On Tue, Jul 09, 2019 at 09:54:24PM +0100, Al Viro wrote:
> On Tue, Jul 09, 2019 at 12:40:01PM -0700, Eric Biggers wrote:
> > On Tue, Jul 02, 2019 at 11:22:59AM -0700, Eric Biggers wrote:
> > >
> > > Sure, but the new mount syscalls still need tests. Where are the tests?
> > >
> >
> > Still
On Tue, Jul 09, 2019 at 12:40:01PM -0700, Eric Biggers wrote:
> On Tue, Jul 02, 2019 at 11:22:59AM -0700, Eric Biggers wrote:
> >
> > Sure, but the new mount syscalls still need tests. Where are the tests?
> >
>
> Still waiting for an answer to this question.
In samples/vfs/fsmount.c, IIRC,
On Tue, Jul 02, 2019 at 11:22:59AM -0700, Eric Biggers wrote:
>
> Sure, but the new mount syscalls still need tests. Where are the tests?
>
Still waiting for an answer to this question.
Did we just release 6 new syscalls with no tests?
I don't understand how that is even remotely acceptable.
On Mon, Jul 01, 2019 at 07:22:39PM +0100, Al Viro wrote:
> On Mon, Jul 01, 2019 at 09:45:37AM -0700, Eric Biggers wrote:
> > On Sat, Jun 29, 2019 at 01:27:44PM -0700, Eric Biggers wrote:
> > >
> > > Reproducer:
> > >
> > > #include
> > >
> > > #define __NR_move_mount 429
> > >
On Mon, Jul 01, 2019 at 07:22:39PM +0100, Al Viro wrote:
> FWIW, it's not just move_mount(2) - I'd expect
>
> int fds[2];
> char s[80];
>
> pipe(fds);
> sprintf(s, "/dev/fd/%d", fds[0]);
> mount(s, "/dev/null", NULL, MS_MOVE, 0);
>
> to step into exactly the same
On Mon, Jul 01, 2019 at 09:45:37AM -0700, Eric Biggers wrote:
> On Sat, Jun 29, 2019 at 01:27:44PM -0700, Eric Biggers wrote:
> >
> > Reproducer:
> >
> > #include
> >
> > #define __NR_move_mount 429
> > #define MOVE_MOUNT_F_EMPTY_PATH 0x0004
> >
> > int main()
> >
On Sat, Jun 29, 2019 at 01:27:44PM -0700, Eric Biggers wrote:
>
> Reproducer:
>
> #include
>
> #define __NR_move_mount 429
> #define MOVE_MOUNT_F_EMPTY_PATH 0x0004
>
> int main()
> {
> int fds[2];
>
> pipe(fds);
>
On Mon, Jul 01, 2019 at 02:08:48AM +0100, Al Viro wrote:
>
> Let's reorder that a bit:
> /* The mountpoint must be in our namespace. */
> if (!check_mnt(p))
> goto out;
>
> /* The thing moved must be mounted... */
> if (!is_mounted(old_path->mnt))
>
On Mon, Jul 01, 2019 at 08:38:10AM +0100, David Howells wrote:
> Al Viro wrote:
>
> > /* The thing moved must be mounted... */
> > if (!is_mounted(old_path->mnt))
> > goto out;
>
> Um... Doesn't that stuff up fsmount()?
Nope - check is_mounted() definition. Stuff in anon
Al Viro wrote:
> /* The thing moved must be mounted... */
> if (!is_mounted(old_path->mnt))
> goto out;
Um... Doesn't that stuff up fsmount()?
David
On Sat, Jun 29, 2019 at 09:39:16PM +0100, Al Viro wrote:
> On Sat, Jun 29, 2019 at 01:27:44PM -0700, Eric Biggers wrote:
>
> > @@ -2600,7 +2600,7 @@ static int do_move_mount(struct path *old_path,
> > struct path *new_path)
> > if (attached && !check_mnt(old))
> > goto out;
> >
On Sat, Jun 29, 2019 at 01:27:44PM -0700, Eric Biggers wrote:
> @@ -2600,7 +2600,7 @@ static int do_move_mount(struct path *old_path, struct
> path *new_path)
> if (attached && !check_mnt(old))
> goto out;
>
> - if (!attached && !(ns && is_anon_ns(ns)))
> + if
From: Eric Biggers
sys_move_mount() crashes by dereferencing the pointer MNT_NS_INTERNAL,
a.k.a. ERR_PTR(-EINVAL), if the old mount is specified by fd for a
kernel object with an internal mount, such as a pipe or memfd.
Fix it by checking for this case and returning -EINVAL.
Reproducer:
13 matches
Mail list logo
