WARN_ON(!list_empty(&s->s_mounts));
put_user_ns(s->s_user_ns);
kfree(s->s_subtype);
- kfree(s->s_options);
call_rcu(&s->rcu, destroy_super_rcu);
}
return ERR_PTR(-ENOMEM);
goto retry;
}
-
+
err = set(s, data);
if (err) {
spin_unlock(&sb_lock);
spin_unlock(&sb_lock);
return NULL;
}
-
+
struct super_block *user_get_super(dev_t dev)
{
struct super_block *sb;
if (IS_ERR(bdev))
return ERR_CAST(bdev);
+ if (current_user_ns() != &init_user_ns) {
+ /*
+ * For userns mounts, disallow mounting if bdev is open for
+ * writing
+ */
+ if (!atomic_dec_unless_positive(&bdev->bd_inode->i_writecount)) {
+ error = -EBUSY;
+ goto error_bdev;
+ }
+ if (bdev->bd_contains != bdev &&
+ !atomic_dec_unless_positive(&bdev->bd_contains->bd_inode->i_writecount)) {
+ atomic_inc(&bdev->bd_inode->i_writecount);
+ error = -EBUSY;
+ goto error_bdev;
+ }
+ }
+
/*
* once the super is inserted into the list by sget, s_umount
* will protect the lockfs code from trying to start a snapshot
if (bdev->bd_fsfreeze_count > 0) {
mutex_unlock(&bdev->bd_fsfreeze_mutex);
error = -EBUSY;
- goto error_bdev;
+ goto error_inc;
}
s = sget(fs_type, test_bdev_super, set_bdev_super, flags | MS_NOSEC,
bdev);
if ((flags ^ s->s_flags) & MS_RDONLY) {
deactivate_locked_super(s);
error = -EBUSY;
- goto error_bdev;
+ goto error_inc;
}
/*
error_s:
error = PTR_ERR(s);
+error_inc:
+ if (current_user_ns() != &init_user_ns) {
+ atomic_inc(&bdev->bd_inode->i_writecount);
+ if (bdev->bd_contains != bdev)
+ atomic_inc(&bdev->bd_contains->bd_inode->i_writecount);
+ }
error_bdev:
blkdev_put(bdev, mode);
error:
generic_shutdown_super(sb);
sync_blockdev(bdev);
WARN_ON_ONCE(!(mode & FMODE_EXCL));
+ if (sb->s_user_ns != &init_user_ns) {
+ atomic_inc(&bdev->bd_inode->i_writecount);
+ if (bdev->bd_contains != bdev)
+ atomic_inc(&bdev->bd_contains->bd_inode->i_writecount);
+ }
blkdev_put(bdev, mode | FMODE_EXCL);
}