From e5bcac61472ca627241b394d439decd00bba3aea Mon Sep 17 00:00:00 2001
From: Glauber Costa <glommer@parallels.com>
Date: Fri, 6 Jul 2012 13:09:07 +0400
Subject: sysfs: fail dentry revalidation after namespace change

When we change the namespace tag of a sysfs entry, the associated dentry
is still kept around. readdir() will work correctly and not display the
old entries, but open() will still succeed, so will reads and writes.

This will no longer happen if sysfs is remounted, hinting that this is a
cache-related problem.

I am using the following sequence to demonstrate that:

shell1:
ip link add type veth
unshare -nm

shell2:
ip link set veth1 <pid_of_shell_1>
cat /sys/devices/virtual/net/veth1/ifindex

Before that patch, this will succeed (fail to fail). After it, it will
correctly return an error. Differently from a normal rename, which we
handle fine, changing the object namespace will keep it's path intact.
So this check seems necessary as well.

[ v2: get type from parent, as suggested by Eric Biederman ]

Signed-off-by: Glauber Costa <glommer@parallels.com>
CC: Tejun Heo <tj@kernel.org>
Reviewed-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/sysfs/dir.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'fs/sysfs/dir.c')

diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index e6bb9b2a4cbe..c0bf38a21caa 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -307,6 +307,7 @@ static int sysfs_dentry_revalidate(struct dentry *dentry, struct nameidata *nd)
 {
 	struct sysfs_dirent *sd;
 	int is_dir;
+	int type;
 
 	if (nd->flags & LOOKUP_RCU)
 		return -ECHILD;
@@ -326,6 +327,13 @@ static int sysfs_dentry_revalidate(struct dentry *dentry, struct nameidata *nd)
 	if (strcmp(dentry->d_name.name, sd->s_name) != 0)
 		goto out_bad;
 
+	/* The sysfs dirent has been moved to a different namespace */
+	type = KOBJ_NS_TYPE_NONE;
+	if (sd->s_parent)
+		type = sysfs_ns_type(sd->s_parent);
+	if (type && (sysfs_info(dentry->d_sb)->ns[type] != sd->s_ns))
+		goto out_bad;
+
 	mutex_unlock(&sysfs_mutex);
 out_valid:
 	return 1;
-- 
cgit v1.2.3


From 17f79be93d95bb0e46bd08681ec9c9e601869c15 Mon Sep 17 00:00:00 2001
From: Andrew Morton <akpm@linux-foundation.org>
Date: Mon, 9 Jul 2012 16:13:36 -0700
Subject: sysfs: fail dentry revalidation after namespace change fix

don't assume that KOBJ_NS_TYPE_NONE==0.  Also save a test-n-branch.

Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Glauber Costa <glommer@parallels.com>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/sysfs/dir.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'fs/sysfs/dir.c')

diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index c0bf38a21caa..1cdfb53199aa 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -329,10 +329,12 @@ static int sysfs_dentry_revalidate(struct dentry *dentry, struct nameidata *nd)
 
 	/* The sysfs dirent has been moved to a different namespace */
 	type = KOBJ_NS_TYPE_NONE;
-	if (sd->s_parent)
+	if (sd->s_parent) {
 		type = sysfs_ns_type(sd->s_parent);
-	if (type && (sysfs_info(dentry->d_sb)->ns[type] != sd->s_ns))
-		goto out_bad;
+		if (type != KOBJ_NS_TYPE_NONE &&
+				sysfs_info(dentry->d_sb)->ns[type] != sd->s_ns)
+			goto out_bad;
+	}
 
 	mutex_unlock(&sysfs_mutex);
 out_valid:
-- 
cgit v1.2.3