| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150429023613.GM889@ZenIV.linux.org.uk> Date: Wed, 29 Apr 2015 03:36:13 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Leon Ma <xindong.ma@...el.com> Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Validate pointer when copying mount namespace. On Wed, Apr 29, 2015 at 09:56:43AM +0800, Leon Ma wrote: > We encountered following panic. Validate the pointer to avoid this. > @@ -2788,7 +2788,7 @@ struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns, > q = next_mnt(q, new); > if (!q) > break; > - while (p->mnt.mnt_root != q->mnt.mnt_root) > + while (p && p->mnt.mnt_root != q->mnt.mnt_root) > p = next_mnt(p, old); > } > namespace_unlock(); Details, please. How do you reproduce that behaviour? I don't like that loop in its current form (it relies upon _not_ encountering the same ->mnt_root in the parts of tree we hadn't copied), but your change doesn't make it any better. Seeing a reproducer would be useful in sorting it out; in this form the patch papers over the bug rather than fixing it. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists