| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Oct 2023 10:06:18 +0100
From: Miklos Szeredi <mszeredi@...hat.com>
To: Ian Kent <raven@...maw.net>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-api@...r.kernel.org, linux-man@...r.kernel.org,
linux-security-module@...r.kernel.org, Karel Zak <kzak@...hat.com>,
David Howells <dhowells@...hat.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Al Viro <viro@...iv.linux.org.uk>,
Christian Brauner <christian@...uner.io>,
Amir Goldstein <amir73il@...il.com>,
Matthew House <mattlloydhouse@...il.com>,
Florian Weimer <fweimer@...hat.com>,
Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH v4 2/6] mounts: keep list of mounts in an rbtree
On Mon, Oct 30, 2023 at 6:45 AM Ian Kent <raven@...maw.net> wrote:
> Is fs/namespace.c:iterate_mounts() a problem?
>
> It's called from:
>
> 1) ./kernel/audit_tree.c:709: if (iterate_mounts(compare_root,
> 2) ./kernel/audit_tree.c:839: err = iterate_mounts(tag_mount, tree, mnt);
> 3) ./kernel/audit_tree.c:917: failed = iterate_mounts(tag_mount,
> tree, tagged);
>
>
> From functions 1) audit_trim_trees(), 2) audit_add_tree_rule() and
>
> 3) audit_tag_tree().
So that interface works like this:
- collect_mounts() creates a temporary copy of a mount tree, mounts
are chained on mnt_list.
- iterate_mounts() is used to do some work on the temporary tree
- drop_collected_mounts() frees the temporary tree
These mounts are never installed in a namespace. My guess is that a
private copy is used instead of the original mount tree to prevent
races.
Thanks,
Miklos
Powered by blists - more mailing lists