries = simple_strtoul(str, &str, 0);
61 return 1;
62 }
63 __setup("mphash_entries=", set_mphash_entries);
64
65 static u64 event;
66 static DEFINE_IDA(mnt_id_ida);
67 static DEFINE_IDA(mnt_group_ida);
68
69 static struct hlist_head *mount_hashtable __read_mostly;
70 static struct hlist_head *mountpoint_hashtable __read_mostly;
71 static struct kmem_cache *mnt_cache __read_mostly;
72 static DECLARE_RWSEM(namespace_sem);
73 static HLIST_HEAD(unmounted);
74 static LIST_HEAD(ex_mountpoints);
75
76
77 struct kobject *fs_kobj;
78 EXPORT_SYMBOL_GPL(fs_kobj);
79
80
81
82
83
84
85
86
87
88 __cacheline_aligned_in_smp DEFINE_SEQLOCK(mount_lock);
89
90 static inline struct hlist_head *m_hash(struct vfsmount *mnt, struct dentry *dentry)
91 {
92 unsigned long tmp = ((unsigned long)mnt / L1_CACHE_BYTES);
93 tmp += ((unsigned long)dentry / L1_CACHE_BYTES);
94 tmp = tmp + (tmp >> m_hash_shift);
95 return &mount_hashtable[tmp & m_hash_mask];
96 }
97
98 static inline struct hlist_head *mp_hash(struct dentry *dentry)
99 {
100 unsigned long tmp = ((unsigned long)dentry / L1_CACHE_BYTES);
101 tmp = tmp + (tmp >> mp_hash_shift);
102 return &mountpoint_hashtable[tmp & mp_hash_mask];
103 }
104
105 static int mnt_alloc_id(struct mount *mnt)
106 {
107 int res = ida_alloc(&mnt_id_ida, GFP_KERNEL);
108
109 if (res < 0)
110 return res;
111 mnt->mnt_id = res;
112 return 0;
113 }
114
115 static void mnt_free_id(struct mount *mnt)
116 {
117 ida_free(&mnt_id_ida, mnt->mnt_id);
118 }
119
120
121
122
123 static int mnt_alloc_group_id(struct mount *mnt)
124 {
125 int res = ida_alloc_min(&mnt_group_ida, 1, GFP_KERNEL);
126
127 if (res < 0)
128 return res;
129 mnt->mnt_group_id = res;
130 return 0;
131 }
132
133
134
135
136 void mnt_release_group_id(struct mount *mnt)
137 {
138 ida_free(&mnt_group_ida, mnt->mnt_group_id);
139 mnt->mnt_group_id = 0;
140 }
141
142
143
144
145 static inline void mnt_add_count(struct mount *mnt, int n)
146 {
147 #ifdef CONFIG_SMP
148 this_cpu_add(mnt->mnt_pcp->mnt_count, n);
149 #else
150 preempt_disable();
151 mnt->mnt_count += n;
152 preempt_enable();
153 #endif
154 }
155
156
157
158
159 unsigned int mnt_get_count(struct mount *mnt)
160 {
161 #ifdef CONFIG_SMP
162 unsigned int count = 0;
163 int cpu;
164
165 for_each_possible_cpu(cpu) {
166 count += per_cpu_ptr(mnt->mnt_pcp, cpu)->mnt_count;
167 }
168
169 return count;
170 #else
171 return mnt->mnt_count;
172 #endif
173 }
174
175 static struct mount *alloc_vfsmnt(const char *name)
176 {
177 struct mount *mnt = kmem_cache_zalloc(mnt_cache, GFP_KERNEL);
178 if (mnt) {
179 int err;
180
181 err = mnt_alloc_id(mnt);
182 if (err)
183 goto out_free_cache;
184
185 if (name) {
186 mnt->mnt_devname = kstrdup_const(name, GFP_KERNEL);
187 if (!mnt->mnt_devname)
188 goto out_free_id;
189 }
190
191 #ifdef CONFIG_SMP
192 mnt->mnt_pcp = alloc_percpu(struct mnt_pcp);
193 if (!mnt->mnt_pcp)
194 goto out_free_devname;
195
196 this_cpu_add(mnt->mnt_pcp->mnt_count, 1);
197 #else
198 mnt->mnt_count = 1;
199 mnt->mnt_writers = 0;
200 #endif
201
202 INIT_HLIST_NODE(&mnt->mnt_hash);
203 INIT_LIST_HEAD(&mnt->mnt_child);
204 INIT_LIST_HEAD(&mnt->mnt_mounts);
205 INIT_LIST_HEAD(&mnt->mnt_list);
206 INIT_LIST_HEAD(&mnt->mnt_expire);
207 INIT_LIST_HEAD(&mnt->mnt_share);
208 INIT_LIST_HEAD(&mnt->mnt_slave_list);
209 INIT_LIST_HEAD(&mnt->mnt_slave);
210 INIT_HLIST_NODE(&mnt->mnt_mp_list);
211 INIT_LIST_HEAD(&mnt->mnt_umounting);
212 INIT_HLIST_HEAD(&mnt->mnt_stuck_children);
213 }
214 return mnt;
215
216 #ifdef CONFIG_SMP
217 out_free_devname:
218 kfree_const(mnt->mnt_devname);
219 #endif
220 out_free_id:
221 mnt_free_id(mnt);
222 out_free_cache:
223 kmem_cache_free(mnt_cache, mnt);
224 return NULL;
225 }
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246 bool __mnt_is_readonly(struct vfsmount *mnt)
247 {
248 return (mnt->mnt_flags & MNT_READONLY) || sb_rdonly(mnt->mnt_sb);
249 }
250 EXPORT_SYMBOL_GPL(__mnt_is_readonly);
251
252 static inline void mnt_inc_writers(struct mount *mnt)
253 {
254 #ifdef CONFIG_SMP
255 this_cpu_inc(mnt->mnt_pcp->mnt_writers);
256 #else
257 mnt->mnt_writers++;
258 #endif
259 }
260
261 static inline void mnt_dec_writers(struct mount *mnt)
262 {
263 #ifdef CONFIG_SMP
264 this_cpu_dec(mnt->mnt_pcp->mnt_writers);
265 #else
266 mnt->mnt_writers--;
267 #endif
268 }
269
270 static unsigned int mnt_get_writers(struct mount *mnt)
271 {
272 #ifdef CONFIG_SMP
273 unsigned int count = 0;
274 int cpu;
275
276 for_each_possible_cpu(cpu) {
277 count += per_cpu_ptr(mnt->mnt_pcp, cpu)->mnt_writers;
278 }
279
280 return count;
281 #else
282 return mnt->mnt_writers;
283 #endif
284 }
285
286 static int mnt_is_readonly(struct vfsmount *mnt)
287 {
288 if (mnt->mnt_sb->s_readonly_remount)
289 return 1;
290
291 smp_rmb();
292 return __mnt_is_readonly(mnt);
293 }
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311 int __mnt_want_write(struct vfsmount *m)
312 {
313 struct mount *mnt = real_mount(m);
314 int ret = 0;
315
316 preempt_disable();
317 mnt_inc_writers(mnt);
318
319
320
321
322
323 smp_mb();
324 while (READ_ONCE(mnt->mnt.mnt_flags) & MNT_WRITE_HOLD)
325 cpu_relax();
326
327
328
329
330
331 smp_rmb();
332 if (mnt_is_readonly(m)) {
333 mnt_dec_writers(mnt);
334 ret = -EROFS;
335 }
336 preempt_enable();
337
338 return ret;
339 }
340
341
342
343
344
345
346
347
348
349
350 int mnt_want_write(struct vfsmount *m)
351 {
352 int ret;
353
354 sb_start_write(m->mnt_sb);
355 ret = __mnt_want_write(m);
356 if (ret)
357 sb_end_write(m->mnt_sb);
358 return ret;
359 }
360 EXPORT_SYMBOL_GPL(mnt_want_write);
361
362
363
364
365
366
367
368
369
370
371
372
373
374 int mnt_clone_write(struct vfsmount *mnt)
375 {
376
377 if (__mnt_is_readonly(mnt))
378 return -EROFS;
379 preempt_disable();
380 mnt_inc_writers(real_mount(mnt));
381 preempt_enable();
382 return 0;
383 }
384 EXPORT_SYMBOL_GPL(mnt_clone_write);
385
386
387
388
389
390
391
392
393 int __mnt_want_write_file(struct file *file)
394 {
395 if (!(file->f_mode & FMODE_WRITER))
396 return __mnt_want_write(file->f_path.mnt);
397 else
398 return mnt_clone_write(file->f_path.mnt);
399 }
400
401
402
403
404
405
406
407
408 int mnt_want_write_file(struct file *file)
409 {
410 int ret;
411
412 sb_start_write(file_inode(file)->i_sb);
413 ret = __mnt_want_write_file(file);
414 if (ret)
415 sb_end_write(file_inode(file)->i_sb);
416 return ret;
417 }
418 EXPORT_SYMBOL_GPL(mnt_want_write_file);
419
420
421
422
423
424
425
426
427
428 void __mnt_drop_write(struct vfsmount *mnt)
429 {
430 preempt_disable();
431 mnt_dec_writers(real_mount(mnt));
432 preempt_enable();
433 }
434
435
436
437
438
439
440
441
442
443 void mnt_drop_write(struct vfsmount *mnt)
444 {
445 __mnt_drop_write(mnt);
446 sb_end_write(mnt->mnt_sb);
447 }
448 EXPORT_SYMBOL_GPL(mnt_drop_write);
449
450 void __mnt_drop_write_file(struct file *file)
451 {
452 __mnt_drop_write(file->f_path.mnt);
453 }
454
455 void mnt_drop_write_file(struct file *file)
456 {
457 __mnt_drop_write_file(file);
458 sb_end_write(file_inode(file)->i_sb);
459 }
460 EXPORT_SYMBOL(mnt_drop_write_file);
461
462 static int mnt_make_readonly(struct mount *mnt)
463 {
464 int ret = 0;
465
466 lock_mount_hash();
467 mnt->mnt.mnt_flags |= MNT_WRITE_HOLD;
468
469
470
471
472 smp_mb();
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490 if (mnt_get_writers(mnt) > 0)
491 ret = -EBUSY;
492 else
493 mnt->mnt.mnt_flags |= MNT_READONLY;
494
495
496
497
498 smp_wmb();
499 mnt->mnt.mnt_flags &= ~MNT_WRITE_HOLD;
500 unlock_mount_hash();
501 return ret;
502 }
503
504 static int __mnt_unmake_readonly(struct mount *mnt)
505 {
506 lock_mount_hash();
507 mnt->mnt.mnt_flags &= ~MNT_READONLY;
508 unlock_mount_hash();
509 return 0;
510 }
511
512 int sb_prepare_remount_readonly(struct super_block *sb)
513 {
514 struct mount *mnt;
515 int err = 0;
516
517
518 if (atomic_long_read(&sb->s_remove_count))
519 return -EBUSY;
520
521 lock_mount_hash();
522 list_for_each_entry(mnt, &sb->s_mounts, mnt_instance) {
523 if (!(mnt->mnt.mnt_flags & MNT_READONLY)) {
524 mnt->mnt.mnt_flags |= MNT_WRITE_HOLD;
525 smp_mb();
526 if (mnt_get_writers(mnt) > 0) {
527 err = -EBUSY;
528 break;
529 }
530 }
531 }
532 if (!err && atomic_long_read(&sb->s_remove_count))
533 err = -EBUSY;
534
535 if (!err) {
536 sb->s_readonly_remount = 1;
537 smp_wmb();
538 }
539 list_for_each_entry(mnt, &sb->s_mounts, mnt_instance) {
540 if (mnt->mnt.mnt_flags & MNT_WRITE_HOLD)
541 mnt->mnt.mnt_flags &= ~MNT_WRITE_HOLD;
542 }
543 unlock_mount_hash();
544
545 return err;
546 }
547
548 static void free_vfsmnt(struct mount *mnt)
549 {
550 kfree_const(mnt->mnt_devname);
551 #ifdef CONFIG_SMP
552 free_percpu(mnt->mnt_pcp);
553 #endif
554 kmem_cache_free(mnt_cache, mnt);
555 }
556
557 static void delayed_free_vfsmnt(struct rcu_head *head)
558 {
559 free_vfsmnt(container_of(head, struct mount, mnt_rcu));
560 }
561
562
563 int __legitimize_mnt(struct vfsmount *bastard, unsigned seq)
564 {
565 struct mount *mnt;
566 if (read_seqretry(&mount_lock, seq))
567 return 1;
568 if (bastard == NULL)
569 return 0;
570 mnt = real_mount(bastard);
571 mnt_add_count(mnt, 1);
572 smp_mb();
573 if (likely(!read_seqretry(&mount_lock, seq)))
574 return 0;
575 if (bastard->mnt_flags & MNT_SYNC_UMOUNT) {
576 mnt_add_count(mnt, -1);
577 return 1;
578 }
579 lock_mount_hash();
580 if (unlikely(bastard->mnt_flags & MNT_DOOMED)) {
581 mnt_add_count(mnt, -1);
582 unlock_mount_hash();
583 return 1;
584 }
585 unlock_mount_hash();
586
587 return -1;
588 }
589
590
591 bool legitimize_mnt(struct vfsmount *bastard, unsigned seq)
592 {
593 int res = __legitimize_mnt(bastard, seq);
594 if (likely(!res))
595 return true;
596 if (unlikely(res < 0)) {
597 rcu_read_unlock();
598 mntput(bastard);
599 rcu_read_lock();
600 }
601 return false;
602 }
603
604
605
606
607
608 struct mount *__lookup_mnt(struct vfsmount *mnt, struct dentry *dentry)
609 {
610 struct hlist_head *head = m_hash(mnt, dentry);
611 struct mount *p;
612
613 hlist_for_each_entry_rcu(p, head, mnt_hash)
614 if (&p->mnt_parent->mnt == mnt && p->mnt_mountpoint == dentry)
615 return p;
616 return NULL;
617 }
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635 struct vfsmount *lookup_mnt(const struct path *path)
636 {
637 struct mount *child_mnt;
638 struct vfsmount *m;
639 unsigned seq;
640
641 rcu_read_lock();
642 do {
643 seq = read_seqbegin(&mount_lock);
644 child_mnt = __lookup_mnt(path->mnt, path->dentry);
645 m = child_mnt ? &child_mnt->mnt : NULL;
646 } while (!legitimize_mnt(m, seq));
647 rcu_read_unlock();
648 return m;
649 }
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666 bool __is_local_mountpoint(struct dentry *dentry)
667 {
668 struct mnt_namespace *ns = current->nsproxy->mnt_ns;
669 struct mount *mnt;
670 bool is_covered = false;
671
672 if (!d_mountpoint(dentry))
673 goto out;
674
675 down_read(&namespace_sem);
676 list_for_each_entry(mnt, &ns->list, mnt_list) {
677 is_covered = (mnt->mnt_mountpoint == dentry);
678 if (is_covered)
679 break;
680 }
681 up_read(&namespace_sem);
682 out:
683 return is_covered;
684 }
685
686 static struct mountpoint *lookup_mountpoint(struct dentry *dentry)
687 {
688 struct hlist_head *chain = mp_hash(dentry);
689 struct mountpoint *mp;
690
691 hlist_for_each_entry(mp, chain, m_hash) {
692 if (mp->m_dentry == dentry) {
693 mp->m_count++;
694 return mp;
695 }
696 }
697 return NULL;
698 }
699
700 static struct mountpoint *get_mountpoint(struct dentry *dentry)
701 {
702 struct mountpoint *mp, *new = NULL;
703 int ret;
704
705 if (d_mountpoint(dentry)) {
706
707 if (d_unlinked(dentry))
708 return ERR_PTR(-ENOENT);
709 mountpoint:
710 read_seqlock_excl(&mount_lock);
711 mp = lookup_mountpoint(dentry);
712 read_sequnlock_excl(&mount_lock);
713 if (mp)
714 goto done;
715 }
716
717 if (!new)
718 new = kmalloc(sizeof(struct mountpoint), GFP_KERNEL);
719 if (!new)
720 return ERR_PTR(-ENOMEM);
721
722
723
724 ret = d_set_mounted(dentry);
725
726
727 if (ret == -EBUSY)
728 goto mountpoint;
729
730
731 mp = ERR_PTR(ret);
732 if (ret)
733 goto done;
734
735
736 read_seqlock_excl(&mount_lock);
737 new->m_dentry = dget(dentry);
738 new->m_count = 1;
739 hlist_add_head(&new->m_hash, mp_hash(dentry));
740 INIT_HLIST_HEAD(&new->m_list);
741 read_sequnlock_excl(&mount_lock);
742
743 mp = new;
744 new = NULL;
745 done:
746 kfree(new);
747 return mp;
748 }
749
750
751
752
753
754 static void __put_mountpoint(struct mountpoint *mp, struct list_head *list)
755 {
756 if (!--mp->m_count) {
757 struct dentry *dentry = mp->m_dentry;
758 BUG_ON(!hlist_empty(&mp->m_list));
759 spin_lock(&dentry->d_lock);
760 dentry->d_flags &= ~DCACHE_MOUNTED;
761 spin_unlock(&dentry->d_lock);
762 dput_to_list(dentry, list);
763 hlist_del(&mp->m_hash);
764 kfree(mp);
765 }
766 }
767
768
769 static void put_mountpoint(struct mountpoint *mp)
770 {
771 __put_mountpoint(mp, &ex_mountpoints);
772 }
773
774 static inline int check_mnt(struct mount *mnt)
775 {
776 return mnt->mnt_ns == current->nsproxy->mnt_ns;
777 }
778
779
780
781
782 static void touch_mnt_namespace(struct mnt_namespace *ns)
783 {
784 if (ns) {
785 ns->event = ++event;
786 wake_up_interruptible(&ns->poll);
787 }
788 }
789
790
791
792
793 static void __touch_mnt_namespace(struct mnt_namespace *ns)
794 {
795 if (ns && ns->event != event) {
796 ns->event = event;
797 wake_up_interruptible(&ns->poll);
798 }
799 }
800
801
802
803
804 static struct mountpoint *unhash_mnt(struct mount *mnt)
805 {
806 struct mountpoint *mp;
807 mnt->mnt_parent = mnt;
808 mnt->mnt_mountpoint = mnt->mnt.mnt_root;
809 list_del_init(&mnt->mnt_child);
810 hlist_del_init_rcu(&mnt->mnt_hash);
811 hlist_del_init(&mnt->mnt_mp_list);
812 mp = mnt->mnt_mp;
813 mnt->mnt_mp = NULL;
814 return mp;
815 }
816
817
818
819
820 static void umount_mnt(struct mount *mnt)
821 {
822 put_mountpoint(unhash_mnt(mnt));
823 }
824
825
826
827
828 void mnt_set_mountpoint(struct mount *mnt,
829 struct mountpoint *mp,
830 struct mount *child_mnt)
831 {
832 mp->m_count++;
833 mnt_add_count(mnt, 1);
834 child_mnt->mnt_mountpoint = mp->m_dentry;
835 child_mnt->mnt_parent = mnt;
836 child_mnt->mnt_mp = mp;
837 hlist_add_head(&child_mnt->mnt_mp_list, &mp->m_list);
838 }
839
840 static void __attach_mnt(struct mount *mnt, struct mount *parent)
841 {
842 hlist_add_head_rcu(&mnt->mnt_hash,
843 m_hash(&parent->mnt, mnt->mnt_mountpoint));
844 list_add_tail(&mnt->mnt_child, &parent->mnt_mounts);
845 }
846
847
848
849
850 static void attach_mnt(struct mount *mnt,
851 struct mount *parent,
852 struct mountpoint *mp)
853 {
854 mnt_set_mountpoint(parent, mp, mnt);
855 __attach_mnt(mnt, parent);
856 }
857
858 void mnt_change_mountpoint(struct mount *parent, struct mountpoint *mp, struct mount *mnt)
859 {
860 struct mountpoint *old_mp = mnt->mnt_mp;
861 struct mount *old_parent = mnt->mnt_parent;
862
863 list_del_init(&mnt->mnt_child);
864 hlist_del_init(&mnt->mnt_mp_list);
865 hlist_del_init_rcu(&mnt->mnt_hash);
866
867 attach_mnt(mnt, parent, mp);
868
869 put_mountpoint(old_mp);
870 mnt_add_count(old_parent, -1);
871 }
872
873
874
875
876 static void commit_tree(struct mount *mnt)
877 {
878 struct mount *parent = mnt->mnt_parent;
879 struct mount *m;
880 LIST_HEAD(head);
881 struct mnt_namespace *n = parent->mnt_ns;
882
883 BUG_ON(parent == mnt);
884
885 list_add_tail(&head, &mnt->mnt_list);
886 list_for_each_entry(m, &head, mnt_list)
887 m->mnt_ns = n;
888
889 list_splice(&head, n->list.prev);
890
891 n->mounts += n->pending_mounts;
892 n->pending_mounts = 0;
893
894 __attach_mnt(mnt, parent);
895 touch_mnt_namespace(n);
896 }
897
898 static struct mount *next_mnt(struct mount *p, struct mount *root)
899 {
900 struct list_head *next = p->mnt_mounts.next;
901 if (next == &p->mnt_mounts) {
902 while (1) {
903 if (p == root)
904 return NULL;
905 next = p->mnt_child.next;
906 if (next != &p->mnt_parent->mnt_mounts)
907 break;
908 p = p->mnt_parent;
909 }
910 }
911 return list_entry(next, struct mount, mnt_child);
912 }
913
914 static struct mount *skip_mnt_tree(struct mount *p)
915 {
916 struct list_head *prev = p->mnt_mounts.prev;
917 while (prev != &p->mnt_mounts) {
918 p = list_entry(prev, struct mount, mnt_child);
919 prev = p->mnt_mounts.prev;
920 }
921 return p;
922 }
923
924
925
926
927
928
929
930
931
932
933 struct vfsmount *vfs_create_mount(struct fs_context *fc)
934 {
935 struct mount *mnt;
936
937 if (!fc->root)
938 return ERR_PTR(-EINVAL);
939
940 mnt = alloc_vfsmnt(fc->source ?: "none");
941 if (!mnt)
942 return ERR_PTR(-ENOMEM);
943
944 if (fc->sb_flags & SB_KERNMOUNT)
945 mnt->mnt.mnt_flags = MNT_INTERNAL;
946
947 atomic_inc(&fc->root->d_sb->s_active);
948 mnt->mnt.mnt_sb = fc->root->d_sb;
949 mnt->mnt.mnt_root = dget(fc->root);
950 mnt->mnt_mountpoint = mnt->mnt.mnt_root;
951 mnt->mnt_parent = mnt;
952
953 lock_mount_hash();
954 list_add_tail(&mnt->mnt_instance, &mnt->mnt.mnt_sb->s_mounts);
955 unlock_mount_hash();
956 return &mnt->mnt;
957 }
958 EXPORT_SYMBOL(vfs_create_mount);
959
960 struct vfsmount *fc_mount(struct fs_context *fc)
961 {
962 int err = vfs_get_tree(fc);
963 if (!err) {
964 up_write(&fc->root->d_sb->s_umount);
965 return vfs_create_mount(fc);
966 }
967 return ERR_PTR(err);
968 }
969 EXPORT_SYMBOL(fc_mount);
970
971 struct vfsmount *vfs_kern_mount(struct file_system_type *type,
972 int flags, const char *name,
973 void *data)
974 {
975 struct fs_context *fc;
976 struct vfsmount *mnt;
977 int ret = 0;
978
979 if (!type)
980 return ERR_PTR(-EINVAL);
981
982 fc = fs_context_for_mount(type, flags);
983 if (IS_ERR(fc))
984 return ERR_CAST(fc);
985
986 if (name)
987 ret = vfs_parse_fs_string(fc, "source",
988 name, strlen(name));
989 if (!ret)
990 ret = parse_monolithic_mount_data(fc, data);
991 if (!ret)
992 mnt = fc_mount(fc);
993 else
994 mnt = ERR_PTR(ret);
995
996 put_fs_context(fc);
997 return mnt;
998 }
999 EXPORT_SYMBOL_GPL(vfs_kern_mount);
1000
1001 struct vfsmount *
1002 vfs_submount(const struct dentry *mountpoint, struct file_system_type *type,
1003 const char *name, void *data)
1004 {
1005
1006
1007
1008
1009 if (mountpoint->d_sb->s_user_ns != &init_user_ns)
1010 return ERR_PTR(-EPERM);
1011
1012 return vfs_kern_mount(type, SB_SUBMOUNT, name, data);
1013 }
1014 EXPORT_SYMBOL_GPL(vfs_submount);
1015
1016 static struct mount *clone_mnt(struct mount *old, struct dentry *root,
1017 int flag)
1018 {
1019 struct super_block *sb = old->mnt.mnt_sb;
1020 struct mount *mnt;
1021 int err;
1022
1023 mnt = alloc_vfsmnt(old->mnt_devname);
1024 if (!mnt)
1025 return ERR_PTR(-ENOMEM);
1026
1027 if (flag & (CL_SLAVE | CL_PRIVATE | CL_SHARED_TO_SLAVE))
1028 mnt->mnt_group_id = 0;
1029 else
1030 mnt->mnt_group_id = old->mnt_group_id;
1031
1032 if ((flag & CL_MAKE_SHARED) && !mnt->mnt_group_id) {
1033 err = mnt_alloc_group_id(mnt);
1034 if (err)
1035 goto out_free;
1036 }
1037
1038 mnt->mnt.mnt_flags = old->mnt.mnt_flags;
1039 mnt->mnt.mnt_flags &= ~(MNT_WRITE_HOLD|MNT_MARKED|MNT_INTERNAL);
1040
1041 atomic_inc(&sb->s_active);
1042 mnt->mnt.mnt_sb = sb;
1043 mnt->mnt.mnt_root = dget(root);
1044 mnt->mnt_mountpoint = mnt->mnt.mnt_root;
1045 mnt->mnt_parent = mnt;
1046 lock_mount_hash();
1047 list_add_tail(&mnt->mnt_instance, &sb->s_mounts);
1048 unlock_mount_hash();
1049
1050 if ((flag & CL_SLAVE) ||
1051 ((flag & CL_SHARED_TO_SLAVE) && IS_MNT_SHARED(old))) {
1052 list_add(&mnt->mnt_slave, &old->mnt_slave_list);
1053 mnt->mnt_master = old;
1054 CLEAR_MNT_SHARED(mnt);
1055 } else if (!(flag & CL_PRIVATE)) {
1056 if ((flag & CL_MAKE_SHARED) || IS_MNT_SHARED(old))
1057 list_add(&mnt->mnt_share, &old->mnt_share);
1058 if (IS_MNT_SLAVE(old))
1059 list_add(&mnt->mnt_slave, &old->mnt_slave);
1060 mnt->mnt_master = old->mnt_master;
1061 } else {
1062 CLEAR_MNT_SHARED(mnt);
1063 }
1064 if (flag & CL_MAKE_SHARED)
1065 set_mnt_shared(mnt);
1066
1067
1068
1069 if (flag & CL_EXPIRE) {
1070 if (!list_empty(&old->mnt_expire))
1071 list_add(&mnt->mnt_expire, &old->mnt_expire);
1072 }
1073
1074 return mnt;
1075
1076 out_free:
1077 mnt_free_id(mnt);
1078 free_vfsmnt(mnt);
1079 return ERR_PTR(err);
1080 }
1081
1082 static void cleanup_mnt(struct mount *mnt)
1083 {
1084 struct hlist_node *p;
1085 struct mount *m;
1086
1087
1088
1089
1090
1091
1092
1093 WARN_ON(mnt_get_writers(mnt));
1094 if (unlikely(mnt->mnt_pins.first))
1095 mnt_pin_kill(mnt);
1096 hlist_for_each_entry_safe(m, p, &mnt->mnt_stuck_children, mnt_umount) {
1097 hlist_del(&m->mnt_umount);
1098 mntput(&m->mnt);
1099 }
1100 fsnotify_vfsmount_delete(&mnt->mnt);
1101 dput(mnt->mnt.mnt_root);
1102 deactivate_super(mnt->mnt.mnt_sb);
1103 mnt_free_id(mnt);
1104 call_rcu(&mnt->mnt_rcu, delayed_free_vfsmnt);
1105 }
1106
1107 static void __cleanup_mnt(struct rcu_head *head)
1108 {
1109 cleanup_mnt(container_of(head, struct mount, mnt_rcu));
1110 }
1111
1112 static LLIST_HEAD(delayed_mntput_list);
1113 static void delayed_mntput(struct work_struct *unused)
1114 {
1115 struct llist_node *node = llist_del_all(&delayed_mntput_list);
1116 struct mount *m, *t;
1117
1118 llist_for_each_entry_safe(m, t, node, mnt_llist)
1119 cleanup_mnt(m);
1120 }
1121 static DECLARE_DELAYED_WORK(delayed_mntput_work, delayed_mntput);
1122
1123 static void mntput_no_expire(struct mount *mnt)
1124 {
1125 LIST_HEAD(list);
1126
1127 rcu_read_lock();
1128 if (likely(READ_ONCE(mnt->mnt_ns))) {
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138 mnt_add_count(mnt, -1);
1139 rcu_read_unlock();
1140 return;
1141 }
1142 lock_mount_hash();
1143
1144
1145
1146
1147 smp_mb();
1148 mnt_add_count(mnt, -1);
1149 if (mnt_get_count(mnt)) {
1150 rcu_read_unlock();
1151 unlock_mount_hash();
1152 return;
1153 }
1154 if (unlikely(mnt->mnt.mnt_flags & MNT_DOOMED)) {
1155 rcu_read_unlock();
1156 unlock_mount_hash();
1157 return;
1158 }
1159 mnt->mnt.mnt_flags |= MNT_DOOMED;
1160 rcu_read_unlock();
1161
1162 list_del(&mnt->mnt_instance);
1163
1164 if (unlikely(!list_empty(&mnt->mnt_mounts))) {
1165 struct mount *p, *tmp;
1166 list_for_each_entry_safe(p, tmp, &mnt->mnt_mounts, mnt_child) {
1167 __put_mountpoint(unhash_mnt(p), &list);
1168 hlist_add_head(&p->mnt_umount, &mnt->mnt_stuck_children);
1169 }
1170 }
1171 unlock_mount_hash();
1172 shrink_dentry_list(&list);
1173
1174 if (likely(!(mnt->mnt.mnt_flags & MNT_INTERNAL))) {
1175 struct task_struct *task = current;
1176 if (likely(!(task->flags & PF_KTHREAD))) {
1177 init_task_work(&mnt->mnt_rcu, __cleanup_mnt);
1178 if (!task_work_add(task, &mnt->mnt_rcu, true))
1179 return;
1180 }
1181 if (llist_add(&mnt->mnt_llist, &delayed_mntput_list))
1182 schedule_delayed_work(&delayed_mntput_work, 1);
1183 return;
1184 }
1185 cleanup_mnt(mnt);
1186 }
1187
1188 void mntput(struct vfsmount *mnt)
1189 {
1190 if (mnt) {
1191 struct mount *m = real_mount(mnt);
1192
1193 if (unlikely(m->mnt_expiry_mark))
1194 m->mnt_expiry_mark = 0;
1195 mntput_no_expire(m);
1196 }
1197 }
1198 EXPORT_SYMBOL(mntput);
1199
1200 struct vfsmount *mntget(struct vfsmount *mnt)
1201 {
1202 if (mnt)
1203 mnt_add_count(real_mount(mnt), 1);
1204 return mnt;
1205 }
1206 EXPORT_SYMBOL(mntget);
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218 bool path_is_mountpoint(const struct path *path)
1219 {
1220 unsigned seq;
1221 bool res;
1222
1223 if (!d_mountpoint(path->dentry))
1224 return false;
1225
1226 rcu_read_lock();
1227 do {
1228 seq = read_seqbegin(&mount_lock);
1229 res = __path_is_mountpoint(path);
1230 } while (read_seqretry(&mount_lock, seq));
1231 rcu_read_unlock();
1232
1233 return res;
1234 }
1235 EXPORT_SYMBOL(path_is_mountpoint);
1236
1237 struct vfsmount *mnt_clone_internal(const struct path *path)
1238 {
1239 struct mount *p;
1240 p = clone_mnt(real_mount(path->mnt), path->dentry, CL_PRIVATE);
1241 if (IS_ERR(p))
1242 return ERR_CAST(p);
1243 p->mnt.mnt_flags |= MNT_INTERNAL;
1244 return &p->mnt;
1245 }
1246
1247 #ifdef CONFIG_PROC_FS
1248
1249 static void *m_start(struct seq_file *m, loff_t *pos)
1250 {
1251 struct proc_mounts *p = m->private;
1252
1253 down_read(&namespace_sem);
1254 if (p->cached_event == p->ns->event) {
1255 void *v = p->cached_mount;
1256 if (*pos == p->cached_index)
1257 return v;
1258 if (*pos == p->cached_index + 1) {
1259 v = seq_list_next(v, &p->ns->list, &p->cached_index);
1260 return p->cached_mount = v;
1261 }
1262 }
1263
1264 p->cached_event = p->ns->event;
1265 p->cached_mount = seq_list_start(&p->ns->list, *pos);
1266 p->cached_index = *pos;
1267 return p->cached_mount;
1268 }
1269
1270 static void *m_next(struct seq_file *m, void *v, loff_t *pos)
1271 {
1272 struct proc_mounts *p = m->private;
1273
1274 p->cached_mount = seq_list_next(v, &p->ns->list, pos);
1275 p->cached_index = *pos;
1276 return p->cached_mount;
1277 }
1278
1279 static void m_stop(struct seq_file *m, void *v)
1280 {
1281 up_read(&namespace_sem);
1282 }
1283
1284 static int m_show(struct seq_file *m, void *v)
1285 {
1286 struct proc_mounts *p = m->private;
1287 struct mount *r = list_entry(v, struct mount, mnt_list);
1288 return p->show(m, &r->mnt);
1289 }
1290
1291 const struct seq_operations mounts_op = {
1292 .start = m_start,
1293 .next = m_next,
1294 .stop = m_stop,
1295 .show = m_show,
1296 };
1297 #endif
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307 int may_umount_tree(struct vfsmount *m)
1308 {
1309 struct mount *mnt = real_mount(m);
1310 int actual_refs = 0;
1311 int minimum_refs = 0;
1312 struct mount *p;
1313 BUG_ON(!m);
1314
1315
1316 lock_mount_hash();
1317 for (p = mnt; p; p = next_mnt(p, mnt)) {
1318 actual_refs += mnt_get_count(p);
1319 minimum_refs += 2;
1320 }
1321 unlock_mount_hash();
1322
1323 if (actual_refs > minimum_refs)
1324 return 0;
1325
1326 return 1;
1327 }
1328
1329 EXPORT_SYMBOL(may_umount_tree);
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344 int may_umount(struct vfsmount *mnt)
1345 {
1346 int ret = 1;
1347 down_read(&namespace_sem);
1348 lock_mount_hash();
1349 if (propagate_mount_busy(real_mount(mnt), 2))
1350 ret = 0;
1351 unlock_mount_hash();
1352 up_read(&namespace_sem);
1353 return ret;
1354 }
1355
1356 EXPORT_SYMBOL(may_umount);
1357
1358 static void namespace_unlock(void)
1359 {
1360 struct hlist_head head;
1361 struct hlist_node *p;
1362 struct mount *m;
1363 LIST_HEAD(list);
1364
1365 hlist_move_list(&unmounted, &head);
1366 list_splice_init(&ex_mountpoints, &list);
1367
1368 up_write(&namespace_sem);
1369
1370 shrink_dentry_list(&list);
1371
1372 if (likely(hlist_empty(&head)))
1373 return;
1374
1375 synchronize_rcu_expedited();
1376
1377 hlist_for_each_entry_safe(m, p, &head, mnt_umount) {
1378 hlist_del(&m->mnt_umount);
1379 mntput(&m->mnt);
1380 }
1381 }
1382
1383 static inline void namespace_lock(void)
1384 {
1385 down_write(&namespace_sem);
1386 }
1387
1388 enum umount_tree_flags {
1389 UMOUNT_SYNC = 1,
1390 UMOUNT_PROPAGATE = 2,
1391 UMOUNT_CONNECTED = 4,
1392 };
1393
1394 static bool disconnect_mount(struct mount *mnt, enum umount_tree_flags how)
1395 {
1396
1397 if (how & UMOUNT_SYNC)
1398 return true;
1399
1400
1401 if (!mnt_has_parent(mnt))
1402 return true;
1403
1404
1405
1406
1407
1408 if (!(mnt->mnt_parent->mnt.mnt_flags & MNT_UMOUNT))
1409 return true;
1410
1411
1412 if (how & UMOUNT_CONNECTED)
1413 return false;
1414
1415
1416 if (IS_MNT_LOCKED(mnt))
1417 return false;
1418
1419
1420 return true;
1421 }
1422
1423
1424
1425
1426
1427 static void umount_tree(struct mount *mnt, enum umount_tree_flags how)
1428 {
1429 LIST_HEAD(tmp_list);
1430 struct mount *p;
1431
1432 if (how & UMOUNT_PROPAGATE)
1433 propagate_mount_unlock(mnt);
1434
1435
1436 for (p = mnt; p; p = next_mnt(p, mnt)) {
1437 p->mnt.mnt_flags |= MNT_UMOUNT;
1438 list_move(&p->mnt_list, &tmp_list);
1439 }
1440
1441
1442 list_for_each_entry(p, &tmp_list, mnt_list) {
1443 list_del_init(&p->mnt_child);
1444 }
1445
1446
1447 if (how & UMOUNT_PROPAGATE)
1448 propagate_umount(&tmp_list);
1449
1450 while (!list_empty(&tmp_list)) {
1451 struct mnt_namespace *ns;
1452 bool disconnect;
1453 p = list_first_entry(&tmp_list, struct mount, mnt_list);
1454 list_del_init(&p->mnt_expire);
1455 list_del_init(&p->mnt_list);
1456 ns = p->mnt_ns;
1457 if (ns) {
1458 ns->mounts--;
1459 __touch_mnt_namespace(ns);
1460 }
1461 p->mnt_ns = NULL;
1462 if (how & UMOUNT_SYNC)
1463 p->mnt.mnt_flags |= MNT_SYNC_UMOUNT;
1464
1465 disconnect = disconnect_mount(p, how);
1466 if (mnt_has_parent(p)) {
1467 mnt_add_count(p->mnt_parent, -1);
1468 if (!disconnect) {
1469
1470 list_add_tail(&p->mnt_child, &p->mnt_parent->mnt_mounts);
1471 } else {
1472 umount_mnt(p);
1473 }
1474 }
1475 change_mnt_propagation(p, MS_PRIVATE);
1476 if (disconnect)
1477 hlist_add_head(&p->mnt_umount, &unmounted);
1478 }
1479 }
1480
1481 static void shrink_submounts(struct mount *mnt);
1482
1483 static int do_umount_root(struct super_block *sb)
1484 {
1485 int ret = 0;
1486
1487 down_write(&sb->s_umount);
1488 if (!sb_rdonly(sb)) {
1489 struct fs_context *fc;
1490
1491 fc = fs_context_for_reconfigure(sb->s_root, SB_RDONLY,
1492 SB_RDONLY);
1493 if (IS_ERR(fc)) {
1494 ret = PTR_ERR(fc);
1495 } else {
1496 ret = parse_monolithic_mount_data(fc, NULL);
1497 if (!ret)
1498 ret = reconfigure_super(fc);
1499 put_fs_context(fc);
1500 }
1501 }
1502 up_write(&sb->s_umount);
1503 return ret;
1504 }
1505
1506 static int do_umount(struct mount *mnt, int flags)
1507 {
1508 struct super_block *sb = mnt->mnt.mnt_sb;
1509 int retval;
1510
1511 retval = security_sb_umount(&mnt->mnt, flags);
1512 if (retval)
1513 return retval;
1514
1515
1516
1517
1518
1519
1520
1521 if (flags & MNT_EXPIRE) {
1522 if (&mnt->mnt == current->fs->root.mnt ||
1523 flags & (MNT_FORCE | MNT_DETACH))
1524 return -EINVAL;
1525
1526
1527
1528
1529
1530 lock_mount_hash();
1531 if (mnt_get_count(mnt) != 2) {
1532 unlock_mount_hash();
1533 return -EBUSY;
1534 }
1535 unlock_mount_hash();
1536
1537 if (!xchg(&mnt->mnt_expiry_mark, 1))
1538 return -EAGAIN;
1539 }
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551 if (flags & MNT_FORCE && sb->s_op->umount_begin) {
1552 sb->s_op->umount_begin(sb);
1553 }
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564 if (&mnt->mnt == current->fs->root.mnt && !(flags & MNT_DETACH)) {
1565
1566
1567
1568
1569 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
1570 return -EPERM;
1571 return do_umount_root(sb);
1572 }
1573
1574 namespace_lock();
1575 lock_mount_hash();
1576
1577
1578 retval = -EINVAL;
1579 if (mnt->mnt.mnt_flags & MNT_LOCKED)
1580 goto out;
1581
1582 event++;
1583 if (flags & MNT_DETACH) {
1584 if (!list_empty(&mnt->mnt_list))
1585 umount_tree(mnt, UMOUNT_PROPAGATE);
1586 retval = 0;
1587 } else {
1588 shrink_submounts(mnt);
1589 retval = -EBUSY;
1590 if (!propagate_mount_busy(mnt, 2)) {
1591 if (!list_empty(&mnt->mnt_list))
1592 umount_tree(mnt, UMOUNT_PROPAGATE|UMOUNT_SYNC);
1593 retval = 0;
1594 }
1595 }
1596 out:
1597 unlock_mount_hash();
1598 namespace_unlock();
1599 return retval;
1600 }
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612 void __detach_mounts(struct dentry *dentry)
1613 {
1614 struct mountpoint *mp;
1615 struct mount *mnt;
1616
1617 namespace_lock();
1618 lock_mount_hash();
1619 mp = lookup_mountpoint(dentry);
1620 if (!mp)
1621 goto out_unlock;
1622
1623 event++;
1624 while (!hlist_empty(&mp->m_list)) {
1625 mnt = hlist_entry(mp->m_list.first, struct mount, mnt_mp_list);
1626 if (mnt->mnt.mnt_flags & MNT_UMOUNT) {
1627 umount_mnt(mnt);
1628 hlist_add_head(&mnt->mnt_umount, &unmounted);
1629 }
1630 else umount_tree(mnt, UMOUNT_CONNECTED);
1631 }
1632 put_mountpoint(mp);
1633 out_unlock:
1634 unlock_mount_hash();
1635 namespace_unlock();
1636 }
1637
1638
1639
1640
1641 static inline bool may_mount(void)
1642 {
1643 return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN);
1644 }
1645
1646 #ifdef CONFIG_MANDATORY_FILE_LOCKING
1647 static inline bool may_mandlock(void)
1648 {
1649 return capable(CAP_SYS_ADMIN);
1650 }
1651 #else
1652 static inline bool may_mandlock(void)
1653 {
1654 pr_warn("VFS: \"mand\" mount option not supported");
1655 return false;
1656 }
1657 #endif
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667 int ksys_umount(char __user *name, int flags)
1668 {
1669 struct path path;
1670 struct mount *mnt;
1671 int retval;
1672 int lookup_flags = 0;
1673
1674 if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW))
1675 return -EINVAL;
1676
1677 if (!may_mount())
1678 return -EPERM;
1679
1680 if (!(flags & UMOUNT_NOFOLLOW))
1681 lookup_flags |= LOOKUP_FOLLOW;
1682
1683 retval = user_path_mountpoint_at(AT_FDCWD, name, lookup_flags, &path);
1684 if (retval)
1685 goto out;
1686 mnt = real_mount(path.mnt);
1687 retval = -EINVAL;
1688 if (path.dentry != path.mnt->mnt_root)
1689 goto dput_and_out;
1690 if (!check_mnt(mnt))
1691 goto dput_and_out;
1692 if (mnt->mnt.mnt_flags & MNT_LOCKED)
1693 goto dput_and_out;
1694 retval = -EPERM;
1695 if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
1696 goto dput_and_out;
1697
1698 retval = do_umount(mnt, flags);
1699 dput_and_out:
1700
1701 dput(path.dentry);
1702 mntput_no_expire(mnt);
1703 out:
1704 return retval;
1705 }
1706
1707 SYSCALL_DEFINE2(umount, char __user *, name, int, flags)
1708 {
1709 return ksys_umount(name, flags);
1710 }
1711
1712 #ifdef __ARCH_WANT_SYS_OLDUMOUNT
1713
1714
1715
1716
1717 SYSCALL_DEFINE1(oldumount, char __user *, name)
1718 {
1719 return ksys_umount(name, 0);
1720 }
1721
1722 #endif
1723
1724 static bool is_mnt_ns_file(struct dentry *dentry)
1725 {
1726
1727 return dentry->d_op == &ns_dentry_operations &&
1728 dentry->d_fsdata == &mntns_operations;
1729 }
1730
1731 struct mnt_namespace *to_mnt_ns(struct ns_common *ns)
1732 {
1733 return container_of(ns, struct mnt_namespace, ns);
1734 }
1735
1736 static bool mnt_ns_loop(struct dentry *dentry)
1737 {
1738
1739
1740
1741 struct mnt_namespace *mnt_ns;
1742 if (!is_mnt_ns_file(dentry))
1743 return false;
1744
1745 mnt_ns = to_mnt_ns(get_proc_ns(dentry->d_inode));
1746 return current->nsproxy->mnt_ns->seq >= mnt_ns->seq;
1747 }
1748
1749 struct mount *copy_tree(struct mount *mnt, struct dentry *dentry,
1750 int flag)
1751 {
1752 struct mount *res, *p, *q, *r, *parent;
1753
1754 if (!(flag & CL_COPY_UNBINDABLE) && IS_MNT_UNBINDABLE(mnt))
1755 return ERR_PTR(-EINVAL);
1756
1757 if (!(flag & CL_COPY_MNT_NS_FILE) && is_mnt_ns_file(dentry))
1758 return ERR_PTR(-EINVAL);
1759
1760 res = q = clone_mnt(mnt, dentry, flag);
1761 if (IS_ERR(q))
1762 return q;
1763
1764 q->mnt_mountpoint = mnt->mnt_mountpoint;
1765
1766 p = mnt;
1767 list_for_each_entry(r, &mnt->mnt_mounts, mnt_child) {
1768 struct mount *s;
1769 if (!is_subdir(r->mnt_mountpoint, dentry))
1770 continue;
1771
1772 for (s = r; s; s = next_mnt(s, r)) {
1773 if (!(flag & CL_COPY_UNBINDABLE) &&
1774 IS_MNT_UNBINDABLE(s)) {
1775 if (s->mnt.mnt_flags & MNT_LOCKED) {
1776
1777 q = ERR_PTR(-EPERM);
1778 goto out;
1779 } else {
1780 s = skip_mnt_tree(s);
1781 continue;
1782 }
1783 }
1784 if (!(flag & CL_COPY_MNT_NS_FILE) &&
1785 is_mnt_ns_file(s->mnt.mnt_root)) {
1786 s = skip_mnt_tree(s);
1787 continue;
1788 }
1789 while (p != s->mnt_parent) {
1790 p = p->mnt_parent;
1791 q = q->mnt_parent;
1792 }
1793 p = s;
1794 parent = q;
1795 q = clone_mnt(p, p->mnt.mnt_root, flag);
1796 if (IS_ERR(q))
1797 goto out;
1798 lock_mount_hash();
1799 list_add_tail(&q->mnt_list, &res->mnt_list);
1800 attach_mnt(q, parent, p->mnt_mp);
1801 unlock_mount_hash();
1802 }
1803 }
1804 return res;
1805 out:
1806 if (res) {
1807 lock_mount_hash();
1808 umount_tree(res, UMOUNT_SYNC);
1809 unlock_mount_hash();
1810 }
1811 return q;
1812 }
1813
1814
1815
1816 struct vfsmount *collect_mounts(const struct path *path)
1817 {
1818 struct mount *tree;
1819 namespace_lock();
1820 if (!check_mnt(real_mount(path->mnt)))
1821 tree = ERR_PTR(-EINVAL);
1822 else
1823 tree = copy_tree(real_mount(path->mnt), path->dentry,
1824 CL_COPY_ALL | CL_PRIVATE);
1825 namespace_unlock();
1826 if (IS_ERR(tree))
1827 return ERR_CAST(tree);
1828 return &tree->mnt;
1829 }
1830
1831 static void free_mnt_ns(struct mnt_namespace *);
1832 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *, bool);
1833
1834 void dissolve_on_fput(struct vfsmount *mnt)
1835 {
1836 struct mnt_namespace *ns;
1837 namespace_lock();
1838 lock_mount_hash();
1839 ns = real_mount(mnt)->mnt_ns;
1840 if (ns) {
1841 if (is_anon_ns(ns))
1842 umount_tree(real_mount(mnt), UMOUNT_CONNECTED);
1843 else
1844 ns = NULL;
1845 }
1846 unlock_mount_hash();
1847 namespace_unlock();
1848 if (ns)
1849 free_mnt_ns(ns);
1850 }
1851
1852 void drop_collected_mounts(struct vfsmount *mnt)
1853 {
1854 namespace_lock();
1855 lock_mount_hash();
1856 umount_tree(real_mount(mnt), 0);
1857 unlock_mount_hash();
1858 namespace_unlock();
1859 }
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870 struct vfsmount *clone_private_mount(const struct path *path)
1871 {
1872 struct mount *old_mnt = real_mount(path->mnt);
1873 struct mount *new_mnt;
1874
1875 if (IS_MNT_UNBINDABLE(old_mnt))
1876 return ERR_PTR(-EINVAL);
1877
1878 new_mnt = clone_mnt(old_mnt, path->dentry, CL_PRIVATE);
1879 if (IS_ERR(new_mnt))
1880 return ERR_CAST(new_mnt);
1881
1882 return &new_mnt->mnt;
1883 }
1884 EXPORT_SYMBOL_GPL(clone_private_mount);
1885
1886 int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
1887 struct vfsmount *root)
1888 {
1889 struct mount *mnt;
1890 int res = f(root, arg);
1891 if (res)
1892 return res;
1893 list_for_each_entry(mnt, &real_mount(root)->mnt_list, mnt_list) {
1894 res = f(&mnt->mnt, arg);
1895 if (res)
1896 return res;
1897 }
1898 return 0;
1899 }
1900
1901 static void lock_mnt_tree(struct mount *mnt)
1902 {
1903 struct mount *p;
1904
1905 for (p = mnt; p; p = next_mnt(p, mnt)) {
1906 int flags = p->mnt.mnt_flags;
1907
1908 flags |= MNT_LOCK_ATIME;
1909
1910 if (flags & MNT_READONLY)
1911 flags |= MNT_LOCK_READONLY;
1912
1913 if (flags & MNT_NODEV)
1914 flags |= MNT_LOCK_NODEV;
1915
1916 if (flags & MNT_NOSUID)
1917 flags |= MNT_LOCK_NOSUID;
1918
1919 if (flags & MNT_NOEXEC)
1920 flags |= MNT_LOCK_NOEXEC;
1921
1922 if (list_empty(&p->mnt_expire))
1923 flags |= MNT_LOCKED;
1924 p->mnt.mnt_flags = flags;
1925 }
1926 }
1927
1928 static void cleanup_group_ids(struct mount *mnt, struct mount *end)
1929 {
1930 struct mount *p;
1931
1932 for (p = mnt; p != end; p = next_mnt(p, mnt)) {
1933 if (p->mnt_group_id && !IS_MNT_SHARED(p))
1934 mnt_release_group_id(p);
1935 }
1936 }
1937
1938 static int invent_group_ids(struct mount *mnt, bool recurse)
1939 {
1940 struct mount *p;
1941
1942 for (p = mnt; p; p = recurse ? next_mnt(p, mnt) : NULL) {
1943 if (!p->mnt_group_id && !IS_MNT_SHARED(p)) {
1944 int err = mnt_alloc_group_id(p);
1945 if (err) {
1946 cleanup_group_ids(mnt, p);
1947 return err;
1948 }
1949 }
1950 }
1951
1952 return 0;
1953 }
1954
1955 int count_mounts(struct mnt_namespace *ns, struct mount *mnt)
1956 {
1957 unsigned int max = READ_ONCE(sysctl_mount_max);
1958 unsigned int mounts = 0, old, pending, sum;
1959 struct mount *p;
1960
1961 for (p = mnt; p; p = next_mnt(p, mnt))
1962 mounts++;
1963
1964 old = ns->mounts;
1965 pending = ns->pending_mounts;
1966 sum = old + pending;
1967 if ((old > sum) ||
1968 (pending > sum) ||
1969 (max < sum) ||
1970 (mounts > (max - sum)))
1971 return -ENOSPC;
1972
1973 ns->pending_mounts = pending + mounts;
1974 return 0;
1975 }
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040 static int attach_recursive_mnt(struct mount *source_mnt,
2041 struct mount *dest_mnt,
2042 struct mountpoint *dest_mp,
2043 bool moving)
2044 {
2045 struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns;
2046 HLIST_HEAD(tree_list);
2047 struct mnt_namespace *ns = dest_mnt->mnt_ns;
2048 struct mountpoint *smp;
2049 struct mount *child, *p;
2050 struct hlist_node *n;
2051 int err;
2052
2053
2054
2055
2056 smp = get_mountpoint(source_mnt->mnt.mnt_root);
2057 if (IS_ERR(smp))
2058 return PTR_ERR(smp);
2059
2060
2061 if (!moving) {
2062 err = count_mounts(ns, source_mnt);
2063 if (err)
2064 goto out;
2065 }
2066
2067 if (IS_MNT_SHARED(dest_mnt)) {
2068 err = invent_group_ids(source_mnt, true);
2069 if (err)
2070 goto out;
2071 err = propagate_mnt(dest_mnt, dest_mp, source_mnt, &tree_list);
2072 lock_mount_hash();
2073 if (err)
2074 goto out_cleanup_ids;
2075 for (p = source_mnt; p; p = next_mnt(p, source_mnt))
2076 set_mnt_shared(p);
2077 } else {
2078 lock_mount_hash();
2079 }
2080 if (moving) {
2081 unhash_mnt(source_mnt);
2082 attach_mnt(source_mnt, dest_mnt, dest_mp);
2083 touch_mnt_namespace(source_mnt->mnt_ns);
2084 } else {
2085 if (source_mnt->mnt_ns) {
2086
2087 list_del_init(&source_mnt->mnt_ns->list);
2088 }
2089 mnt_set_mountpoint(dest_mnt, dest_mp, source_mnt);
2090 commit_tree(source_mnt);
2091 }
2092
2093 hlist_for_each_entry_safe(child, n, &tree_list, mnt_hash) {
2094 struct mount *q;
2095 hlist_del_init(&child->mnt_hash);
2096 q = __lookup_mnt(&child->mnt_parent->mnt,
2097 child->mnt_mountpoint);
2098 if (q)
2099 mnt_change_mountpoint(child, smp, q);
2100
2101 if (child->mnt_parent->mnt_ns->user_ns != user_ns)
2102 lock_mnt_tree(child);
2103 child->mnt.mnt_flags &= ~MNT_LOCKED;
2104 commit_tree(child);
2105 }
2106 put_mountpoint(smp);
2107 unlock_mount_hash();
2108
2109 return 0;
2110
2111 out_cleanup_ids:
2112 while (!hlist_empty(&tree_list)) {
2113 child = hlist_entry(tree_list.first, struct mount, mnt_hash);
2114 child->mnt_parent->mnt_ns->pending_mounts = 0;
2115 umount_tree(child, UMOUNT_SYNC);
2116 }
2117 unlock_mount_hash();
2118 cleanup_group_ids(source_mnt, NULL);
2119 out:
2120 ns->pending_mounts = 0;
2121
2122 read_seqlock_excl(&mount_lock);
2123 put_mountpoint(smp);
2124 read_sequnlock_excl(&mount_lock);
2125
2126 return err;
2127 }
2128
2129 static struct mountpoint *lock_mount(struct path *path)
2130 {
2131 struct vfsmount *mnt;
2132 struct dentry *dentry = path->dentry;
2133 retry:
2134 inode_lock(dentry->d_inode);
2135 if (unlikely(cant_mount(dentry))) {
2136 inode_unlock(dentry->d_inode);
2137 return ERR_PTR(-ENOENT);
2138 }
2139 namespace_lock();
2140 mnt = lookup_mnt(path);
2141 if (likely(!mnt)) {
2142 struct mountpoint *mp = get_mountpoint(dentry);
2143 if (IS_ERR(mp)) {
2144 namespace_unlock();
2145 inode_unlock(dentry->d_inode);
2146 return mp;
2147 }
2148 return mp;
2149 }
2150 namespace_unlock();
2151 inode_unlock(path->dentry->d_inode);
2152 path_put(path);
2153 path->mnt = mnt;
2154 dentry = path->dentry = dget(mnt->mnt_root);
2155 goto retry;
2156 }
2157
2158 static void unlock_mount(struct mountpoint *where)
2159 {
2160 struct dentry *dentry = where->m_dentry;
2161
2162 read_seqlock_excl(&mount_lock);
2163 put_mountpoint(where);
2164 read_sequnlock_excl(&mount_lock);
2165
2166 namespace_unlock();
2167 inode_unlock(dentry->d_inode);
2168 }
2169
2170 static int graft_tree(struct mount *mnt, struct mount *p, struct mountpoint *mp)
2171 {
2172 if (mnt->mnt.mnt_sb->s_flags & SB_NOUSER)
2173 return -EINVAL;
2174
2175 if (d_is_dir(mp->m_dentry) !=
2176 d_is_dir(mnt->mnt.mnt_root))
2177 return -ENOTDIR;
2178
2179 return attach_recursive_mnt(mnt, p, mp, false);
2180 }
2181
2182
2183
2184
2185
2186 static int flags_to_propagation_type(int ms_flags)
2187 {
2188 int type = ms_flags & ~(MS_REC | MS_SILENT);
2189
2190
2191 if (type & ~(MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
2192 return 0;
2193
2194 if (!is_power_of_2(type))
2195 return 0;
2196 return type;
2197 }
2198
2199
2200
2201
2202 static int do_change_type(struct path *path, int ms_flags)
2203 {
2204 struct mount *m;
2205 struct mount *mnt = real_mount(path->mnt);
2206 int recurse = ms_flags & MS_REC;
2207 int type;
2208 int err = 0;
2209
2210 if (path->dentry != path->mnt->mnt_root)
2211 return -EINVAL;
2212
2213 type = flags_to_propagation_type(ms_flags);
2214 if (!type)
2215 return -EINVAL;
2216
2217 namespace_lock();
2218 if (type == MS_SHARED) {
2219 err = invent_group_ids(mnt, recurse);
2220 if (err)
2221 goto out_unlock;
2222 }
2223
2224 lock_mount_hash();
2225 for (m = mnt; m; m = (recurse ? next_mnt(m, mnt) : NULL))
2226 change_mnt_propagation(m, type);
2227 unlock_mount_hash();
2228
2229 out_unlock:
2230 namespace_unlock();
2231 return err;
2232 }
2233
2234 static bool has_locked_children(struct mount *mnt, struct dentry *dentry)
2235 {
2236 struct mount *child;
2237 list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {
2238 if (!is_subdir(child->mnt_mountpoint, dentry))
2239 continue;
2240
2241 if (child->mnt.mnt_flags & MNT_LOCKED)
2242 return true;
2243 }
2244 return false;
2245 }
2246
2247 static struct mount *__do_loopback(struct path *old_path, int recurse)
2248 {
2249 struct mount *mnt = ERR_PTR(-EINVAL), *old = real_mount(old_path->mnt);
2250
2251 if (IS_MNT_UNBINDABLE(old))
2252 return mnt;
2253
2254 if (!check_mnt(old) && old_path->dentry->d_op != &ns_dentry_operations)
2255 return mnt;
2256
2257 if (!recurse && has_locked_children(old, old_path->dentry))
2258 return mnt;
2259
2260 if (recurse)
2261 mnt = copy_tree(old, old_path->dentry, CL_COPY_MNT_NS_FILE);
2262 else
2263 mnt = clone_mnt(old, old_path->dentry, 0);
2264
2265 if (!IS_ERR(mnt))
2266 mnt->mnt.mnt_flags &= ~MNT_LOCKED;
2267
2268 return mnt;
2269 }
2270
2271
2272
2273
2274 static int do_loopback(struct path *path, const char *old_name,
2275 int recurse)
2276 {
2277 struct path old_path;
2278 struct mount *mnt = NULL, *parent;
2279 struct mountpoint *mp;
2280 int err;
2281 if (!old_name || !*old_name)
2282 return -EINVAL;
2283 err = kern_path(old_name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &old_path);
2284 if (err)
2285 return err;
2286
2287 err = -EINVAL;
2288 if (mnt_ns_loop(old_path.dentry))
2289 goto out;
2290
2291 mp = lock_mount(path);
2292 if (IS_ERR(mp)) {
2293 err = PTR_ERR(mp);
2294 goto out;
2295 }
2296
2297 parent = real_mount(path->mnt);
2298 if (!check_mnt(parent))
2299 goto out2;
2300
2301 mnt = __do_loopback(&old_path, recurse);
2302 if (IS_ERR(mnt)) {
2303 err = PTR_ERR(mnt);
2304 goto out2;
2305 }
2306
2307 err = graft_tree(mnt, parent, mp);
2308 if (err) {
2309 lock_mount_hash();
2310 umount_tree(mnt, UMOUNT_SYNC);
2311 unlock_mount_hash();
2312 }
2313 out2:
2314 unlock_mount(mp);
2315 out:
2316 path_put(&old_path);
2317 return err;
2318 }
2319
2320 static struct file *open_detached_copy(struct path *path, bool recursive)
2321 {
2322 struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns;
2323 struct mnt_namespace *ns = alloc_mnt_ns(user_ns, true);
2324 struct mount *mnt, *p;
2325 struct file *file;
2326
2327 if (IS_ERR(ns))
2328 return ERR_CAST(ns);
2329
2330 namespace_lock();
2331 mnt = __do_loopback(path, recursive);
2332 if (IS_ERR(mnt)) {
2333 namespace_unlock();
2334 free_mnt_ns(ns);
2335 return ERR_CAST(mnt);
2336 }
2337
2338 lock_mount_hash();
2339 for (p = mnt; p; p = next_mnt(p, mnt)) {
2340 p->mnt_ns = ns;
2341 ns->mounts++;
2342 }
2343 ns->root = mnt;
2344 list_add_tail(&ns->list, &mnt->mnt_list);
2345 mntget(&mnt->mnt);
2346 unlock_mount_hash();
2347 namespace_unlock();
2348
2349 mntput(path->mnt);
2350 path->mnt = &mnt->mnt;
2351 file = dentry_open(path, O_PATH, current_cred());
2352 if (IS_ERR(file))
2353 dissolve_on_fput(path->mnt);
2354 else
2355 file->f_mode |= FMODE_NEED_UNMOUNT;
2356 return file;
2357 }
2358
2359 SYSCALL_DEFINE3(open_tree, int, dfd, const char *, filename, unsigned, flags)
2360 {
2361 struct file *file;
2362 struct path path;
2363 int lookup_flags = LOOKUP_AUTOMOUNT | LOOKUP_FOLLOW;
2364 bool detached = flags & OPEN_TREE_CLONE;
2365 int error;
2366 int fd;
2367
2368 BUILD_BUG_ON(OPEN_TREE_CLOEXEC != O_CLOEXEC);
2369
2370 if (flags & ~(AT_EMPTY_PATH | AT_NO_AUTOMOUNT | AT_RECURSIVE |
2371 AT_SYMLINK_NOFOLLOW | OPEN_TREE_CLONE |
2372 OPEN_TREE_CLOEXEC))
2373 return -EINVAL;
2374
2375 if ((flags & (AT_RECURSIVE | OPEN_TREE_CLONE)) == AT_RECURSIVE)
2376 return -EINVAL;
2377
2378 if (flags & AT_NO_AUTOMOUNT)
2379 lookup_flags &= ~LOOKUP_AUTOMOUNT;
2380 if (flags & AT_SYMLINK_NOFOLLOW)
2381 lookup_flags &= ~LOOKUP_FOLLOW;
2382 if (flags & AT_EMPTY_PATH)
2383 lookup_flags |= LOOKUP_EMPTY;
2384
2385 if (detached && !may_mount())
2386 return -EPERM;
2387
2388 fd = get_unused_fd_flags(flags & O_CLOEXEC);
2389 if (fd < 0)
2390 return fd;
2391
2392 error = user_path_at(dfd, filename, lookup_flags, &path);
2393 if (unlikely(error)) {
2394 file = ERR_PTR(error);
2395 } else {
2396 if (detached)
2397 file = open_detached_copy(&path, flags & AT_RECURSIVE);
2398 else
2399 file = dentry_open(&path, O_PATH, current_cred());
2400 path_put(&path);
2401 }
2402 if (IS_ERR(file)) {
2403 put_unused_fd(fd);
2404 return PTR_ERR(file);
2405 }
2406 fd_install(fd, file);
2407 return fd;
2408 }
2409
2410
2411
2412
2413
2414
2415
2416 static bool can_change_locked_flags(struct mount *mnt, unsigned int mnt_flags)
2417 {
2418 unsigned int fl = mnt->mnt.mnt_flags;
2419
2420 if ((fl & MNT_LOCK_READONLY) &&
2421 !(mnt_flags & MNT_READONLY))
2422 return false;
2423
2424 if ((fl & MNT_LOCK_NODEV) &&
2425 !(mnt_flags & MNT_NODEV))
2426 return false;
2427
2428 if ((fl & MNT_LOCK_NOSUID) &&
2429 !(mnt_flags & MNT_NOSUID))
2430 return false;
2431
2432 if ((fl & MNT_LOCK_NOEXEC) &&
2433 !(mnt_flags & MNT_NOEXEC))
2434 return false;
2435
2436 if ((fl & MNT_LOCK_ATIME) &&
2437 ((fl & MNT_ATIME_MASK) != (mnt_flags & MNT_ATIME_MASK)))
2438 return false;
2439
2440 return true;
2441 }
2442
2443 static int change_mount_ro_state(struct mount *mnt, unsigned int mnt_flags)
2444 {
2445 bool readonly_request = (mnt_flags & MNT_READONLY);
2446
2447 if (readonly_request == __mnt_is_readonly(&mnt->mnt))
2448 return 0;
2449
2450 if (readonly_request)
2451 return mnt_make_readonly(mnt);
2452
2453 return __mnt_unmake_readonly(mnt);
2454 }
2455
2456
2457
2458
2459
2460 static void set_mount_attributes(struct mount *mnt, unsigned int mnt_flags)
2461 {
2462 lock_mount_hash();
2463 mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK;
2464 mnt->mnt.mnt_flags = mnt_flags;
2465 touch_mnt_namespace(mnt->mnt_ns);
2466 unlock_mount_hash();
2467 }
2468
2469 static void mnt_warn_timestamp_expiry(struct path *mountpoint, struct vfsmount *mnt)
2470 {
2471 struct super_block *sb = mnt->mnt_sb;
2472
2473 if (!__mnt_is_readonly(mnt) &&
2474 (ktime_get_real_seconds() + TIME_UPTIME_SEC_MAX > sb->s_time_max)) {
2475 char *buf = (char *)__get_free_page(GFP_KERNEL);
2476 char *mntpath = buf ? d_path(mountpoint, buf, PAGE_SIZE) : ERR_PTR(-ENOMEM);
2477 struct tm tm;
2478
2479 time64_to_tm(sb->s_time_max, 0, &tm);
2480
2481 pr_warn("%s filesystem being %s at %s supports timestamps until %04ld (0x%llx)\n",
2482 sb->s_type->name,
2483 is_mounted(mnt) ? "remounted" : "mounted",
2484 mntpath,
2485 tm.tm_year+1900, (unsigned long long)sb->s_time_max);
2486
2487 free_page((unsigned long)buf);
2488 }
2489 }
2490
2491
2492
2493
2494
2495
2496 static int do_reconfigure_mnt(struct path *path, unsigned int mnt_flags)
2497 {
2498 struct super_block *sb = path->mnt->mnt_sb;
2499 struct mount *mnt = real_mount(path->mnt);
2500 int ret;
2501
2502 if (!check_mnt(mnt))
2503 return -EINVAL;
2504
2505 if (path->dentry != mnt->mnt.mnt_root)
2506 return -EINVAL;
2507
2508 if (!can_change_locked_flags(mnt, mnt_flags))
2509 return -EPERM;
2510
2511 down_write(&sb->s_umount);
2512 ret = change_mount_ro_state(mnt, mnt_flags);
2513 if (ret == 0)
2514 set_mount_attributes(mnt, mnt_flags);
2515 up_write(&sb->s_umount);
2516
2517 mnt_warn_timestamp_expiry(path, &mnt->mnt);
2518
2519 return ret;
2520 }
2521
2522
2523
2524
2525
2526
2527 static int do_remount(struct path *path, int ms_flags, int sb_flags,
2528 int mnt_flags, void *data)
2529 {
2530 int err;
2531 struct super_block *sb = path->mnt->mnt_sb;
2532 struct mount *mnt = real_mount(path->mnt);
2533 struct fs_context *fc;
2534
2535 if (!check_mnt(mnt))
2536 return -EINVAL;
2537
2538 if (path->dentry != path->mnt->mnt_root)
2539 return -EINVAL;
2540
2541 if (!can_change_locked_flags(mnt, mnt_flags))
2542 return -EPERM;
2543
2544 fc = fs_context_for_reconfigure(path->dentry, sb_flags, MS_RMT_MASK);
2545 if (IS_ERR(fc))
2546 return PTR_ERR(fc);
2547
2548 err = parse_monolithic_mount_data(fc, data);
2549 if (!err) {
2550 down_write(&sb->s_umount);
2551 err = -EPERM;
2552 if (ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) {
2553 err = reconfigure_super(fc);
2554 if (!err)
2555 set_mount_attributes(mnt, mnt_flags);
2556 }
2557 up_write(&sb->s_umount);
2558 }
2559
2560 mnt_warn_timestamp_expiry(path, &mnt->mnt);
2561
2562 put_fs_context(fc);
2563 return err;
2564 }
2565
2566 static inline int tree_contains_unbindable(struct mount *mnt)
2567 {
2568 struct mount *p;
2569 for (p = mnt; p; p = next_mnt(p, mnt)) {
2570 if (IS_MNT_UNBINDABLE(p))
2571 return 1;
2572 }
2573 return 0;
2574 }
2575
2576
2577
2578
2579
2580
2581
2582 static bool check_for_nsfs_mounts(struct mount *subtree)
2583 {
2584 struct mount *p;
2585 bool ret = false;
2586
2587 lock_mount_hash();
2588 for (p = subtree; p; p = next_mnt(p, subtree))
2589 if (mnt_ns_loop(p->mnt.mnt_root))
2590 goto out;
2591
2592 ret = true;
2593 out:
2594 unlock_mount_hash();
2595 return ret;
2596 }
2597
2598 static int do_move_mount(struct path *old_path, struct path *new_path)
2599 {
2600 struct mnt_namespace *ns;
2601 struct mount *p;
2602 struct mount *old;
2603 struct mount *parent;
2604 struct mountpoint *mp, *old_mp;
2605 int err;
2606 bool attached;
2607
2608 mp = lock_mount(new_path);
2609 if (IS_ERR(mp))
2610 return PTR_ERR(mp);
2611
2612 old = real_mount(old_path->mnt);
2613 p = real_mount(new_path->mnt);
2614 parent = old->mnt_parent;
2615 attached = mnt_has_parent(old);
2616 old_mp = old->mnt_mp;
2617 ns = old->mnt_ns;
2618
2619 err = -EINVAL;
2620
2621 if (!check_mnt(p))
2622 goto out;
2623
2624
2625 if (!is_mounted(&old->mnt))
2626 goto out;
2627
2628
2629 if (!(attached ? check_mnt(old) : is_anon_ns(ns)))
2630 goto out;
2631
2632 if (old->mnt.mnt_flags & MNT_LOCKED)
2633 goto out;
2634
2635 if (old_path->dentry != old_path->mnt->mnt_root)
2636 goto out;
2637
2638 if (d_is_dir(new_path->dentry) !=
2639 d_is_dir(old_path->dentry))
2640 goto out;
2641
2642
2643
2644 if (attached && IS_MNT_SHARED(parent))
2645 goto out;
2646
2647
2648
2649
2650 if (IS_MNT_SHARED(p) && tree_contains_unbindable(old))
2651 goto out;
2652 err = -ELOOP;
2653 if (!check_for_nsfs_mounts(old))
2654 goto out;
2655 for (; mnt_has_parent(p); p = p->mnt_parent)
2656 if (p == old)
2657 goto out;
2658
2659 err = attach_recursive_mnt(old, real_mount(new_path->mnt), mp,
2660 attached);
2661 if (err)
2662 goto out;
2663
2664
2665
2666 list_del_init(&old->mnt_expire);
2667 if (attached)
2668 put_mountpoint(old_mp);
2669 out:
2670 unlock_mount(mp);
2671 if (!err) {
2672 if (attached)
2673 mntput_no_expire(parent);
2674 else
2675 free_mnt_ns(ns);
2676 }
2677 return err;
2678 }
2679
2680 static int do_move_mount_old(struct path *path, const char *old_name)
2681 {
2682 struct path old_path;
2683 int err;
2684
2685 if (!old_name || !*old_name)
2686 return -EINVAL;
2687
2688 err = kern_path(old_name, LOOKUP_FOLLOW, &old_path);
2689 if (err)
2690 return err;
2691
2692 err = do_move_mount(&old_path, path);
2693 path_put(&old_path);
2694 return err;
2695 }
2696
2697
2698
2699
2700 static int do_add_mount(struct mount *newmnt, struct path *path, int mnt_flags)
2701 {
2702 struct mountpoint *mp;
2703 struct mount *parent;
2704 int err;
2705
2706 mnt_flags &= ~MNT_INTERNAL_FLAGS;
2707
2708 mp = lock_mount(path);
2709 if (IS_ERR(mp))
2710 return PTR_ERR(mp);
2711
2712 parent = real_mount(path->mnt);
2713 err = -EINVAL;
2714 if (unlikely(!check_mnt(parent))) {
2715
2716 if (!(mnt_flags & MNT_SHRINKABLE))
2717 goto unlock;
2718
2719 if (!parent->mnt_ns)
2720 goto unlock;
2721 }
2722
2723
2724 err = -EBUSY;
2725 if (path->mnt->mnt_sb == newmnt->mnt.mnt_sb &&
2726 path->mnt->mnt_root == path->dentry)
2727 goto unlock;
2728
2729 err = -EINVAL;
2730 if (d_is_symlink(newmnt->mnt.mnt_root))
2731 goto unlock;
2732
2733 newmnt->mnt.mnt_flags = mnt_flags;
2734 err = graft_tree(newmnt, parent, mp);
2735
2736 unlock:
2737 unlock_mount(mp);
2738 return err;
2739 }
2740
2741 static bool mount_too_revealing(const struct super_block *sb, int *new_mnt_flags);
2742
2743
2744
2745
2746
2747 static int do_new_mount_fc(struct fs_context *fc, struct path *mountpoint,
2748 unsigned int mnt_flags)
2749 {
2750 struct vfsmount *mnt;
2751 struct super_block *sb = fc->root->d_sb;
2752 int error;
2753
2754 error = security_sb_kern_mount(sb);
2755 if (!error && mount_too_revealing(sb, &mnt_flags))
2756 error = -EPERM;
2757
2758 if (unlikely(error)) {
2759 fc_drop_locked(fc);
2760 return error;
2761 }
2762
2763 up_write(&sb->s_umount);
2764
2765 mnt = vfs_create_mount(fc);
2766 if (IS_ERR(mnt))
2767 return PTR_ERR(mnt);
2768
2769 mnt_warn_timestamp_expiry(mountpoint, mnt);
2770
2771 error = do_add_mount(real_mount(mnt), mountpoint, mnt_flags);
2772 if (error < 0)
2773 mntput(mnt);
2774 return error;
2775 }
2776
2777
2778
2779
2780
2781 static int do_new_mount(struct path *path, const char *fstype, int sb_flags,
2782 int mnt_flags, const char *name, void *data)
2783 {
2784 struct file_system_type *type;
2785 struct fs_context *fc;
2786 const char *subtype = NULL;
2787 int err = 0;
2788
2789 if (!fstype)
2790 return -EINVAL;
2791
2792 type = get_fs_type(fstype);
2793 if (!type)
2794 return -ENODEV;
2795
2796 if (type->fs_flags & FS_HAS_SUBTYPE) {
2797 subtype = strchr(fstype, '.');
2798 if (subtype) {
2799 subtype++;
2800 if (!*subtype) {
2801 put_filesystem(type);
2802 return -EINVAL;
2803 }
2804 }
2805 }
2806
2807 fc = fs_context_for_mount(type, sb_flags);
2808 put_filesystem(type);
2809 if (IS_ERR(fc))
2810 return PTR_ERR(fc);
2811
2812 if (subtype)
2813 err = vfs_parse_fs_string(fc, "subtype",
2814 subtype, strlen(subtype));
2815 if (!err && name)
2816 err = vfs_parse_fs_string(fc, "source", name, strlen(name));
2817 if (!err)
2818 err = parse_monolithic_mount_data(fc, data);
2819 if (!err && !mount_capable(fc))
2820 err = -EPERM;
2821 if (!err)
2822 err = vfs_get_tree(fc);
2823 if (!err)
2824 err = do_new_mount_fc(fc, path, mnt_flags);
2825
2826 put_fs_context(fc);
2827 return err;
2828 }
2829
2830 int finish_automount(struct vfsmount *m, struct path *path)
2831 {
2832 struct mount *mnt = real_mount(m);
2833 int err;
2834
2835
2836
2837 BUG_ON(mnt_get_count(mnt) < 2);
2838
2839 if (m->mnt_sb == path->mnt->mnt_sb &&
2840 m->mnt_root == path->dentry) {
2841 err = -ELOOP;
2842 goto fail;
2843 }
2844
2845 err = do_add_mount(mnt, path, path->mnt->mnt_flags | MNT_SHRINKABLE);
2846 if (!err)
2847 return 0;
2848 fail:
2849
2850 if (!list_empty(&mnt->mnt_expire)) {
2851 namespace_lock();
2852 list_del_init(&mnt->mnt_expire);
2853 namespace_unlock();
2854 }
2855 mntput(m);
2856 mntput(m);
2857 return err;
2858 }
2859
2860
2861
2862
2863
2864
2865 void mnt_set_expiry(struct vfsmount *mnt, struct list_head *expiry_list)
2866 {
2867 namespace_lock();
2868
2869 list_add_tail(&real_mount(mnt)->mnt_expire, expiry_list);
2870
2871 namespace_unlock();
2872 }
2873 EXPORT_SYMBOL(mnt_set_expiry);
2874
2875
2876
2877
2878
2879
2880 void mark_mounts_for_expiry(struct list_head *mounts)
2881 {
2882 struct mount *mnt, *next;
2883 LIST_HEAD(graveyard);
2884
2885 if (list_empty(mounts))
2886 return;
2887
2888 namespace_lock();
2889 lock_mount_hash();
2890
2891
2892
2893
2894
2895
2896
2897 list_for_each_entry_safe(mnt, next, mounts, mnt_expire) {
2898 if (!xchg(&mnt->mnt_expiry_mark, 1) ||
2899 propagate_mount_busy(mnt, 1))
2900 continue;
2901 list_move(&mnt->mnt_expire, &graveyard);
2902 }
2903 while (!list_empty(&graveyard)) {
2904 mnt = list_first_entry(&graveyard, struct mount, mnt_expire);
2905 touch_mnt_namespace(mnt->mnt_ns);
2906 umount_tree(mnt, UMOUNT_PROPAGATE|UMOUNT_SYNC);
2907 }
2908 unlock_mount_hash();
2909 namespace_unlock();
2910 }
2911
2912 EXPORT_SYMBOL_GPL(mark_mounts_for_expiry);
2913
2914
2915
2916
2917
2918
2919
2920 static int select_submounts(struct mount *parent, struct list_head *graveyard)
2921 {
2922 struct mount *this_parent = parent;
2923 struct list_head *next;
2924 int found = 0;
2925
2926 repeat:
2927 next = this_parent->mnt_mounts.next;
2928 resume:
2929 while (next != &this_parent->mnt_mounts) {
2930 struct list_head *tmp = next;
2931 struct mount *mnt = list_entry(tmp, struct mount, mnt_child);
2932
2933 next = tmp->next;
2934 if (!(mnt->mnt.mnt_flags & MNT_SHRINKABLE))
2935 continue;
2936
2937
2938
2939 if (!list_empty(&mnt->mnt_mounts)) {
2940 this_parent = mnt;
2941 goto repeat;
2942 }
2943
2944 if (!propagate_mount_busy(mnt, 1)) {
2945 list_move_tail(&mnt->mnt_expire, graveyard);
2946 found++;
2947 }
2948 }
2949
2950
2951
2952 if (this_parent != parent) {
2953 next = this_parent->mnt_child.next;
2954 this_parent = this_parent->mnt_parent;
2955 goto resume;
2956 }
2957 return found;
2958 }
2959
2960
2961
2962
2963
2964
2965
2966 static void shrink_submounts(struct mount *mnt)
2967 {
2968 LIST_HEAD(graveyard);
2969 struct mount *m;
2970
2971
2972 while (select_submounts(mnt, &graveyard)) {
2973 while (!list_empty(&graveyard)) {
2974 m = list_first_entry(&graveyard, struct mount,
2975 mnt_expire);
2976 touch_mnt_namespace(m->mnt_ns);
2977 umount_tree(m, UMOUNT_PROPAGATE|UMOUNT_SYNC);
2978 }
2979 }
2980 }
2981
2982
2983
2984
2985
2986
2987
2988 static long exact_copy_from_user(void *to, const void __user * from,
2989 unsigned long n)
2990 {
2991 char *t = to;
2992 const char __user *f = from;
2993 char c;
2994
2995 if (!access_ok(from, n))
2996 return n;
2997
2998 while (n) {
2999 if (__get_user(c, f)) {
3000 memset(t, 0, n);
3001 break;
3002 }
3003 *t++ = c;
3004 f++;
3005 n--;
3006 }
3007 return n;
3008 }
3009
3010 void *copy_mount_options(const void __user * data)
3011 {
3012 int i;
3013 unsigned long size;
3014 char *copy;
3015
3016 if (!data)
3017 return NULL;
3018
3019 copy = kmalloc(PAGE_SIZE, GFP_KERNEL);
3020 if (!copy)
3021 return ERR_PTR(-ENOMEM);
3022
3023
3024
3025
3026
3027
3028 size = TASK_SIZE - (unsigned long)untagged_addr(data);
3029 if (size > PAGE_SIZE)
3030 size = PAGE_SIZE;
3031
3032 i = size - exact_copy_from_user(copy, data, size);
3033 if (!i) {
3034 kfree(copy);
3035 return ERR_PTR(-EFAULT);
3036 }
3037 if (i != PAGE_SIZE)
3038 memset(copy + i, 0, PAGE_SIZE - i);
3039 return copy;
3040 }
3041
3042 char *copy_mount_string(const void __user *data)
3043 {
3044 return data ? strndup_user(data, PATH_MAX) : NULL;
3045 }
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061 long do_mount(const char *dev_name, const char __user *dir_name,
3062 const char *type_page, unsigned long flags, void *data_page)
3063 {
3064 struct path path;
3065 unsigned int mnt_flags = 0, sb_flags;
3066 int retval = 0;
3067
3068
3069 if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
3070 flags &= ~MS_MGC_MSK;
3071
3072
3073 if (data_page)
3074 ((char *)data_page)[PAGE_SIZE - 1] = 0;
3075
3076 if (flags & MS_NOUSER)
3077 return -EINVAL;
3078
3079
3080 retval = user_path_at(AT_FDCWD, dir_name, LOOKUP_FOLLOW, &path);
3081 if (retval)
3082 return retval;
3083
3084 retval = security_sb_mount(dev_name, &path,
3085 type_page, flags, data_page);
3086 if (!retval && !may_mount())
3087 retval = -EPERM;
3088 if (!retval && (flags & SB_MANDLOCK) && !may_mandlock())
3089 retval = -EPERM;
3090 if (retval)
3091 goto dput_out;
3092
3093
3094 if (!(flags & MS_NOATIME))
3095 mnt_flags |= MNT_RELATIME;
3096
3097
3098 if (flags & MS_NOSUID)
3099 mnt_flags |= MNT_NOSUID;
3100 if (flags & MS_NODEV)
3101 mnt_flags |= MNT_NODEV;
3102 if (flags & MS_NOEXEC)
3103 mnt_flags |= MNT_NOEXEC;
3104 if (flags & MS_NOATIME)
3105 mnt_flags |= MNT_NOATIME;
3106 if (flags & MS_NODIRATIME)
3107 mnt_flags |= MNT_NODIRATIME;
3108 if (flags & MS_STRICTATIME)
3109 mnt_flags &= ~(MNT_RELATIME | MNT_NOATIME);
3110 if (flags & MS_RDONLY)
3111 mnt_flags |= MNT_READONLY;
3112
3113
3114 if ((flags & MS_REMOUNT) &&
3115 ((flags & (MS_NOATIME | MS_NODIRATIME | MS_RELATIME |
3116 MS_STRICTATIME)) == 0)) {
3117 mnt_flags &= ~MNT_ATIME_MASK;
3118 mnt_flags |= path.mnt->mnt_flags & MNT_ATIME_MASK;
3119 }
3120
3121 sb_flags = flags & (SB_RDONLY |
3122 SB_SYNCHRONOUS |
3123 SB_MANDLOCK |
3124 SB_DIRSYNC |
3125 SB_SILENT |
3126 SB_POSIXACL |
3127 SB_LAZYTIME |
3128 SB_I_VERSION);
3129
3130 if ((flags & (MS_REMOUNT | MS_BIND)) == (MS_REMOUNT | MS_BIND))
3131 retval = do_reconfigure_mnt(&path, mnt_flags);
3132 else if (flags & MS_REMOUNT)
3133 retval = do_remount(&path, flags, sb_flags, mnt_flags,
3134 data_page);
3135 else if (flags & MS_BIND)
3136 retval = do_loopback(&path, dev_name, flags & MS_REC);
3137 else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
3138 retval = do_change_type(&path, flags);
3139 else if (flags & MS_MOVE)
3140 retval = do_move_mount_old(&path, dev_name);
3141 else
3142 retval = do_new_mount(&path, type_page, sb_flags, mnt_flags,
3143 dev_name, data_page);
3144 dput_out:
3145 path_put(&path);
3146 return retval;
3147 }
3148
3149 static struct ucounts *inc_mnt_namespaces(struct user_namespace *ns)
3150 {
3151 return inc_ucount(ns, current_euid(), UCOUNT_MNT_NAMESPACES);
3152 }
3153
3154 static void dec_mnt_namespaces(struct ucounts *ucounts)
3155 {
3156 dec_ucount(ucounts, UCOUNT_MNT_NAMESPACES);
3157 }
3158
3159 static void free_mnt_ns(struct mnt_namespace *ns)
3160 {
3161 if (!is_anon_ns(ns))
3162 ns_free_inum(&ns->ns);
3163 dec_mnt_namespaces(ns->ucounts);
3164 put_user_ns(ns->user_ns);
3165 kfree(ns);
3166 }
3167
3168
3169
3170
3171
3172
3173
3174
3175 static atomic64_t mnt_ns_seq = ATOMIC64_INIT(1);
3176
3177 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool anon)
3178 {
3179 struct mnt_namespace *new_ns;
3180 struct ucounts *ucounts;
3181 int ret;
3182
3183 ucounts = inc_mnt_namespaces(user_ns);
3184 if (!ucounts)
3185 return ERR_PTR(-ENOSPC);
3186
3187 new_ns = kzalloc(sizeof(struct mnt_namespace), GFP_KERNEL);
3188 if (!new_ns) {
3189 dec_mnt_namespaces(ucounts);
3190 return ERR_PTR(-ENOMEM);
3191 }
3192 if (!anon) {
3193 ret = ns_alloc_inum(&new_ns->ns);
3194 if (ret) {
3195 kfree(new_ns);
3196 dec_mnt_namespaces(ucounts);
3197 return ERR_PTR(ret);
3198 }
3199 }
3200 new_ns->ns.ops = &mntns_operations;
3201 if (!anon)
3202 new_ns->seq = atomic64_add_return(1, &mnt_ns_seq);
3203 atomic_set(&new_ns->count, 1);
3204 INIT_LIST_HEAD(&new_ns->list);
3205 init_waitqueue_head(&new_ns->poll);
3206 new_ns->user_ns = get_user_ns(user_ns);
3207 new_ns->ucounts = ucounts;
3208 return new_ns;
3209 }
3210
3211 __latent_entropy
3212 struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
3213 struct user_namespace *user_ns, struct fs_struct *new_fs)
3214 {
3215 struct mnt_namespace *new_ns;
3216 struct vfsmount *rootmnt = NULL, *pwdmnt = NULL;
3217 struct mount *p, *q;
3218 struct mount *old;
3219 struct mount *new;
3220 int copy_flags;
3221
3222 BUG_ON(!ns);
3223
3224 if (likely(!(flags & CLONE_NEWNS))) {
3225 get_mnt_ns(ns);
3226 return ns;
3227 }
3228
3229 old = ns->root;
3230
3231 new_ns = alloc_mnt_ns(user_ns, false);
3232 if (IS_ERR(new_ns))
3233 return new_ns;
3234
3235 namespace_lock();
3236
3237 copy_flags = CL_COPY_UNBINDABLE | CL_EXPIRE;
3238 if (user_ns != ns->user_ns)
3239 copy_flags |= CL_SHARED_TO_SLAVE;
3240 new = copy_tree(old, old->mnt.mnt_root, copy_flags);
3241 if (IS_ERR(new)) {
3242 namespace_unlock();
3243 free_mnt_ns(new_ns);
3244 return ERR_CAST(new);
3245 }
3246 if (user_ns != ns->user_ns) {
3247 lock_mount_hash();
3248 lock_mnt_tree(new);
3249 unlock_mount_hash();
3250 }
3251 new_ns->root = new;
3252 list_add_tail(&new_ns->list, &new->mnt_list);
3253
3254
3255
3256
3257
3258
3259 p = old;
3260 q = new;
3261 while (p) {
3262 q->mnt_ns = new_ns;
3263 new_ns->mounts++;
3264 if (new_fs) {
3265 if (&p->mnt == new_fs->root.mnt) {
3266 new_fs->root.mnt = mntget(&q->mnt);
3267 rootmnt = &p->mnt;
3268 }
3269 if (&p->mnt == new_fs->pwd.mnt) {
3270 new_fs->pwd.mnt = mntget(&q->mnt);
3271 pwdmnt = &p->mnt;
3272 }
3273 }
3274 p = next_mnt(p, old);
3275 q = next_mnt(q, new);
3276 if (!q)
3277 break;
3278 while (p->mnt.mnt_root != q->mnt.mnt_root)
3279 p = next_mnt(p, old);
3280 }
3281 namespace_unlock();
3282
3283 if (rootmnt)
3284 mntput(rootmnt);
3285 if (pwdmnt)
3286 mntput(pwdmnt);
3287
3288 return new_ns;
3289 }
3290
3291 struct dentry *mount_subtree(struct vfsmount *m, const char *name)
3292 {
3293 struct mount *mnt = real_mount(m);
3294 struct mnt_namespace *ns;
3295 struct super_block *s;
3296 struct path path;
3297 int err;
3298
3299 ns = alloc_mnt_ns(&init_user_ns, true);
3300 if (IS_ERR(ns)) {
3301 mntput(m);
3302 return ERR_CAST(ns);
3303 }
3304 mnt->mnt_ns = ns;
3305 ns->root = mnt;
3306 ns->mounts++;
3307 list_add(&mnt->mnt_list, &ns->list);
3308
3309 err = vfs_path_lookup(m->mnt_root, m,
3310 name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &path);
3311
3312 put_mnt_ns(ns);
3313
3314 if (err)
3315 return ERR_PTR(err);
3316
3317
3318 s = path.mnt->mnt_sb;
3319 atomic_inc(&s->s_active);
3320 mntput(path.mnt);
3321
3322 down_write(&s->s_umount);
3323
3324 return path.dentry;
3325 }
3326 EXPORT_SYMBOL(mount_subtree);
3327
3328 int ksys_mount(const char __user *dev_name, const char __user *dir_name,
3329 const char __user *type, unsigned long flags, void __user *data)
3330 {
3331 int ret;
3332 char *kernel_type;
3333 char *kernel_dev;
3334 void *options;
3335
3336 kernel_type = copy_mount_string(type);
3337 ret = PTR_ERR(kernel_type);
3338 if (IS_ERR(kernel_type))
3339 goto out_type;
3340
3341 kernel_dev = copy_mount_string(dev_name);
3342 ret = PTR_ERR(kernel_dev);
3343 if (IS_ERR(kernel_dev))
3344 goto out_dev;
3345
3346 options = copy_mount_options(data);
3347 ret = PTR_ERR(options);
3348 if (IS_ERR(options))
3349 goto out_data;
3350
3351 ret = do_mount(kernel_dev, dir_name, kernel_type, flags, options);
3352
3353 kfree(options);
3354 out_data:
3355 kfree(kernel_dev);
3356 out_dev:
3357 kfree(kernel_type);
3358 out_type:
3359 return ret;
3360 }
3361
3362 SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name,
3363 char __user *, type, unsigned long, flags, void __user *, data)
3364 {
3365 return ksys_mount(dev_name, dir_name, type, flags, data);
3366 }
3367
3368
3369
3370
3371
3372 SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
3373 unsigned int, attr_flags)
3374 {
3375 struct mnt_namespace *ns;
3376 struct fs_context *fc;
3377 struct file *file;
3378 struct path newmount;
3379 struct mount *mnt;
3380 struct fd f;
3381 unsigned int mnt_flags = 0;
3382 long ret;
3383
3384 if (!may_mount())
3385 return -EPERM;
3386
3387 if ((flags & ~(FSMOUNT_CLOEXEC)) != 0)
3388 return -EINVAL;
3389
3390 if (attr_flags & ~(MOUNT_ATTR_RDONLY |
3391 MOUNT_ATTR_NOSUID |
3392 MOUNT_ATTR_NODEV |
3393 MOUNT_ATTR_NOEXEC |
3394 MOUNT_ATTR__ATIME |
3395 MOUNT_ATTR_NODIRATIME))
3396 return -EINVAL;
3397
3398 if (attr_flags & MOUNT_ATTR_RDONLY)
3399 mnt_flags |= MNT_READONLY;
3400 if (attr_flags & MOUNT_ATTR_NOSUID)
3401 mnt_flags |= MNT_NOSUID;
3402 if (attr_flags & MOUNT_ATTR_NODEV)
3403 mnt_flags |= MNT_NODEV;
3404 if (attr_flags & MOUNT_ATTR_NOEXEC)
3405 mnt_flags |= MNT_NOEXEC;
3406 if (attr_flags & MOUNT_ATTR_NODIRATIME)
3407 mnt_flags |= MNT_NODIRATIME;
3408
3409 switch (attr_flags & MOUNT_ATTR__ATIME) {
3410 case MOUNT_ATTR_STRICTATIME:
3411 break;
3412 case MOUNT_ATTR_NOATIME:
3413 mnt_flags |= MNT_NOATIME;
3414 break;
3415 case MOUNT_ATTR_RELATIME:
3416 mnt_flags |= MNT_RELATIME;
3417 break;
3418 default:
3419 return -EINVAL;
3420 }
3421
3422 f = fdget(fs_fd);
3423 if (!f.file)
3424 return -EBADF;
3425
3426 ret = -EINVAL;
3427 if (f.file->f_op != &fscontext_fops)
3428 goto err_fsfd;
3429
3430 fc = f.file->private_data;
3431
3432 ret = mutex_lock_interruptible(&fc->uapi_mutex);
3433 if (ret < 0)
3434 goto err_fsfd;
3435
3436
3437 ret = -EINVAL;
3438 if (!fc->root)
3439 goto err_unlock;
3440
3441 ret = -EPERM;
3442 if (mount_too_revealing(fc->root->d_sb, &mnt_flags)) {
3443 pr_warn("VFS: Mount too revealing\n");
3444 goto err_unlock;
3445 }
3446
3447 ret = -EBUSY;
3448 if (fc->phase != FS_CONTEXT_AWAITING_MOUNT)
3449 goto err_unlock;
3450
3451 ret = -EPERM;
3452 if ((fc->sb_flags & SB_MANDLOCK) && !may_mandlock())
3453 goto err_unlock;
3454
3455 newmount.mnt = vfs_create_mount(fc);
3456 if (IS_ERR(newmount.mnt)) {
3457 ret = PTR_ERR(newmount.mnt);
3458 goto err_unlock;
3459 }
3460 newmount.dentry = dget(fc->root);
3461 newmount.mnt->mnt_flags = mnt_flags;
3462
3463
3464
3465
3466
3467
3468 vfs_clean_context(fc);
3469
3470 ns = alloc_mnt_ns(current->nsproxy->mnt_ns->user_ns, true);
3471 if (IS_ERR(ns)) {
3472 ret = PTR_ERR(ns);
3473 goto err_path;
3474 }
3475 mnt = real_mount(newmount.mnt);
3476 mnt->mnt_ns = ns;
3477 ns->root = mnt;
3478 ns->mounts = 1;
3479 list_add(&mnt->mnt_list, &ns->list);
3480 mntget(newmount.mnt);
3481
3482
3483
3484
3485 file = dentry_open(&newmount, O_PATH, fc->cred);
3486 if (IS_ERR(file)) {
3487 dissolve_on_fput(newmount.mnt);
3488 ret = PTR_ERR(file);
3489 goto err_path;
3490 }
3491 file->f_mode |= FMODE_NEED_UNMOUNT;
3492
3493 ret = get_unused_fd_flags((flags & FSMOUNT_CLOEXEC) ? O_CLOEXEC : 0);
3494 if (ret >= 0)
3495 fd_install(ret, file);
3496 else
3497 fput(file);
3498
3499 err_path:
3500 path_put(&newmount);
3501 err_unlock:
3502 mutex_unlock(&fc->uapi_mutex);
3503 err_fsfd:
3504 fdput(f);
3505 return ret;
3506 }
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516 SYSCALL_DEFINE5(move_mount,
3517 int, from_dfd, const char *, from_pathname,
3518 int, to_dfd, const char *, to_pathname,
3519 unsigned int, flags)
3520 {
3521 struct path from_path, to_path;
3522 unsigned int lflags;
3523 int ret = 0;
3524
3525 if (!may_mount())
3526 return -EPERM;
3527
3528 if (flags & ~MOVE_MOUNT__MASK)
3529 return -EINVAL;
3530
3531
3532
3533
3534
3535 lflags = 0;
3536 if (flags & MOVE_MOUNT_F_SYMLINKS) lflags |= LOOKUP_FOLLOW;
3537 if (flags & MOVE_MOUNT_F_AUTOMOUNTS) lflags |= LOOKUP_AUTOMOUNT;
3538 if (flags & MOVE_MOUNT_F_EMPTY_PATH) lflags |= LOOKUP_EMPTY;
3539
3540 ret = user_path_at(from_dfd, from_pathname, lflags, &from_path);
3541 if (ret < 0)
3542 return ret;
3543
3544 lflags = 0;
3545 if (flags & MOVE_MOUNT_T_SYMLINKS) lflags |= LOOKUP_FOLLOW;
3546 if (flags & MOVE_MOUNT_T_AUTOMOUNTS) lflags |= LOOKUP_AUTOMOUNT;
3547 if (flags & MOVE_MOUNT_T_EMPTY_PATH) lflags |= LOOKUP_EMPTY;
3548
3549 ret = user_path_at(to_dfd, to_pathname, lflags, &to_path);
3550 if (ret < 0)
3551 goto out_from;
3552
3553 ret = security_move_mount(&from_path, &to_path);
3554 if (ret < 0)
3555 goto out_to;
3556
3557 ret = do_move_mount(&from_path, &to_path);
3558
3559 out_to:
3560 path_put(&to_path);
3561 out_from:
3562 path_put(&from_path);
3563 return ret;
3564 }
3565
3566
3567
3568
3569
3570
3571 bool is_path_reachable(struct mount *mnt, struct dentry *dentry,
3572 const struct path *root)
3573 {
3574 while (&mnt->mnt != root->mnt && mnt_has_parent(mnt)) {
3575 dentry = mnt->mnt_mountpoint;
3576 mnt = mnt->mnt_parent;
3577 }
3578 return &mnt->mnt == root->mnt && is_subdir(dentry, root->dentry);
3579 }
3580
3581 bool path_is_under(const struct path *path1, const struct path *path2)
3582 {
3583 bool res;
3584 read_seqlock_excl(&mount_lock);
3585 res = is_path_reachable(real_mount(path1->mnt), path1->dentry, path2);
3586 read_sequnlock_excl(&mount_lock);
3587 return res;
3588 }
3589 EXPORT_SYMBOL(path_is_under);
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616 SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
3617 const char __user *, put_old)
3618 {
3619 struct path new, old, root;
3620 struct mount *new_mnt, *root_mnt, *old_mnt, *root_parent, *ex_parent;
3621 struct mountpoint *old_mp, *root_mp;
3622 int error;
3623
3624 if (!may_mount())
3625 return -EPERM;
3626
3627 error = user_path_at(AT_FDCWD, new_root,
3628 LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &new);
3629 if (error)
3630 goto out0;
3631
3632 error = user_path_at(AT_FDCWD, put_old,
3633 LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &old);
3634 if (error)
3635 goto out1;
3636
3637 error = security_sb_pivotroot(&old, &new);
3638 if (error)
3639 goto out2;
3640
3641 get_fs_root(current->fs, &root);
3642 old_mp = lock_mount(&old);
3643 error = PTR_ERR(old_mp);
3644 if (IS_ERR(old_mp))
3645 goto out3;
3646
3647 error = -EINVAL;
3648 new_mnt = real_mount(new.mnt);
3649 root_mnt = real_mount(root.mnt);
3650 old_mnt = real_mount(old.mnt);
3651 ex_parent = new_mnt->mnt_parent;
3652 root_parent = root_mnt->mnt_parent;
3653 if (IS_MNT_SHARED(old_mnt) ||
3654 IS_MNT_SHARED(ex_parent) ||
3655 IS_MNT_SHARED(root_parent))
3656 goto out4;
3657 if (!check_mnt(root_mnt) || !check_mnt(new_mnt))
3658 goto out4;
3659 if (new_mnt->mnt.mnt_flags & MNT_LOCKED)
3660 goto out4;
3661 error = -ENOENT;
3662 if (d_unlinked(new.dentry))
3663 goto out4;
3664 error = -EBUSY;
3665 if (new_mnt == root_mnt || old_mnt == root_mnt)
3666 goto out4;
3667 error = -EINVAL;
3668 if (root.mnt->mnt_root != root.dentry)
3669 goto out4;
3670 if (!mnt_has_parent(root_mnt))
3671 goto out4;
3672 if (new.mnt->mnt_root != new.dentry)
3673 goto out4;
3674 if (!mnt_has_parent(new_mnt))
3675 goto out4;
3676
3677 if (!is_path_reachable(old_mnt, old.dentry, &new))
3678 goto out4;
3679
3680 if (!is_path_reachable(new_mnt, new.dentry, &root))
3681 goto out4;
3682 lock_mount_hash();
3683 umount_mnt(new_mnt);
3684 root_mp = unhash_mnt(root_mnt);
3685 if (root_mnt->mnt.mnt_flags & MNT_LOCKED) {
3686 new_mnt->mnt.mnt_flags |= MNT_LOCKED;
3687 root_mnt->mnt.mnt_flags &= ~MNT_LOCKED;
3688 }
3689
3690 attach_mnt(root_mnt, old_mnt, old_mp);
3691
3692 attach_mnt(new_mnt, root_parent, root_mp);
3693 mnt_add_count(root_parent, -1);
3694 touch_mnt_namespace(current->nsproxy->mnt_ns);
3695
3696 list_del_init(&new_mnt->mnt_expire);
3697 put_mountpoint(root_mp);
3698 unlock_mount_hash();
3699 chroot_fs_refs(&root, &new);
3700 error = 0;
3701 out4:
3702 unlock_mount(old_mp);
3703 if (!error)
3704 mntput_no_expire(ex_parent);
3705 out3:
3706 path_put(&root);
3707 out2:
3708 path_put(&old);
3709 out1:
3710 path_put(&new);
3711 out0:
3712 return error;
3713 }
3714
3715 static void __init init_mount_tree(void)
3716 {
3717 struct vfsmount *mnt;
3718 struct mount *m;
3719 struct mnt_namespace *ns;
3720 struct path root;
3721
3722 mnt = vfs_kern_mount(&rootfs_fs_type, 0, "rootfs", NULL);
3723 if (IS_ERR(mnt))
3724 panic("Can't create rootfs");
3725
3726 ns = alloc_mnt_ns(&init_user_ns, false);
3727 if (IS_ERR(ns))
3728 panic("Can't allocate initial namespace");
3729 m = real_mount(mnt);
3730 m->mnt_ns = ns;
3731 ns->root = m;
3732 ns->mounts = 1;
3733 list_add(&m->mnt_list, &ns->list);
3734 init_task.nsproxy->mnt_ns = ns;
3735 get_mnt_ns(ns);
3736
3737 root.mnt = mnt;
3738 root.dentry = mnt->mnt_root;
3739 mnt->mnt_flags |= MNT_LOCKED;
3740
3741 set_fs_pwd(current->fs, &root);
3742 set_fs_root(current->fs, &root);
3743 }
3744
3745 void __init mnt_init(void)
3746 {
3747 int err;
3748
3749 mnt_cache = kmem_cache_create("mnt_cache", sizeof(struct mount),
3750 0, SLAB_HWCACHE_ALIGN | SLAB_PANIC, NULL);
3751
3752 mount_hashtable = alloc_large_system_hash("Mount-cache",
3753 sizeof(struct hlist_head),
3754 mhash_entries, 19,
3755 HASH_ZERO,
3756 &m_hash_shift, &m_hash_mask, 0, 0);
3757 mountpoint_hashtable = alloc_large_system_hash("Mountpoint-cache",
3758 sizeof(struct hlist_head),
3759 mphash_entries, 19,
3760 HASH_ZERO,
3761 &mp_hash_shift, &mp_hash_mask, 0, 0);
3762
3763 if (!mount_hashtable || !mountpoint_hashtable)
3764 panic("Failed to allocate mount hash table\n");
3765
3766 kernfs_init();
3767
3768 err = sysfs_init();
3769 if (err)
3770 printk(KERN_WARNING "%s: sysfs_init error: %d\n",
3771 __func__, err);
3772 fs_kobj = kobject_create_and_add("fs", NULL);
3773 if (!fs_kobj)
3774 printk(KERN_WARNING "%s: kobj create error\n", __func__);
3775 shmem_init();
3776 init_rootfs();
3777 init_mount_tree();
3778 }
3779
3780 void put_mnt_ns(struct mnt_namespace *ns)
3781 {
3782 if (!atomic_dec_and_test(&ns->count))
3783 return;
3784 drop_collected_mounts(&ns->root->mnt);
3785 free_mnt_ns(ns);
3786 }
3787
3788 struct vfsmount *kern_mount(struct file_system_type *type)
3789 {
3790 struct vfsmount *mnt;
3791 mnt = vfs_kern_mount(type, SB_KERNMOUNT, type->name, NULL);
3792 if (!IS_ERR(mnt)) {
3793
3794
3795
3796
3797 real_mount(mnt)->mnt_ns = MNT_NS_INTERNAL;
3798 }
3799 return mnt;
3800 }
3801 EXPORT_SYMBOL_GPL(kern_mount);
3802
3803 void kern_unmount(struct vfsmount *mnt)
3804 {
3805
3806 if (!IS_ERR_OR_NULL(mnt)) {
3807 real_mount(mnt)->mnt_ns = NULL;
3808 synchronize_rcu();
3809 mntput(mnt);
3810 }
3811 }
3812 EXPORT_SYMBOL(kern_unmount);
3813
3814 bool our_mnt(struct vfsmount *mnt)
3815 {
3816 return check_mnt(real_mount(mnt));
3817 }
3818
3819 bool current_chrooted(void)
3820 {
3821
3822 struct path ns_root;
3823 struct path fs_root;
3824 bool chrooted;
3825
3826
3827 ns_root.mnt = ¤t->nsproxy->mnt_ns->root->mnt;
3828 ns_root.dentry = ns_root.mnt->mnt_root;
3829 path_get(&ns_root);
3830 while (d_mountpoint(ns_root.dentry) && follow_down_one(&ns_root))
3831 ;
3832
3833 get_fs_root(current->fs, &fs_root);
3834
3835 chrooted = !path_equal(&fs_root, &ns_root);
3836
3837 path_put(&fs_root);
3838 path_put(&ns_root);
3839
3840 return chrooted;
3841 }
3842
3843 static bool mnt_already_visible(struct mnt_namespace *ns,
3844 const struct super_block *sb,
3845 int *new_mnt_flags)
3846 {
3847 int new_flags = *new_mnt_flags;
3848 struct mount *mnt;
3849 bool visible = false;
3850
3851 down_read(&namespace_sem);
3852 list_for_each_entry(mnt, &ns->list, mnt_list) {
3853 struct mount *child;
3854 int mnt_flags;
3855
3856 if (mnt->mnt.mnt_sb->s_type != sb->s_type)
3857 continue;
3858
3859
3860
3861
3862 if (mnt->mnt.mnt_root != mnt->mnt.mnt_sb->s_root)
3863 continue;
3864
3865
3866 mnt_flags = mnt->mnt.mnt_flags;
3867
3868
3869 if (sb_rdonly(mnt->mnt.mnt_sb))
3870 mnt_flags |= MNT_LOCK_READONLY;
3871
3872
3873
3874
3875 if ((mnt_flags & MNT_LOCK_READONLY) &&
3876 !(new_flags & MNT_READONLY))
3877 continue;
3878 if ((mnt_flags & MNT_LOCK_ATIME) &&
3879 ((mnt_flags & MNT_ATIME_MASK) != (new_flags & MNT_ATIME_MASK)))
3880 continue;
3881
3882
3883
3884
3885
3886 list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {
3887 struct inode *inode = child->mnt_mountpoint->d_inode;
3888
3889 if (!(child->mnt.mnt_flags & MNT_LOCKED))
3890 continue;
3891
3892 if (!is_empty_dir_inode(inode))
3893 goto next;
3894 }
3895
3896 *new_mnt_flags |= mnt_flags & (MNT_LOCK_READONLY | \
3897 MNT_LOCK_ATIME);
3898 visible = true;
3899 goto found;
3900 next: ;
3901 }
3902 found:
3903 up_read(&namespace_sem);
3904 return visible;
3905 }
3906
3907 static bool mount_too_revealing(const struct super_block *sb, int *new_mnt_flags)
3908 {
3909 const unsigned long required_iflags = SB_I_NOEXEC | SB_I_NODEV;
3910 struct mnt_namespace *ns = current->nsproxy->mnt_ns;
3911 unsigned long s_iflags;
3912
3913 if (ns->user_ns == &init_user_ns)
3914 return false;
3915
3916
3917 s_iflags = sb->s_iflags;
3918 if (!(s_iflags & SB_I_USERNS_VISIBLE))
3919 return false;
3920
3921 if ((s_iflags & required_iflags) != required_iflags) {
3922 WARN_ONCE(1, "Expected s_iflags to contain 0x%lx\n",
3923 required_iflags);
3924 return true;
3925 }
3926
3927 return !mnt_already_visible(ns, sb, new_mnt_flags);
3928 }
3929
3930 bool mnt_may_suid(struct vfsmount *mnt)
3931 {
3932
3933
3934
3935
3936
3937
3938
3939 return !(mnt->mnt_flags & MNT_NOSUID) && check_mnt(real_mount(mnt)) &&
3940 current_in_userns(mnt->mnt_sb->s_user_ns);
3941 }
3942
3943 static struct ns_common *mntns_get(struct task_struct *task)
3944 {
3945 struct ns_common *ns = NULL;
3946 struct nsproxy *nsproxy;
3947
3948 task_lock(task);
3949 nsproxy = task->nsproxy;
3950 if (nsproxy) {
3951 ns = &nsproxy->mnt_ns->ns;
3952 get_mnt_ns(to_mnt_ns(ns));
3953 }
3954 task_unlock(task);
3955
3956 return ns;
3957 }
3958
3959 static void mntns_put(struct ns_common *ns)
3960 {
3961 put_mnt_ns(to_mnt_ns(ns));
3962 }
3963
3964 static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns)
3965 {
3966 struct fs_struct *fs = current->fs;
3967 struct mnt_namespace *mnt_ns = to_mnt_ns(ns), *old_mnt_ns;
3968 struct path root;
3969 int err;
3970
3971 if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) ||
3972 !ns_capable(current_user_ns(), CAP_SYS_CHROOT) ||
3973 !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
3974 return -EPERM;
3975
3976 if (is_anon_ns(mnt_ns))
3977 return -EINVAL;
3978
3979 if (fs->users != 1)
3980 return -EINVAL;
3981
3982 get_mnt_ns(mnt_ns);
3983 old_mnt_ns = nsproxy->mnt_ns;
3984 nsproxy->mnt_ns = mnt_ns;
3985
3986
3987 err = vfs_path_lookup(mnt_ns->root->mnt.mnt_root, &mnt_ns->root->mnt,
3988 "/", LOOKUP_DOWN, &root);
3989 if (err) {
3990
3991 nsproxy->mnt_ns = old_mnt_ns;
3992 put_mnt_ns(mnt_ns);
3993 return err;
3994 }
3995
3996 put_mnt_ns(old_mnt_ns);
3997
3998
3999 set_fs_pwd(fs, &root);
4000 set_fs_root(fs, &root);
4001
4002 path_put(&root);
4003 return 0;
4004 }
4005
4006 static struct user_namespace *mntns_owner(struct ns_common *ns)
4007 {
4008 return to_mnt_ns(ns)->user_ns;
4009 }
4010
4011 const struct proc_ns_operations mntns_operations = {
4012 .name = "mnt",
4013 .type = CLONE_NEWNS,
4014 .get = mntns_get,
4015 .put = mntns_put,
4016 .install = mntns_install,
4017 .owner = mntns_owner,
4018 };