Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Pull namespace updates from Eric Biederman: "This is a bunch of small changes built against 3.16-rc6. The most significant change for users is the first patch which makes setns drmatically faster by removing unneded rcu handling. The next chunk of changes are so that "mount -o remount,.." will not allow the user namespace root to drop flags on a mount set by the system wide root. Aks this forces read-only mounts to stay read-only, no-dev mounts to stay no-dev, no-suid mounts to stay no-suid, no-exec mounts to stay no exec and it prevents unprivileged users from messing with a mounts atime settings. I have included my test case as the last patch in this series so people performing backports can verify this change works correctly. The next change fixes a bug in NFS that was discovered while auditing nsproxy users for the first optimization. Today you can oops the kernel by reading /proc/fs/nfsfs/{servers,volumes} if you are clever with pid namespaces. I rebased and fixed the build of the !CONFIG_NFS_FS case yesterday when a build bot caught my typo. Given that no one to my knowledge bases anything on my tree fixing the typo in place seems more responsible that requiring a typo-fix to be backported as well. The last change is a small semantic cleanup introducing /proc/thread-self and pointing /proc/mounts and /proc/net at it. This prevents several kinds of problemantic corner cases. It is a user-visible change so it has a minute chance of causing regressions so the change to /proc/mounts and /proc/net are individual one line commits that can be trivially reverted. Unfortunately I lost and could not find the email of the original reporter so he is not credited. From at least one perspective this change to /proc/net is a refgression fix to allow pthread /proc/net uses that were broken by the introduction of the network namespace" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts proc: Point /proc/net at /proc/thread-self/net instead of /proc/self/net proc: Implement /proc/thread-self to point at the directory of the current thread proc: Have net show up under /proc/<tgid>/task/<tid> NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes mnt: Add tests for unprivileged remount cases that have found to be faulty mnt: Change the default remount atime from relatime to the existing value mnt: Correct permission checks in do_remount mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount mnt: Only change user settable mount flags in remount namespaces: Use task_lock and not rcu to protect nsproxy
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-08-09 20:10:41 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-08-09 20:10:41 -0400
commit: 77e40aae766ccbbbb0324cb92ab22e6e998375d7 (patch)
tree: fb4e8e840aaeeaac62249d7585249c4634886baa /fs
parent: 96784de59fb35077c2bb33c39328992b836d87d3 (diff)
parent: 344470cac42e887e68cfb5bdfa6171baf27f1eb5 (diff)
13 files changed, 246 insertions, 65 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 2a1447c946e7..0acabea58319 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -890,8 +890,21 @@ static struct mount *clone_mnt(struct mount *old, struct dentry *root,
        mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~(MNT_WRITE_HOLD|MNT_MARKED);
        /* Don't allow unprivileged users to change mount flags */
-        if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY))
+        if (flag & CL_UNPRIVILEGED) {
-                mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
+                mnt->mnt.mnt_flags |= MNT_LOCK_ATIME;
+                if (mnt->mnt.mnt_flags & MNT_READONLY)
+                        mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
+                if (mnt->mnt.mnt_flags & MNT_NODEV)
+                        mnt->mnt.mnt_flags |= MNT_LOCK_NODEV;
+                if (mnt->mnt.mnt_flags & MNT_NOSUID)
+                        mnt->mnt.mnt_flags |= MNT_LOCK_NOSUID;
+                if (mnt->mnt.mnt_flags & MNT_NOEXEC)
+                        mnt->mnt.mnt_flags |= MNT_LOCK_NOEXEC;
+        }
        /* Don't allow unprivileged users to reveal what is under a mount */
        if ((flag & CL_UNPRIVILEGED) && list_empty(&old->mnt_expire))
@@ -1896,9 +1909,6 @@ static int change_mount_flags(struct vfsmount *mnt, int ms_flags)
        if (readonly_request == __mnt_is_readonly(mnt))
                return 0;
-        if (mnt->mnt_flags & MNT_LOCK_READONLY)
-                return -EPERM;
        if (readonly_request)
                error = mnt_make_readonly(real_mount(mnt));
        else
@@ -1924,6 +1934,33 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
        if (path->dentry != path->mnt->mnt_root)
                return -EINVAL;
+        /* Don't allow changing of locked mnt flags.
+         *
+         * No locks need to be held here while testing the various
+         * MNT_LOCK flags because those flags can never be cleared
+         * once they are set.
+         */
+        if ((mnt->mnt.mnt_flags & MNT_LOCK_READONLY) &&
+            !(mnt_flags & MNT_READONLY)) {
+                return -EPERM;
+        }
+        if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) &&
+            !(mnt_flags & MNT_NODEV)) {
+                return -EPERM;
+        }
+        if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) &&
+            !(mnt_flags & MNT_NOSUID)) {
+                return -EPERM;
+        }
+        if ((mnt->mnt.mnt_flags & MNT_LOCK_NOEXEC) &&
+            !(mnt_flags & MNT_NOEXEC)) {
+                return -EPERM;
+        }
+        if ((mnt->mnt.mnt_flags & MNT_LOCK_ATIME) &&
+            ((mnt->mnt.mnt_flags & MNT_ATIME_MASK) != (mnt_flags & MNT_ATIME_MASK))) {
+                return -EPERM;
+        }
        err = security_sb_remount(sb, data);
        if (err)
                return err;
@@ -1937,7 +1974,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
                err = do_remount_sb(sb, flags, data, 0);
        if (!err) {
                lock_mount_hash();
-                mnt_flags |= mnt->mnt.mnt_flags & MNT_PROPAGATION_MASK;
+                mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK;
                mnt->mnt.mnt_flags = mnt_flags;
                touch_mnt_namespace(mnt->mnt_ns);
                unlock_mount_hash();
@@ -2122,7 +2159,7 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
                 */
                if (!(type->fs_flags & FS_USERNS_DEV_MOUNT)) {
                        flags |= MS_NODEV;
-                        mnt_flags |= MNT_NODEV;
+                        mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV;
                }
        }
@@ -2436,6 +2473,14 @@ long do_mount(const char *dev_name, const char *dir_name,
        if (flags & MS_RDONLY)
                mnt_flags |= MNT_READONLY;
+        /* The default atime for remount is preservation */
+        if ((flags & MS_REMOUNT) &&
+            ((flags & (MS_NOATIME | MS_NODIRATIME | MS_RELATIME |
+                       MS_STRICTATIME)) == 0)) {
+                mnt_flags &= ~MNT_ATIME_MASK;
+                mnt_flags |= path.mnt->mnt_flags & MNT_ATIME_MASK;
+        }
        flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
                   MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
                   MS_STRICTATIME);
@@ -2972,13 +3017,13 @@ static void *mntns_get(struct task_struct *task)
        struct mnt_namespace *ns = NULL;
        struct nsproxy *nsproxy;
-        rcu_read_lock();
+        task_lock(task);
-        nsproxy = task_nsproxy(task);
+        nsproxy = task->nsproxy;
        if (nsproxy) {
                ns = nsproxy->mnt_ns;
                get_mnt_ns(ns);
        }
-        rcu_read_unlock();
+        task_unlock(task);
        return ns;
 }
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 1d09289c8f0e..180d1ec9c32e 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -1205,7 +1205,7 @@ static const struct file_operations nfs_server_list_fops = {
        .open           = nfs_server_list_open,
        .read           = seq_read,
        .llseek         = seq_lseek,
-        .release        = seq_release,
+        .release        = seq_release_net,
        .owner          = THIS_MODULE,
 };
@@ -1226,7 +1226,7 @@ static const struct file_operations nfs_volume_list_fops = {
