From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: [PATCH 4.1 56/56] vfs: Ignore unlocked mounts in fs_fully_visible
Date: Wed, 8 Jul 2015 00:35:45 -0700 [thread overview]
Message-ID: <20150708073241.050533141@linuxfoundation.org> (raw)
In-Reply-To: <20150708073237.780280770@linuxfoundation.org>
4.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
commit ceeb0e5d39fcdf4dca2c997bf225c7fc49200b37 upstream.
Limit the mounts fs_fully_visible considers to locked mounts.
Unlocked can always be unmounted so considering them adds hassle
but no security benefit.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/namespace.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3185,11 +3185,15 @@ bool fs_fully_visible(struct file_system
if (mnt->mnt.mnt_root != mnt->mnt.mnt_sb->s_root)
continue;
- /* This mount is not fully visible if there are any child mounts
- * that cover anything except for empty directories.
+ /* This mount is not fully visible if there are any
+ * locked child mounts that cover anything except for
+ * empty directories.
*/
list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {
struct inode *inode = child->mnt_mountpoint->d_inode;
+ /* Only worry about locked mounts */
+ if (!(mnt->mnt.mnt_flags & MNT_LOCKED))
+ continue;
if (!S_ISDIR(inode->i_mode))
goto next;
if (inode->i_nlink > 2)
next prev parent reply other threads:[~2015-07-08 7:37 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-08 7:34 [PATCH 4.1 00/56] 4.1.2-stable review Greg Kroah-Hartman
2015-07-08 7:34 ` [PATCH 4.1 01/56] ARM: dts: sunxi: Adjust touchscreen compatible for sun5i and later Greg Kroah-Hartman
2015-07-08 7:34 ` [PATCH 4.1 02/56] ARM: clk-imx6q: refine satas parent Greg Kroah-Hartman
2015-07-08 7:34 ` [PATCH 4.1 03/56] KVM: nSVM: Check for NRIPS support before updating control field Greg Kroah-Hartman
2015-07-08 7:34 ` [PATCH 4.1 04/56] can: fix loss of CAN frames in raw_rcv Greg Kroah-Hartman
2015-07-08 7:34 ` [PATCH 4.1 05/56] sctp: fix ASCONF list handling Greg Kroah-Hartman
2015-07-08 7:34 ` [PATCH 4.1 06/56] bridge: fix br_stp_set_bridge_priority race conditions Greg Kroah-Hartman
2015-07-08 7:34 ` [PATCH 4.1 07/56] packet: read num_members once in packet_rcv_fanout() Greg Kroah-Hartman
2015-07-08 7:34 ` [PATCH 4.1 08/56] packet: avoid out of bounds read in round robin fanout Greg Kroah-Hartman
2015-07-08 7:34 ` [PATCH 4.1 09/56] neigh: do not modify unlinked entries Greg Kroah-Hartman
2015-07-08 7:34 ` [PATCH 4.1 10/56] mac80211: fix locking in update_vlan_tailroom_need_count() Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 11/56] mvneta: add forgotten initialization of autonegotiation bits Greg Kroah-Hartman
2015-07-08 17:10 ` Stas Sergeev
2015-07-08 17:36 ` Greg Kroah-Hartman
2015-07-08 18:36 ` Stas Sergeev
2015-07-08 19:36 ` Arnaud Ebalard
2015-07-08 20:15 ` Stas Sergeev
2015-07-08 21:31 ` Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 12/56] tcp: Do not call tcp_fastopen_reset_cipher from interrupt context Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 13/56] xen-netback: fix a BUG() during initialization Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 14/56] ip: report the original address of ICMP messages Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 15/56] net/mlx4_en: Release TX QP when destroying TX ring Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 16/56] net/mlx4_en: Wake TX queues only when theres enough room Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 17/56] net/mlx4_en: Fix wrong csum complete report when rxvlan offload is disabled Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 18/56] mlx4: Disable HA for SRIOV PF RoCE devices Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 19/56] net: phy: fix phy link up when limiting speed via device tree Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 20/56] bnx2x: fix lockdep splat Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 21/56] sctp: Fix race between OOTB responce and route removal Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 22/56] amd-xgbe: Add the __GFP_NOWARN flag to Rx buffer allocation Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 23/56] net: mvneta: introduce compatible string "marvell, armada-xp-neta" Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 24/56] ARM: mvebu: update Ethernet compatible string for Armada XP Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 25/56] net: mvneta: disable IP checksum with jumbo frames for Armada 370 Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 26/56] usb: gadget: f_fs: add extra check before unregister_gadget_item Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 27/56] crypto: talitos - avoid memleak in talitos_alg_alloc() Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 28/56] Revert "crypto: talitos - convert to use be16_add_cpu()" Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 29/56] iommu/arm-smmu: Fix broken ATOS check Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 30/56] iommu/amd: Handle large pages correctly in free_pagetable Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 31/56] mmc: sdhci: fix low memory corruption Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 32/56] intel_pstate: set BYT MSR with wrmsrl_on_cpu() Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 33/56] selinux: fix setting of security labels on NFS Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 34/56] arm: KVM: force execution of HCPTR access on VM exit Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 35/56] ARM: kvm: psci: fix handling of unimplemented functions Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 36/56] ARM: tegra20: Store CPU "resettable" status in IRAM Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 37/56] ARM: mvebu: fix suspend to RAM on big-endian configurations Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 38/56] tick/idle/powerpc: Do not register idle states with CPUIDLE_FLAG_TIMER_STOP set in periodic mode Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 39/56] powerpc/perf: Fix book3s kernel to userspace backtraces Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 40/56] x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 41/56] x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 42/56] KVM: mips: use id_to_memslot correctly Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 43/56] MIPS: Fix KVM guest fixmap address Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 44/56] KVM: s390: fix external call injection without sigp interpretation Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 45/56] KVM: s390: clear floating interrupt bitmap and parameters Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 46/56] s390/bpf: Fix backward jumps Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 47/56] s390/kdump: fix REGSET_VX_LOW vector register ELF notes Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 48/56] KVM: s390: virtio-ccw: dont overwrite config space values Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 49/56] KVM: arm/arm64: vgic: Avoid injecting reserved IRQ numbers Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 52/56] fs: Fix S_NOSEC handling Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 53/56] fs/ufs: revert "ufs: fix deadlocks introduced by sb mutex merge" Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 54/56] fs/ufs: restore s_lock mutex Greg Kroah-Hartman
2015-07-08 16:28 ` Fabian Frederick
2015-07-08 17:32 ` Greg Kroah-Hartman
2015-07-08 21:32 ` Greg Kroah-Hartman
2015-07-09 14:37 ` Luis Henriques
2015-07-10 17:38 ` Greg Kroah-Hartman
2015-07-08 7:35 ` [PATCH 4.1 55/56] vfs: Remove incorrect debugging WARN in prepend_path Greg Kroah-Hartman
2015-07-08 7:35 ` Greg Kroah-Hartman [this message]
2015-07-08 14:11 ` [PATCH 4.1 00/56] 4.1.2-stable review Guenter Roeck
2015-07-10 17:30 ` Greg Kroah-Hartman
2015-07-08 16:34 ` Shuah Khan
2015-07-10 17:30 ` Greg Kroah-Hartman
2015-07-09 4:57 ` Sudip Mukherjee
2015-07-10 17:31 ` Greg Kroah-Hartman
2015-07-10 16:08 ` Kevin Hilman
2015-07-10 17:33 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150708073241.050533141@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).