[3.8.y.z extended stable] Patch "mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Fri Aug 22 19:00:38 UTC 2014 

This is a note to let you know that I have just added a patch titled

    mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.28.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 3f25c522d01c113e7f199e963384c0288691a874 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm at xmission.com>
Date: Mon, 28 Jul 2014 17:10:56 -0700
Subject: mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into
 do_remount

commit 07b645589dcda8b7a5249e096fece2a67556f0f4 upstream.

There are no races as locked mount flags are guaranteed to never change.

Moving the test into do_remount makes it more visible, and ensures all
filesystem remounts pass the MNT_LOCK_READONLY permission check.  This
second case is not an issue today as filesystem remounts are guarded
by capable(CAP_DAC_ADMIN) and thus will always fail in less privileged
mount namespaces, but it could become an issue in the future.

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 fs/namespace.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index ddbd5bc..9171ac3 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1740,9 +1740,6 @@ static int change_mount_flags(struct vfsmount *mnt, int ms_flags)
 	if (readonly_request == __mnt_is_readonly(mnt))
 		return 0;

-	if (mnt->mnt_flags & MNT_LOCK_READONLY)
-		return -EPERM;
-
 	if (readonly_request)
 		error = mnt_make_readonly(real_mount(mnt));
 	else
@@ -1771,6 +1768,16 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
 	if (path->dentry != path->mnt->mnt_root)
 		return -EINVAL;

+	/* Don't allow changing of locked mnt flags.
+	 *
+	 * No locks need to be held here while testing the various
+	 * MNT_LOCK flags because those flags can never be cleared
+	 * once they are set.
+	 */
+	if ((mnt->mnt.mnt_flags & MNT_LOCK_READONLY) &&
+	    !(mnt_flags & MNT_READONLY)) {
+		return -EPERM;
+	}
 	err = security_sb_remount(sb, data);
 	if (err)
 		return err;
--
1.9.1

More information about the kernel-team mailing list