LP#1465998 -- overlayfs "rmdir" panic issue

Tyler Hicks tyhicks at canonical.com
Wed Jun 17 20:14:11 UTC 2015


On 2015-06-17 20:58:16, Andy Whitcroft wrote:
> On Wed, Jun 17, 2015 at 02:06:07PM -0500, Tyler Hicks wrote:
> > On 2015-06-17 19:17:46, Andy Whitcroft wrote:
> > > The overlayfs emergency CVE fix backports for trusty, precise and utopic
> > > have the potential to trigger a kernel panic in the face of cirtain
> > > operations against directory objects only on the lower layer (at least).
> > > Following this email are patches for trusty, precise and utopic.
> > > 
> > > Proposing for SRU to trusty, precise and utopic.  Vivid and Wily should
> > > not be affected.
> > > 
> > > Reviews appreciated.
> > 
> > Hi Andy - These patches look mostly correct to me but I'm curious why
> > you chose to wrap some ovl_dentry_root_may() call sites with the NULL
> > dentry check and left others without such a check?
> > 
> > I would have expected ovl_dentry_root_may() to be changed to return 0 if
> > realpath->dentry is NULL so that we don't miss adding the check to any
> > ovl_dentry_root_may() callers.
> 
> The reasoning is that the call sites in the equivalent code in mainline
> (see V or W) have these checks round the ovl_dentry_root_may() calls.
> These specific calls were only pulled out of those checks in the affected
> places to avoid having to change the function signatures of the various
> functions.  In pulling them out for that reason I neglected to pull out
> the protecting checks, which this patch is inserting.
> 
> Likely, a "proper" patch for the affected series would have changed the
> calling conventions thereof and pushed the ovl_dentry_root_may() calls
> into the same places they are in V/W, but to avoid a lot of churn making
> maintenance more difficult they were placed as late as possible where we
> had the information needed.

Ok, that makes sense.

ACK from me. Thanks!

Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20150617/13b9adde/attachment.sig>


More information about the kernel-team mailing list