        .open           = nfs_volume_list_open,
        .read           = seq_read,
        .llseek         = seq_lseek,
-        .release        = seq_release,
+        .release        = seq_release_net,
        .owner          = THIS_MODULE,
 };
@@ -1236,19 +1236,8 @@ static const struct file_operations nfs_volume_list_fops = {
 */
 static int nfs_server_list_open(struct inode *inode, struct file *file)
 {
-        struct seq_file *m;
+        return seq_open_net(inode, file, &nfs_server_list_ops,
-        int ret;
+                           sizeof(struct seq_net_private));
-        struct pid_namespace *pid_ns = file->f_dentry->d_sb->s_fs_info;
-        struct net *net = pid_ns->child_reaper->nsproxy->net_ns;
-        ret = seq_open(file, &nfs_server_list_ops);
-        if (ret < 0)
-                return ret;
-        m = file->private_data;
-        m->private = net;
-        return 0;
 }
 /*
@@ -1256,7 +1245,7 @@ static int nfs_server_list_open(struct inode *inode, struct file *file)
 */
 static void *nfs_server_list_start(struct seq_file *m, loff_t *_pos)
 {
-        struct nfs_net *nn = net_generic(m->private, nfs_net_id);
+        struct nfs_net *nn = net_generic(seq_file_net(m), nfs_net_id);
        /* lock the list against modification */
        spin_lock(&nn->nfs_client_lock);
@@ -1268,7 +1257,7 @@ static void *nfs_server_list_start(struct seq_file *m, loff_t *_pos)
 */
 static void *nfs_server_list_next(struct seq_file *p, void *v, loff_t *pos)
 {
-        struct nfs_net *nn = net_generic(p->private, nfs_net_id);
+        struct nfs_net *nn = net_generic(seq_file_net(p), nfs_net_id);
        return seq_list_next(v, &nn->nfs_client_list, pos);
 }
@@ -1278,7 +1267,7 @@ static void *nfs_server_list_next(struct seq_file *p, void *v, loff_t *pos)
 */
 static void nfs_server_list_stop(struct seq_file *p, void *v)
 {
-        struct nfs_net *nn = net_generic(p->private, nfs_net_id);
+        struct nfs_net *nn = net_generic(seq_file_net(p), nfs_net_id);
        spin_unlock(&nn->nfs_client_lock);
 }
@@ -1289,7 +1278,7 @@ static void nfs_server_list_stop(struct seq_file *p, void *v)
 static int nfs_server_list_show(struct seq_file *m, void *v)
 {
        struct nfs_client *clp;
-        struct nfs_net *nn = net_generic(m->private, nfs_net_id);
+        struct nfs_net *nn = net_generic(seq_file_net(m), nfs_net_id);
        /* display header on line 1 */
        if (v == &nn->nfs_client_list) {
@@ -1321,19 +1310,8 @@ static int nfs_server_list_show(struct seq_file *m, void *v)
 */
 static int nfs_volume_list_open(struct inode *inode, struct file *file)
 {
-        struct seq_file *m;
+        return seq_open_net(inode, file, &nfs_server_list_ops,
-        int ret;
+                           sizeof(struct seq_net_private));
-        struct pid_namespace *pid_ns = file->f_dentry->d_sb->s_fs_info;
-        struct net *net = pid_ns->child_reaper->nsproxy->net_ns;
-        ret = seq_open(file, &nfs_volume_list_ops);
-        if (ret < 0)
-                return ret;
-        m = file->private_data;
-        m->private = net;
-        return 0;
 }
 /*
@@ -1341,7 +1319,7 @@ static int nfs_volume_list_open(struct inode *inode, struct file *file)
 */
 static void *nfs_volume_list_start(struct seq_file *m, loff_t *_pos)
 {
-        struct nfs_net *nn = net_generic(m->private, nfs_net_id);
+        struct nfs_net *nn = net_generic(seq_file_net(m), nfs_net_id);
        /* lock the list against modification */
