aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2015-01-15 17:49:25 +0000
committerZiyan <jaraidaniel@gmail.com>2016-10-29 01:34:21 +0200
commitd478a9dac767ad4e3c2e2dd3d141c6165387a117 (patch)
tree288aa0513b7d32edfbe3bfd2fbe2727c94a17258
parent8ea971b495ee5a2bfe8f25f13db10c10dfda0875 (diff)
downloadkernel_samsung_tuna-d478a9dac767ad4e3c2e2dd3d141c6165387a117.zip
kernel_samsung_tuna-d478a9dac767ad4e3c2e2dd3d141c6165387a117.tar.gz
kernel_samsung_tuna-d478a9dac767ad4e3c2e2dd3d141c6165387a117.tar.bz2
vfs: new internal helper: mnt_has_parent(mnt)
vfsmounts have ->mnt_parent pointing either to a different vfsmount or to itself; it's never NULL and termination condition in loops traversing the tree towards root is mnt == mnt->mnt_parent. At least one place (see the next patch) is confused about what's going on; let's add an explicit helper checking it right way and use it in all places where we need it. Not that there had been too many, but... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> (cherry picked from commit b2dba1af3c4157040303a76d25216b1713d333d0) CVE-2014-7970 BugLink: http://bugs.launchpad.net/bugs/1383356 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> Change-Id: Iaa5ab510804f3b17fe71197b8919d663a416bf05
-rw-r--r--fs/dcache.c6
-rw-r--r--fs/mount.h6
-rw-r--r--fs/namespace.c14
-rw-r--r--fs/pnode.c2
-rw-r--r--fs/pnode.h2
5 files changed, 18 insertions, 12 deletions
diff --git a/fs/dcache.c b/fs/dcache.c
index 9cb5259..57e163b 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -37,6 +37,7 @@
#include <linux/rculist_bl.h>
#include <linux/prefetch.h>
#include "internal.h"
+#include "mount.h"
/*
* Usage:
@@ -2526,9 +2527,8 @@ static int prepend_path(const struct path *path,
if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
/* Global root? */
- if (vfsmnt->mnt_parent == vfsmnt) {
+ if (!mnt_has_parent(vfsmnt))
goto global_root;
- }
dentry = vfsmnt->mnt_mountpoint;
vfsmnt = vfsmnt->mnt_parent;
continue;
@@ -2928,7 +2928,7 @@ int path_is_under(struct path *path1, struct path *path2)
br_read_lock(&vfsmount_lock);
if (mnt != path2->mnt) {
for (;;) {
- if (mnt->mnt_parent == mnt) {
+ if (!mnt_has_parent(mnt)) {
br_read_unlock(&vfsmount_lock);
return 0;
}
diff --git a/fs/mount.h b/fs/mount.h
new file mode 100644
index 0000000..7890e49
--- /dev/null
+++ b/fs/mount.h
@@ -0,0 +1,6 @@
+#include <linux/mount.h>
+
+static inline int mnt_has_parent(struct vfsmount *mnt)
+{
+ return mnt != mnt->mnt_parent;
+}
diff --git a/fs/namespace.c b/fs/namespace.c
index eb6c739..489a74d 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1216,7 +1216,7 @@ void release_mounts(struct list_head *head)
while (!list_empty(head)) {
mnt = list_first_entry(head, struct vfsmount, mnt_hash);
list_del_init(&mnt->mnt_hash);
- if (mnt->mnt_parent != mnt) {
+ if (mnt_has_parent(mnt)) {
struct dentry *dentry;
struct vfsmount *m;
@@ -1255,7 +1255,7 @@ void umount_tree(struct vfsmount *mnt, int propagate, struct list_head *kill)
__touch_mnt_namespace(p->mnt_ns);
p->mnt_ns = NULL;
list_del_init(&p->mnt_child);
- if (p->mnt_parent != p) {
+ if (mnt_has_parent(p)) {
p->mnt_parent->mnt_ghosts++;
dentry_reset_mounted(p->mnt_parent, p->mnt_mountpoint);
}
@@ -1934,7 +1934,7 @@ static int do_move_mount(struct path *path, const char *old_name)
if (old_path.dentry != old_path.mnt->mnt_root)
goto out1;
- if (old_path.mnt == old_path.mnt->mnt_parent)
+ if (!mnt_has_parent(old_path.mnt))
goto out1;
if (S_ISDIR(path->dentry->d_inode->i_mode) !=
@@ -1954,7 +1954,7 @@ static int do_move_mount(struct path *path, const char *old_name)
tree_contains_unbindable(old_path.mnt))
goto out1;
err = -ELOOP;
- for (p = path->mnt; p->mnt_parent != p; p = p->mnt_parent)
+ for (p = path->mnt; mnt_has_parent(p); p = p->mnt_parent)
if (p == old_path.mnt)
goto out1;
@@ -2658,17 +2658,17 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
error = -EINVAL;
if (root.mnt->mnt_root != root.dentry)
goto out4; /* not a mountpoint */
- if (root.mnt->mnt_parent == root.mnt)
+ if (!mnt_has_parent(root.mnt))
goto out4; /* not attached */
if (new.mnt->mnt_root != new.dentry)
goto out4; /* not a mountpoint */
- if (new.mnt->mnt_parent == new.mnt)
+ if (!mnt_has_parent(new.mnt))
goto out4; /* not attached */
/* make sure we can reach put_old from new_root */
tmp = old.mnt;
if (tmp != new.mnt) {
for (;;) {
- if (tmp->mnt_parent == tmp)
+ if (!mnt_has_parent(tmp))
goto out4; /* already mounted on put_old */
if (tmp->mnt_parent == new.mnt)
break;
diff --git a/fs/pnode.c b/fs/pnode.c
index dfccfef..b3adaa4 100644
--- a/fs/pnode.c
+++ b/fs/pnode.c
@@ -36,7 +36,7 @@ static inline struct vfsmount *next_slave(struct vfsmount *p)
static bool is_path_reachable(struct vfsmount *mnt, struct dentry *dentry,
const struct path *root)
{
- while (mnt != root->mnt && mnt->mnt_parent != mnt) {
+ while (mnt != root->mnt && mnt_has_parent(mnt)) {
dentry = mnt->mnt_mountpoint;
mnt = mnt->mnt_parent;
}
diff --git a/fs/pnode.h b/fs/pnode.h
index 3b6eae3..c3cefc7 100644
--- a/fs/pnode.h
+++ b/fs/pnode.h
@@ -9,7 +9,7 @@
#define _LINUX_PNODE_H
#include <linux/list.h>
-#include <linux/mount.h>
+#include "mount.h"
#define IS_MNT_SHARED(mnt) (mnt->mnt_flags & MNT_SHARED)
#define IS_MNT_SLAVE(mnt) (mnt->mnt_master)