Merge branch 'stacking-fixes' (vfs stacking fixes from Jann)
Merge filesystem stacking fixes from Jann Horn. * emailed patches from Jann Horn <jannh@google.com>: sched: panic on corrupted stack end ecryptfs: forbid opening files without mmap handler proc: prevent stacking filesystems on top
This commit is contained in:
commit
f5364c150a
|
@ -25,6 +25,7 @@
|
||||||
#include <linux/slab.h>
|
#include <linux/slab.h>
|
||||||
#include <linux/wait.h>
|
#include <linux/wait.h>
|
||||||
#include <linux/mount.h>
|
#include <linux/mount.h>
|
||||||
|
#include <linux/file.h>
|
||||||
#include "ecryptfs_kernel.h"
|
#include "ecryptfs_kernel.h"
|
||||||
|
|
||||||
struct ecryptfs_open_req {
|
struct ecryptfs_open_req {
|
||||||
|
@ -147,7 +148,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
|
||||||
flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
|
flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
|
||||||
(*lower_file) = dentry_open(&req.path, flags, cred);
|
(*lower_file) = dentry_open(&req.path, flags, cred);
|
||||||
if (!IS_ERR(*lower_file))
|
if (!IS_ERR(*lower_file))
|
||||||
goto out;
|
goto have_file;
|
||||||
if ((flags & O_ACCMODE) == O_RDONLY) {
|
if ((flags & O_ACCMODE) == O_RDONLY) {
|
||||||
rc = PTR_ERR((*lower_file));
|
rc = PTR_ERR((*lower_file));
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -165,8 +166,16 @@ int ecryptfs_privileged_open(struct file **lower_file,
|
||||||
mutex_unlock(&ecryptfs_kthread_ctl.mux);
|
mutex_unlock(&ecryptfs_kthread_ctl.mux);
|
||||||
wake_up(&ecryptfs_kthread_ctl.wait);
|
wake_up(&ecryptfs_kthread_ctl.wait);
|
||||||
wait_for_completion(&req.done);
|
wait_for_completion(&req.done);
|
||||||
if (IS_ERR(*lower_file))
|
if (IS_ERR(*lower_file)) {
|
||||||
rc = PTR_ERR(*lower_file);
|
rc = PTR_ERR(*lower_file);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
have_file:
|
||||||
|
if ((*lower_file)->f_op->mmap == NULL) {
|
||||||
|
fput(*lower_file);
|
||||||
|
*lower_file = NULL;
|
||||||
|
rc = -EMEDIUMTYPE;
|
||||||
|
}
|
||||||
out:
|
out:
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
|
@ -121,6 +121,13 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
|
||||||
if (IS_ERR(sb))
|
if (IS_ERR(sb))
|
||||||
return ERR_CAST(sb);
|
return ERR_CAST(sb);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* procfs isn't actually a stacking filesystem; however, there is
|
||||||
|
* too much magic going on inside it to permit stacking things on
|
||||||
|
* top of it
|
||||||
|
*/
|
||||||
|
sb->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH;
|
||||||
|
|
||||||
if (!proc_parse_options(options, ns)) {
|
if (!proc_parse_options(options, ns)) {
|
||||||
deactivate_locked_super(sb);
|
deactivate_locked_super(sb);
|
||||||
return ERR_PTR(-EINVAL);
|
return ERR_PTR(-EINVAL);
|
||||||
|
|
|
@ -3170,7 +3170,8 @@ static noinline void __schedule_bug(struct task_struct *prev)
|
||||||
static inline void schedule_debug(struct task_struct *prev)
|
static inline void schedule_debug(struct task_struct *prev)
|
||||||
{
|
{
|
||||||
#ifdef CONFIG_SCHED_STACK_END_CHECK
|
#ifdef CONFIG_SCHED_STACK_END_CHECK
|
||||||
BUG_ON(task_stack_end_corrupted(prev));
|
if (task_stack_end_corrupted(prev))
|
||||||
|
panic("corrupted stack end detected inside scheduler\n");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (unlikely(in_atomic_preempt_off())) {
|
if (unlikely(in_atomic_preempt_off())) {
|
||||||
|
|
Loading…
Reference in New Issue