diff options
Diffstat (limited to 'mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch')
-rw-r--r-- | mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch b/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch deleted file mode 100644 index be3660125..000000000 --- a/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: "Eric W. Biederman" <ebiederm@xmission.com> -Date: Wed, 8 Oct 2014 10:42:27 -0700 -Subject: [PATCH] mnt: Prevent pivot_root from creating a loop in the mount - tree - -Andy Lutomirski recently demonstrated that when chroot is used to set -the root path below the path for the new ``root'' passed to pivot_root -the pivot_root system call succeeds and leaks mounts. - -In examining the code I see that starting with a new root that is -below the current root in the mount tree will result in a loop in the -mount tree after the mounts are detached and then reattached to one -another. Resulting in all kinds of ugliness including a leak of that -mounts involved in the leak of the mount loop. - -Prevent this problem by ensuring that the new mount is reachable from -the current root of the mount tree. - -Upstream-status: Submitted for 3.18 -Bugzilla: 1151095,1151484 - -Reported-by: Andy Lutomirski <luto@amacapital.net> -Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> ---- - fs/namespace.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/fs/namespace.c b/fs/namespace.c -index 2651328d1790..fbba8b17330d 100644 ---- a/fs/namespace.c -+++ b/fs/namespace.c -@@ -2915,6 +2915,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, - /* make sure we can reach put_old from new_root */ - if (!is_path_reachable(old_mnt, old.dentry, &new)) - goto out4; -+ /* make certain new is below the root */ -+ if (!is_path_reachable(new_mnt, new.dentry, &root)) -+ goto out4; - root_mp->m_count++; /* pin it so it won't go away */ - lock_mount_hash(); - detach_mnt(new_mnt, &parent_path); --- -1.9.3 - |