From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail-wm0-f67.google.com ([74.125.82.67]:55585 "EHLO
        mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751534AbeFEHAB (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Tue, 5 Jun 2018 03:00:01 -0400
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Subject: Re: [PATCH] ksys_mount: check for permissions before resource
 allocation
From: Ilya Matveychikov <matvejchikov@gmail.com>
In-Reply-To: <D2317950-0DB0-4311-ADB1-FF677B676E04@gmail.com>
Date: Tue, 5 Jun 2018 10:59:51 +0400
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
        linux-fsdevel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <BD48252B-65D7-4238-BDA2-71BAC1CEA855@gmail.com>
References: <D2317950-0DB0-4311-ADB1-FF677B676E04@gmail.com>
To: linux-kernel@vger.kernel.org
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Just CC=E2=80=99ed to some of maintainers.

$ perl scripts/get_maintainer.pl =
fs/0001-ksys_mount-check-for-permissions-before-resource-all.patch
Alexander Viro <viro@zeniv.linux.org.uk> (maintainer:FILESYSTEMS (VFS =
and infrastructure))
linux-fsdevel@vger.kernel.org (open list:FILESYSTEMS (VFS and =
infrastructure))
linux-kernel@vger.kernel.org (open list)

> On Jun 5, 2018, at 6:00 AM, Ilya Matveychikov <matvejchikov@gmail.com> =
wrote:
>=20
> Early check for mount permissions prevents possible allocation of 3
> pages from kmalloc() pool by unpriveledged user which can be used for
> spraying the kernel heap.
>=20
> Signed-off-by: Ilya V. Matveychikov <matvejchikov@gmail.com>
> ---
> fs/namespace.c | 3 +++
> 1 file changed, 3 insertions(+)
>=20
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 5f75969adff1..1ef8feb2de2a 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -3046,6 +3046,9 @@ int ksys_mount(char __user *dev_name, char =
__user *dir_name, char __user *type,
> 	char *kernel_dev;
> 	void *options;
>=20
> +	if (!may_mount())
> +		return -EPERM;
> +
> 	kernel_type =3D copy_mount_string(type);
> 	ret =3D PTR_ERR(kernel_type);
> 	if (IS_ERR(kernel_type))
> --
> 2.17.0
>=20