diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2015-01-15 17:49:25 +0000 |
---|---|---|
committer | Simon Shields <keepcalm444@gmail.com> | 2016-03-15 00:30:36 -0800 |
commit | b9ff9ff44ca2b2b348a27081c8e0bb686dd094fa (patch) | |
tree | 10831feedaafed2ed72ec1fc63fa8a7586d696ca /fs/namespace.c | |
parent | b2332d884f24e8b74bf9d7e425e11ef5d02813ae (diff) | |
download | kernel_samsung_smdk4412-b9ff9ff44ca2b2b348a27081c8e0bb686dd094fa.zip kernel_samsung_smdk4412-b9ff9ff44ca2b2b348a27081c8e0bb686dd094fa.tar.gz kernel_samsung_smdk4412-b9ff9ff44ca2b2b348a27081c8e0bb686dd094fa.tar.bz2 |
vfs: new internal helper: mnt_has_parent(mnt)
vfsmounts have ->mnt_parent pointing either to a different vfsmount
or to itself; it's never NULL and termination condition in loops
traversing the tree towards root is mnt == mnt->mnt_parent. At least
one place (see the next patch) is confused about what's going on;
let's add an explicit helper checking it right way and use it in
all places where we need it. Not that there had been too many,
but...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit b2dba1af3c4157040303a76d25216b1713d333d0)
CVE-2014-7970
BugLink: http://bugs.launchpad.net/bugs/1383356
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Change-Id: Iaa5ab510804f3b17fe71197b8919d663a416bf05
Diffstat (limited to 'fs/namespace.c')
-rw-r--r-- | fs/namespace.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index 4f47629..3d86080 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1207,7 +1207,7 @@ void release_mounts(struct list_head *head) while (!list_empty(head)) { mnt = list_first_entry(head, struct vfsmount, mnt_hash); list_del_init(&mnt->mnt_hash); - if (mnt->mnt_parent != mnt) { + if (mnt_has_parent(mnt)) { struct dentry *dentry; struct vfsmount *m; @@ -1248,7 +1248,7 @@ void umount_tree(struct vfsmount *mnt, int propagate, struct list_head *kill) __mnt_make_shortterm(p); p->mnt_ns = NULL; list_del_init(&p->mnt_child); - if (p->mnt_parent != p) { + if (mnt_has_parent(p)) { p->mnt_parent->mnt_ghosts++; dentry_reset_mounted(p->mnt_parent, p->mnt_mountpoint); } @@ -1893,7 +1893,7 @@ static int do_move_mount(struct path *path, char *old_name) if (old_path.dentry != old_path.mnt->mnt_root) goto out1; - if (old_path.mnt == old_path.mnt->mnt_parent) + if (!mnt_has_parent(old_path.mnt)) goto out1; if (S_ISDIR(path->dentry->d_inode->i_mode) != @@ -1913,7 +1913,7 @@ static int do_move_mount(struct path *path, char *old_name) tree_contains_unbindable(old_path.mnt)) goto out1; err = -ELOOP; - for (p = path->mnt; p->mnt_parent != p; p = p->mnt_parent) + for (p = path->mnt; mnt_has_parent(p); p = p->mnt_parent) if (p == old_path.mnt) goto out1; @@ -2598,17 +2598,17 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, error = -EINVAL; if (root.mnt->mnt_root != root.dentry) goto out4; /* not a mountpoint */ - if (root.mnt->mnt_parent == root.mnt) + if (!mnt_has_parent(root.mnt)) goto out4; /* not attached */ if (new.mnt->mnt_root != new.dentry) goto out4; /* not a mountpoint */ - if (new.mnt->mnt_parent == new.mnt) + if (!mnt_has_parent(new.mnt)) goto out4; /* not attached */ /* make sure we can reach put_old from new_root */ tmp = old.mnt; if (tmp != new.mnt) { for (;;) { - if (tmp->mnt_parent == tmp) + if (!mnt_has_parent(tmp)) goto out4; /* already mounted on put_old */ if (tmp->mnt_parent == new.mnt) break; |