diff options
Diffstat (limited to 'debian/patches/bugfix/all/mnt-fail-collect_mounts-when-applied-to-unmounted-mo.patch')
-rw-r--r-- | debian/patches/bugfix/all/mnt-fail-collect_mounts-when-applied-to-unmounted-mo.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/debian/patches/bugfix/all/mnt-fail-collect_mounts-when-applied-to-unmounted-mo.patch b/debian/patches/bugfix/all/mnt-fail-collect_mounts-when-applied-to-unmounted-mo.patch new file mode 100644 index 000000000000..5c865967a0cf --- /dev/null +++ b/debian/patches/bugfix/all/mnt-fail-collect_mounts-when-applied-to-unmounted-mo.patch @@ -0,0 +1,44 @@ +From: "Eric W. Biederman" <ebiederm@xmission.com> +Date: Wed, 7 Jan 2015 14:28:26 -0600 +Subject: mnt: Fail collect_mounts when applied to unmounted mounts +Origin: https://git.kernel.org/linus/cd4a40174b71acd021877341684d8bb1dc8ea4ae + +The only users of collect_mounts are in audit_tree.c + +In audit_trim_trees and audit_add_tree_rule the path passed into +collect_mounts is generated from kern_path passed an audit_tree +pathname which is guaranteed to be an absolute path. In those cases +collect_mounts is obviously intended to work on mounted paths and +if a race results in paths that are unmounted when collect_mounts +it is reasonable to fail early. + +The paths passed into audit_tag_tree don't have the absolute path +check. But are used to play with fsnotify and otherwise interact with +the audit_trees, so again operating only on mounted paths appears +reasonable. + +Avoid having to worry about what happens when we try and audit +unmounted filesystems by restricting collect_mounts to mounts +that appear in the mount tree. + +Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> +--- + fs/namespace.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -1709,8 +1709,11 @@ struct vfsmount *collect_mounts(struct p + { + struct mount *tree; + namespace_lock(); +- tree = copy_tree(real_mount(path->mnt), path->dentry, +- CL_COPY_ALL | CL_PRIVATE); ++ if (!check_mnt(real_mount(path->mnt))) ++ tree = ERR_PTR(-EINVAL); ++ else ++ tree = copy_tree(real_mount(path->mnt), path->dentry, ++ CL_COPY_ALL | CL_PRIVATE); + namespace_unlock(); + if (IS_ERR(tree)) + return ERR_CAST(tree); |