[PATCH] libmount: avoid infinite loop in child fs iteration

public inbox for util-linux@vger.kernel.org
 help / color / mirror / Atom feed

From: Dave Reisner <d@falconindy.com>
To: util-linux@vger.kernel.org
Cc: Dave Reisner <dreisner@archlinux.org>
Subject: [PATCH] libmount: avoid infinite loop in child fs iteration
Date: Sun,  4 Mar 2012 16:08:39 -0500	[thread overview]
Message-ID: <1330895319-1818-1-git-send-email-dreisner@archlinux.org> (raw)

In early userspace, the rootfs is mounted with itself as its parent.
Example /proc/self/mountinfo:

1 1 0:1 / / rw - rootfs rootfs rw
14 1 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
15 1 0:13 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sys rw
16 1 0:5 / /dev rw,nosuid,relatime - devtmpfs dev rw,size=506956k
17 1 0:14 / /run rw,nosuid,nodev,relatime - tmpfs run rw,mode=755

This causes an infinite loop in mnt_table_next_child_fs, and is
evidenced by a crash via infinite recursion in findmnt. Simply catch the
condition where the ID of the parent is the ID of the current fs we're
examining and skip over it to the next mount in the table.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
---
 libmount/src/tab.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libmount/src/tab.c b/libmount/src/tab.c
index 9992c9c..54d58c8 100644
--- a/libmount/src/tab.c
+++ b/libmount/src/tab.c
@@ -286,6 +286,11 @@ int mnt_table_next_child_fs(struct libmnt_table *tb, struct libmnt_iter *itr,
 
 		id = mnt_fs_get_id(fs);
 
+		/* avoid infinite loop. This only happens in rare cases
+		 * such as in early userspace when the rootfs is its own parent */
+		if (id == parent_id)
+			continue;
+
 		if ((!lastchld_id || id > lastchld_id) &&
 		    (!*chld || id < chld_id)) {
 			*chld = fs;
-- 
1.7.9.2

next             reply	other threads:[~2012-03-04 21:08 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-04 21:08 Dave Reisner [this message]
2012-03-08 15:09 ` [PATCH] libmount: avoid infinite loop in child fs iteration Karel Zak

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9992c9c dfblob:54d58c8 )
 OR (
bs:"[PATCH] libmount: avoid infinite loop in child fs iteration" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1330895319-1818-1-git-send-email-dreisner@archlinux.org \
    --to=d@falconindy.com \
    --cc=dreisner@archlinux.org \
    --cc=util-linux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox