LP#1465998 -- overlayfs "rmdir" panic issue
Andy Whitcroft
apw at canonical.com
Wed Jun 17 19:58:16 UTC 2015
On Wed, Jun 17, 2015 at 02:06:07PM -0500, Tyler Hicks wrote:
> On 2015-06-17 19:17:46, Andy Whitcroft wrote:
> > The overlayfs emergency CVE fix backports for trusty, precise and utopic
> > have the potential to trigger a kernel panic in the face of cirtain
> > operations against directory objects only on the lower layer (at least).
> > Following this email are patches for trusty, precise and utopic.
> >
> > Proposing for SRU to trusty, precise and utopic. Vivid and Wily should
> > not be affected.
> >
> > Reviews appreciated.
>
> Hi Andy - These patches look mostly correct to me but I'm curious why
> you chose to wrap some ovl_dentry_root_may() call sites with the NULL
> dentry check and left others without such a check?
>
> I would have expected ovl_dentry_root_may() to be changed to return 0 if
> realpath->dentry is NULL so that we don't miss adding the check to any
> ovl_dentry_root_may() callers.
The reasoning is that the call sites in the equivalent code in mainline
(see V or W) have these checks round the ovl_dentry_root_may() calls.
These specific calls were only pulled out of those checks in the affected
places to avoid having to change the function signatures of the various
functions. In pulling them out for that reason I neglected to pull out
the protecting checks, which this patch is inserting.
Likely, a "proper" patch for the affected series would have changed the
calling conventions thereof and pushed the ovl_dentry_root_may() calls
into the same places they are in V/W, but to avoid a lot of churn making
maintenance more difficult they were placed as late as possible where we
had the information needed.
-apw
More information about the kernel-team
mailing list