| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Oct 2014 15:07:37 +0300
From: Serge Kosyrev <skosyrev@...ecurity.com>
To: <linux-kernel@...r.kernel.org>
Subject: Fun with looping binds over proc
Good day!
First, let me show how it looks and feels on my system:
[deepfire@...romedae:~/repro-kernel-loop-mount]$ uname -a
Linux andromedae 3.14.22 #1-NixOS SMP Thu Jan 1 00:00:01 UTC 1970 x86_64 GNU/Linux
[deepfire@...romedae:~/repro-kernel-loop-mount]$ ls
repro.sh
[deepfire@...romedae:~/repro-kernel-loop-mount]$ cat repro.sh
#!/bin/sh
test -d dir/rec || mkdir -p dir/rec
test -d dir/proc || mkdir -p dir/proc
mount --bind . dir/rec
mount --make-private --make-unbindable dir/rec
mount none -t proc dir/proc
umount dir/rec
umount dir/proc
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.045s
user 0m0.012s
sys 0m0.007s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.035s
user 0m0.009s
sys 0m0.009s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.042s
user 0m0.012s
sys 0m0.010s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.039s
user 0m0.013s
sys 0m0.011s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.043s
user 0m0.009s
sys 0m0.011s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.048s
user 0m0.011s
sys 0m0.013s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.052s
user 0m0.016s
sys 0m0.012s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.059s
user 0m0.008s
sys 0m0.031s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.067s
user 0m0.005s
sys 0m0.042s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.116s
user 0m0.011s
sys 0m0.088s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.291s
user 0m0.009s
sys 0m0.262s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m0.857s
user 0m0.011s
sys 0m0.819s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m1.710s
user 0m0.012s
sys 0m1.634s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m3.186s
user 0m0.010s
sys 0m3.023s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m6.732s
user 0m0.013s
sys 0m6.032s
[deepfire@...romedae:~/repro-kernel-loop-mount]$ time sudo ./repro.sh
real 0m14.541s
user 0m0.008s
sys 0m12.115s
* * *
Some extra data points:
1. Exchanging the two umounts results in expected behavior
2. Exchanging the two umounts absolves the need in 'mount --make-private --make-unbindable dir/rec'
3. I don't see it on 3.12.something Ubuntu kernels
--
regards,
Серёга Косырев
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists