lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 19 Apr 2011 14:04:00 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Roman Borisov <ext-roman.borisov@...ia.com>
Cc:	viro@...iv.linux.org.uk, linux-kernel@...r.kernel.org,
	vda.linux@...glemail.com, cebbert@...hat.com, virtuoso@...nd.org
Subject: Re: [PATCH] fs: bound mount propagation fix

On Fri,  1 Apr 2011 18:48:20 +0400
Roman Borisov <ext-roman.borisov@...ia.com> wrote:

> I think MS_SILENT shouldn't be cleared anywhere. I suppose the bug is in 
> MS_SHARED options checking. Please see the patch below.
> 
> Fixed MS_SHARED, MS_SLAVE, MS_UNBINDABLE option handling; 
> Existing options check doesn't allow to have any options combinations 
> because of integer comparison (not bitwise).
> 

(when fixing a bug, please include a *complete* description of that bug
in the changelog.  It should include a description of the user-visible
misbehaviour and a description of the coding error).


The vfs code is pretty confusing about whether `type' is supposed to be
a scalar or a bitfield.

flags_to_propagation_type() has that is_power_of-two() check in there
to reject more-than-one-bit-set.

>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 2beb0fb..e0cf263 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -1434,7 +1434,7 @@ static int do_change_type(struct path *path, int flag)
>  		return -EINVAL;
>  
>  	down_write(&namespace_sem);
> -	if (type == MS_SHARED) {
> +	if (type & MS_SHARED) {

So this change won't do anything, because do_change_type() has used
flags_to_propagation_type().

>  		err = invent_group_ids(mnt, recurse);
>  		if (err)
>  			goto out_unlock;
> diff --git a/fs/pnode.c b/fs/pnode.c
> index 8d5f392..0c9dc54 100644
> --- a/fs/pnode.c
> +++ b/fs/pnode.c
> @@ -128,15 +128,15 @@ static int do_make_slave(struct vfsmount *mnt)
>  
>  void change_mnt_propagation(struct vfsmount *mnt, int type)
>  {
> -	if (type == MS_SHARED) {
> +	if (type & MS_SHARED) {
>  		set_mnt_shared(mnt);
>  		return;
>  	}
>  	do_make_slave(mnt);
> -	if (type != MS_SLAVE) {
> +	if (!(type & MS_SLAVE)) {
>  		list_del_init(&mnt->mnt_slave);
>  		mnt->mnt_master = NULL;
> -		if (type == MS_UNBINDABLE)
> +		if (type & MS_UNBINDABLE)
>  			mnt->mnt_flags |= MNT_UNBINDABLE;
>  		else
>  			mnt->mnt_flags &= ~MNT_UNBINDABLE;

And afaict, no caller of change_mnt_propagation() will pass in a `type'
with more than a single bit set.  umount_tree() passed MS_PRIVATE and
do_change_type() uses flags_to_propagation_type().

So as far as I can tell, this patch won't fix anything??
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