lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Sat, 13 Apr 2013 23:02:08 +0900
From:	Jonghwan Choi <jhbird.choi@...il.com>
To:	Al Viro <viro@...iv.linux.org.uk>, Andrey Vagin <avagin@...nvz.org>
Cc:	stable@...r.kernel.org, linux-kernel@...r.kernel.org,
	Jonghwan Choi <jhbird.choi@...sung.com>
Subject: [PATCH 3.8-stable] mnt: release locks on error path in do_loopback

From: Andrey Vagin <avagin@...nvz.org>

This patch looks like it should be in the 3.8-stable tree, should we apply
it?

------------------

From: "Andrey Vagin <avagin@...nvz.org>"

commit e9c5d8a562f01b211926d70443378eb14b29a676 upstream

do_loopback calls lock_mount(path) and forget to unlock_mount
if clone_mnt or copy_mnt fails.

[   77.661566] ================================================
[   77.662939] [ BUG: lock held when returning to user space! ]
[   77.664104] 3.9.0-rc5+ #17 Not tainted
[   77.664982] ------------------------------------------------
[   77.666488] mount/514 is leaving the kernel with locks still held!
[   77.668027] 2 locks held by mount/514:
[   77.668817]  #0:  (&sb->s_type->i_mutex_key#7){+.+.+.}, at: [<ffffffff811cca22>] lock_mount+0x32/0xe0
[   77.671755]  #1:  (&namespace_sem){+++++.}, at: [<ffffffff811cca3a>] lock_mount+0x4a/0xe0

Signed-off-by: Andrey Vagin <avagin@...nvz.org>
Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
Signed-off-by: Jonghwan Choi <jhbird.choi@...sung.com>
---
 fs/namespace.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 5dd7709..4abc8c0 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1713,7 +1713,7 @@ static int do_loopback(struct path *path, const char *old_name,
 
 	if (IS_ERR(mnt)) {
 		err = PTR_ERR(mnt);
-		goto out;
+		goto out2;
 	}
 
 	err = graft_tree(mnt, path);
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