Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNeilBrown <neilb@suse.com>2018-11-01 14:04:41 +1100
committerNeilBrown <neilb@suse.com>2018-11-01 14:05:25 +1100
commit9b17fb7418a6a9c112c3e107c1036153174cfa86 (patch)
treeea9f12b735c0a970130dc472bf1a5264d97498b2
parent72e430a422210622f0b619f9e57b70c364f8f75f (diff)
Don't leak MNT_INTERNAL away from internal mounts (git-fixes).
-rw-r--r--patches.fixes/Don-t-leak-MNT_INTERNAL-away-from-internal-mounts.patch35
-rw-r--r--series.conf1
2 files changed, 36 insertions, 0 deletions
diff --git a/patches.fixes/Don-t-leak-MNT_INTERNAL-away-from-internal-mounts.patch b/patches.fixes/Don-t-leak-MNT_INTERNAL-away-from-internal-mounts.patch
new file mode 100644
index 0000000000..6152c87022
--- /dev/null
+++ b/patches.fixes/Don-t-leak-MNT_INTERNAL-away-from-internal-mounts.patch
@@ -0,0 +1,35 @@
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Thu, 19 Apr 2018 22:03:08 -0400
+Subject: [PATCH] Don't leak MNT_INTERNAL away from internal mounts
+Git-commit: 16a34adb9392b2fe4195267475ab5b472e55292c
+Patch-mainline: v4.17
+References: git-fixes
+
+We want it only for the stuff created by SB_KERNMOUNT mounts, *not* for
+their copies. As it is, creating a deep stack of bindings of /proc/*/ns/*
+somewhere in a new namespace and exiting yields a stack overflow.
+
+Cc: stable@kernel.org
+Reported-by: Alexander Aring <aring@mojatatu.com>
+Bisected-by: Kirill Tkhai <ktkhai@virtuozzo.com>
+Tested-by: Kirill Tkhai <ktkhai@virtuozzo.com>
+Tested-by: Alexander Aring <aring@mojatatu.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/namespace.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -1038,7 +1038,8 @@ static struct mount *clone_mnt(struct mo
+ goto out_free;
+ }
+
+- mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~(MNT_WRITE_HOLD|MNT_MARKED);
++ mnt->mnt.mnt_flags = old->mnt.mnt_flags;
++ mnt->mnt.mnt_flags &= ~(MNT_WRITE_HOLD|MNT_MARKED|MNT_INTERNAL);
+ /* Don't allow unprivileged users to change mount flags */
+ if (flag & CL_UNPRIVILEGED) {
+ mnt->mnt.mnt_flags |= MNT_LOCK_ATIME;
diff --git a/series.conf b/series.conf
index 0609b4fd59..c12130da36 100644
--- a/series.conf
+++ b/series.conf
@@ -15160,6 +15160,7 @@
patches.fixes/jffs2_kill_sb-deal-with-failed-allocations.patch
patches.fixes/orangefs_kill_sb-deal-with-allocation-failures.patch
patches.fixes/rpc_pipefs-fix-double-dput.patch
+ patches.fixes/Don-t-leak-MNT_INTERNAL-away-from-internal-mounts.patch
patches.drivers/ibmvnic-Define-vnic_login_client_data-name-field-as-.patch
patches.suse/tcp-md5-reject-TCP_MD5SIG-or-TCP_MD5SIG_EXT-on-estab.patch
patches.suse/net-validate-attribute-sizes-in-neigh_dump_table.patch