Commit ce9d7f7b authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'CVE-2014-7970' of git://git.kernel.org/pub/scm/linux/kernel/git/luto/linux

Pull pivot_root() fix from Andy Lutomirski.

Prevent a leak of unreachable mounts.

* 'CVE-2014-7970' of git://git.kernel.org/pub/scm/linux/kernel/git/luto/linux:
  mnt: Prevent pivot_root from creating a loop in the mount tree
parents 2d65a9f4 0d082601
...@@ -2915,6 +2915,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, ...@@ -2915,6 +2915,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
/* make sure we can reach put_old from new_root */ /* make sure we can reach put_old from new_root */
if (!is_path_reachable(old_mnt, old.dentry, &new)) if (!is_path_reachable(old_mnt, old.dentry, &new))
goto out4; goto out4;
/* make certain new is below the root */
if (!is_path_reachable(new_mnt, new.dentry, &root))
goto out4;
root_mp->m_count++; /* pin it so it won't go away */ root_mp->m_count++; /* pin it so it won't go away */
lock_mount_hash(); lock_mount_hash();
detach_mnt(new_mnt, &parent_path); detach_mnt(new_mnt, &parent_path);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment