[Acked] [Precise][CVE-2014-7970][PATCH 0/3] mnt: Prevent pivot_root from creating a loop in the mount tree
Andy Whitcroft
apw at canonical.com
Fri Jan 16 10:21:48 UTC 2015
On Thu, Jan 15, 2015 at 05:49:24PM +0000, Luis Henriques wrote:
> Following this email, I am sending the backport of the CVE-2014-7970
> fix for Precise. The first 2 patches are prereqs for the actual fix
> (the 3rd patch).
>
> These 3 patches seem a bit intrusive, but most of the are actually
> cleanups -- but the code churn is still a bit high.
>
> Al Viro (2):
> vfs: new internal helper: mnt_has_parent(mnt)
> vfs: more mnt_parent cleanups
>
> Eric W. Biederman (1):
> mnt: Prevent pivot_root from creating a loop in the mount tree
>
> fs/dcache.c | 29 ++---------------------------
> fs/mount.h | 6 ++++++
> fs/namespace.c | 57 ++++++++++++++++++++++++++++++++++++---------------------
> fs/pnode.c | 15 ---------------
> fs/pnode.h | 4 +++-
> 5 files changed, 47 insertions(+), 64 deletions(-)
> create mode 100644 fs/mount.h
These three together seem to do what is claimed, the first two are the
obvious fixups claimed. The two backports seem minor and to my eye
in order. If we have any tests for this all the better. Overall:
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list