        spin_lock(&nn->nfs_client_lock);
@@ -1353,7 +1331,7 @@ static void *nfs_volume_list_start(struct seq_file *m, loff_t *_pos)
 */
 static void *nfs_volume_list_next(struct seq_file *p, void *v, loff_t *pos)
 {
-        struct nfs_net *nn = net_generic(p->private, nfs_net_id);
+        struct nfs_net *nn = net_generic(seq_file_net(p), nfs_net_id);
        return seq_list_next(v, &nn->nfs_volume_list, pos);
 }
@@ -1363,7 +1341,7 @@ static void *nfs_volume_list_next(struct seq_file *p, void *v, loff_t *pos)
 */
 static void nfs_volume_list_stop(struct seq_file *p, void *v)
 {
-        struct nfs_net *nn = net_generic(p->private, nfs_net_id);
+        struct nfs_net *nn = net_generic(seq_file_net(p), nfs_net_id);
        spin_unlock(&nn->nfs_client_lock);
 }
@@ -1376,7 +1354,7 @@ static int nfs_volume_list_show(struct seq_file *m, void *v)
        struct nfs_server *server;
        struct nfs_client *clp;
        char dev[8], fsid[17];
-        struct nfs_net *nn = net_generic(m->private, nfs_net_id);
+        struct nfs_net *nn = net_generic(seq_file_net(m), nfs_net_id);
        /* display header on line 1 */
        if (v == &nn->nfs_volume_list) {
@@ -1407,6 +1385,45 @@ static int nfs_volume_list_show(struct seq_file *m, void *v)
        return 0;
 }
+int nfs_fs_proc_net_init(struct net *net)
+{
+        struct nfs_net *nn = net_generic(net, nfs_net_id);
+        struct proc_dir_entry *p;
+        nn->proc_nfsfs = proc_net_mkdir(net, "nfsfs", net->proc_net);
+        if (!nn->proc_nfsfs)
+                goto error_0;
+        /* a file of servers with which we're dealing */
+        p = proc_create("servers", S_IFREG|S_IRUGO,
+                        nn->proc_nfsfs, &nfs_server_list_fops);
+        if (!p)
+                goto error_1;
+        /* a file of volumes that we have mounted */
+        p = proc_create("volumes", S_IFREG|S_IRUGO,
+                        nn->proc_nfsfs, &nfs_volume_list_fops);
+        if (!p)
+                goto error_2;
+        return 0;
+error_2:
+        remove_proc_entry("servers", nn->proc_nfsfs);
+error_1:
+        remove_proc_entry("fs/nfsfs", NULL);
+error_0:
+        return -ENOMEM;
+}
+void nfs_fs_proc_net_exit(struct net *net)
+{
+        struct nfs_net *nn = net_generic(net, nfs_net_id);
+        remove_proc_entry("volumes", nn->proc_nfsfs);
+        remove_proc_entry("servers", nn->proc_nfsfs);
+        remove_proc_entry("fs/nfsfs", NULL);
+}
 /*
 * initialise the /proc/fs/nfsfs/ directory
 */
@@ -1419,14 +1436,12 @@ int __init nfs_fs_proc_init(void)
                goto error_0;
        /* a file of servers with which we're dealing */
-        p = proc_create("servers", S_IFREG|S_IRUGO,
+        p = proc_symlink("servers", proc_fs_nfs, "../../net/nfsfs/servers");
-                        proc_fs_nfs, &nfs_server_list_fops);
        if (!p)
                goto error_1;
        /* a file of volumes that we have mounted */
-        p = proc_create("volumes", S_IFREG|S_IRUGO,
+        p = proc_symlink("volumes", proc_fs_nfs, "../../net/nfsfs/volumes");
-                        proc_fs_nfs, &nfs_volume_list_fops);
        if (!p)
                goto error_2;
        return 0;
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index abd37a380535..68921b01b792 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -1840,11 +1840,12 @@ EXPORT_SYMBOL_GPL(nfs_net_id);
 static int nfs_net_init(struct net *net)
 {
        nfs_clients_init(net);
-        return 0;
+        return nfs_fs_proc_net_init(net);
 }
 static void nfs_net_exit(struct net *net)
 {
+        nfs_fs_proc_net_exit(net);
        nfs_cleanup_cb_ident_idr(net);
 }
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index 617f36611d4a..e2a45ae5014e 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -195,7 +195,16 @@ extern struct rpc_clnt *nfs4_find_or_create_ds_client(struct nfs_client *,
 #ifdef CONFIG_PROC_FS
 extern int __init nfs_fs_proc_init(void);
 extern void nfs_fs_proc_exit(void);
+extern int nfs_fs_proc_net_init(struct net *net);
+extern void nfs_fs_proc_net_exit(struct net *net);
 #else
+static inline int nfs_fs_proc_net_init(struct net *net)
+{
+        return 0;
+}
+static inline void nfs_fs_proc_net_exit(struct net *net)
+{
+}
 static inline int nfs_fs_proc_init(void)
 {
        return 0;
diff --git a/fs/nfs/netns.h b/fs/nfs/netns.h
index 8ee1fab83268..ef221fb8a183 100644
--- a/fs/nfs/netns.h
+++ b/fs/nfs/netns.h
@@ -29,6 +29,9 @@ struct nfs_net {
 #endif
        spinlock_t nfs_client_lock;
        struct timespec boot_time;
+#ifdef CONFIG_PROC_FS
+        struct proc_dir_entry *proc_nfsfs;
+#endif
 };
 extern int nfs_net_id;
diff --git a/fs/proc/Makefile b/fs/proc/Makefile
index 239493ec718e..7151ea428041 100644
--- a/fs/proc/Makefile
+++ b/fs/proc/Makefile
@@ -23,6 +23,7 @@ proc-y	+= version.o
 proc-y  += softirqs.o
 proc-y  += namespaces.o
 proc-y  += self.o
+proc-y  += thread_self.o
 proc-$(CONFIG_PROC_SYSCTL)      += proc_sysctl.o
 proc-$(CONFIG_NET)              += proc_net.o
 proc-$(CONFIG_PROC_KCORE)       += kcore.o
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 043c83cb51f9..baf852b648ad 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2814,7 +2814,7 @@ retry:
        return iter;
 }
-#define TGID_OFFSET (FIRST_PROCESS_ENTRY + 1)
+#define TGID_OFFSET (FIRST_PROCESS_ENTRY + 2)
 /* for the /proc/ directory itself, after non-process stuff has been done */
 int proc_pid_readdir(struct file *file, struct dir_context *ctx)
@@ -2826,14 +2826,19 @@ int proc_pid_readdir(struct file *file, struct dir_context *ctx)
        if (pos >= PID_MAX_LIMIT + TGID_OFFSET)
                return 0;
-        if (pos == TGID_OFFSET - 1) {
+        if (pos == TGID_OFFSET - 2) {
                struct inode *inode = ns->proc_self->d_inode;
                if (!dir_emit(ctx, "self", 4, inode->i_ino, DT_LNK))
                        return 0;
-                iter.tgid = 0;
+                ctx->pos = pos = pos + 1;
-        } else {
+        }
-                iter.tgid = pos - TGID_OFFSET;
+        if (pos == TGID_OFFSET - 1) {
+                struct inode *inode = ns->proc_thread_self->d_inode;
+                if (!dir_emit(ctx, "thread-self", 11, inode->i_ino, DT_LNK))
+                        return 0;
+                ctx->pos = pos = pos + 1;
        }
+        iter.tgid = pos - TGID_OFFSET;
        iter.task = NULL;
        for (iter = next_tgid(ns, iter);
             iter.task;
@@ -2862,6 +2867,9 @@ static const struct pid_entry tid_base_stuff[] = {
        DIR("fd",        S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
        DIR("fdinfo",    S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
        DIR("ns",        S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
+#ifdef CONFIG_NET
+        DIR("net",        S_IRUGO|S_IXUGO, proc_net_inode_operations, proc_net_operations),
+#endif
        REG("environ",   S_IRUSR, proc_environ_operations),
        ONE("auxv",      S_IRUSR, proc_pid_auxv),
        ONE("status",    S_IRUGO, proc_pid_status),
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index 0adbc02d60e3..333080d7a671 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -442,6 +442,7 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
 int proc_fill_super(struct super_block *s)
 {
        struct inode *root_inode;
+        int ret;
        s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC;
        s->s_blocksize = 1024;
@@ -463,5 +464,9 @@ int proc_fill_super(struct super_block *s)
                return -ENOMEM;
        }
-        return proc_setup_self(s);
+        ret = proc_setup_self(s);
+        if (ret) {
+                return ret;
+        }
+        return proc_setup_thread_self(s);
 }
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
index a024cf7b260f..7da13e49128a 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -231,6 +231,12 @@ static inline int proc_net_init(void) { return 0; }
 extern int proc_setup_self(struct super_block *);
 /*
+ * proc_thread_self.c
+ */
+extern int proc_setup_thread_self(struct super_block *);
+extern void proc_thread_self_init(void);
+/*
 * proc_sysctl.c
 */
 #ifdef CONFIG_PROC_SYSCTL
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
index 4677bb7dc7c2..39481028ec08 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -113,9 +113,11 @@ static struct net *get_proc_task_net(struct inode *dir)
        rcu_read_lock();
        task = pid_task(proc_pid(dir), PIDTYPE_PID);
        if (task != NULL) {
-                ns = task_nsproxy(task);
+                task_lock(task);
+                ns = task->nsproxy;
                if (ns != NULL)
                        net = get_net(ns->net_ns);
+                task_unlock(task);
        }
        rcu_read_unlock();
@@ -224,7 +226,7 @@ static struct pernet_operations __net_initdata proc_net_ns_ops = {
 int __init proc_net_init(void)
 {
-        proc_symlink("net", NULL, "self/net");
+        proc_symlink("net", NULL, "thread-self/net");
        return register_pernet_subsys(&proc_net_ns_ops);
 }
diff --git a/fs/proc/root.c b/fs/proc/root.c
index 574bafc41f0b..6296c7626963 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -149,6 +149,8 @@ static void proc_kill_sb(struct super_block *sb)
        ns = (struct pid_namespace *)sb->s_fs_info;
        if (ns->proc_self)
                dput(ns->proc_self);
+        if (ns->proc_thread_self)
+                dput(ns->proc_thread_self);
        kill_anon_super(sb);
        put_pid_ns(ns);
 }
@@ -170,7 +172,8 @@ void __init proc_root_init(void)
                return;
        proc_self_init();
-        proc_symlink("mounts", NULL, "self/mounts");
+        proc_thread_self_init();
+        proc_symlink("mounts", NULL, "thread-self/mounts");
        proc_net_init();
diff --git a/fs/proc/thread_self.c b/fs/proc/thread_self.c
new file mode 100644
index 000000000000..59075b509df3
--- /dev/null
+++ b/fs/proc/thread_self.c
@@ -0,0 +1,85 @@
+#include <linux/sched.h>
+#include <linux/namei.h>
+#include <linux/slab.h>
+#include <linux/pid_namespace.h>
+#include "internal.h"
+/*
+ * /proc/thread_self:
+ */
+static int proc_thread_self_readlink(struct dentry *dentry, char __user *buffer,
+                              int buflen)
+{
+        struct pid_namespace *ns = dentry->d_sb->s_fs_info;
+        pid_t tgid = task_tgid_nr_ns(current, ns);
+        pid_t pid = task_pid_nr_ns(current, ns);
+        char tmp[PROC_NUMBUF + 6 + PROC_NUMBUF];
+        if (!pid)
+                return -ENOENT;
+        sprintf(tmp, "%d/task/%d", tgid, pid);
+        return readlink_copy(buffer, buflen, tmp);
+}
+static void *proc_thread_self_follow_link(struct dentry *dentry, struct nameidata *nd)
+{
+        struct pid_namespace *ns = dentry->d_sb->s_fs_info;
+        pid_t tgid = task_tgid_nr_ns(current, ns);
+        pid_t pid = task_pid_nr_ns(current, ns);
+        char *name = ERR_PTR(-ENOENT);
+        if (pid) {
+                name = kmalloc(PROC_NUMBUF + 6 + PROC_NUMBUF, GFP_KERNEL);
+                if (!name)
+                        name = ERR_PTR(-ENOMEM);
+                else
+                        sprintf(name, "%d/task/%d", tgid, pid);
+        }
+        nd_set_link(nd, name);
+        return NULL;
+}
+static const struct inode_operations proc_thread_self_inode_operations = {
+        .readlink       = proc_thread_self_readlink,
+        .follow_link    = proc_thread_self_follow_link,
+        .put_link       = kfree_put_link,
+};
+static unsigned thread_self_inum;
+int proc_setup_thread_self(struct super_block *s)
+{
+        struct inode *root_inode = s->s_root->d_inode;
+        struct pid_namespace *ns = s->s_fs_info;
+        struct dentry *thread_self;
+        mutex_lock(&root_inode->i_mutex);
+        thread_self = d_alloc_name(s->s_root, "thread-self");
+        if (thread_self) {
+                struct inode *inode = new_inode_pseudo(s);
+                if (inode) {
+                        inode->i_ino = thread_self_inum;
+                        inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
+                        inode->i_mode = S_IFLNK | S_IRWXUGO;
+                        inode->i_uid = GLOBAL_ROOT_UID;
+                        inode->i_gid = GLOBAL_ROOT_GID;
+                        inode->i_op = &proc_thread_self_inode_operations;
+                        d_add(thread_self, inode);
+                } else {
+                        dput(thread_self);
+                        thread_self = ERR_PTR(-ENOMEM);
+                }
+        } else {
+                thread_self = ERR_PTR(-ENOMEM);
+        }
+        mutex_unlock(&root_inode->i_mutex);
+        if (IS_ERR(thread_self)) {
+                pr_err("proc_fill_super: can't allocate /proc/thread_self\n");
+                return PTR_ERR(thread_self);
+        }
+        ns->proc_thread_self = thread_self;
+        return 0;
+}
+void __init proc_thread_self_init(void)
+{
+        proc_alloc_inum(&thread_self_inum);
+}
diff --git a/fs/proc_namespace.c b/fs/proc_namespace.c
index 1a81373947f3..73ca1740d839 100644
--- a/fs/proc_namespace.c
+++ b/fs/proc_namespace.c
@@ -232,17 +232,15 @@ static int mounts_open_common(struct inode *inode, struct file *file,
        if (!task)
                goto err;
-        rcu_read_lock();
+        task_lock(task);
-        nsp = task_nsproxy(task);
+        nsp = task->nsproxy;
        if (!nsp || !nsp->mnt_ns) {
-                rcu_read_unlock();
+                task_unlock(task);
                put_task_struct(task);
                goto err;
        }
        ns = nsp->mnt_ns;
        get_mnt_ns(ns);
-        rcu_read_unlock();
-        task_lock(task);
        if (!task->fs) {
                task_unlock(task);
                put_task_struct(task);
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-08-09 20:10:41 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-08-09 20:10:41 -0400
commit	77e40aae766ccbbbb0324cb92ab22e6e998375d7 (patch)
tree	fb4e8e840aaeeaac62249d7585249c4634886baa /fs
parent	96784de59fb35077c2bb33c39328992b836d87d3 (diff)
parent	344470cac42e887e68cfb5bdfa6171baf27f1eb5 (diff)