ACK: [PATCH][SRU][Disco] UBUNTU: SAUCE: shiftfs: prevent use-after-free when verifying mount options

[Seth Forshee]

On Mon, Apr 15, 2019 at 03:21:55PM +0200, Christian Brauner wrote:
> BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824735
> 
> Copy up the passthrough mount settings of the mark mount point to the
> shiftfs overlay.
> 
> Before this commit we used to keep a reference to the shiftfs mark
> mount's shiftfs_super_info which was stashed in the superblock of the
> mark mount. The problem is that we only take a reference to the mount of
> the underlay, i.e. the filesystem that is *under* the shiftfs mark
> mount. This means when someone performs a shiftfs mark mount, then a
> shiftfs overlay mount and then immediately unmounts the shiftfs mark
> mount we muck with invalid memory since shiftfs_put_super might have
> already been called freeing that memory.
> 
> Another solution would be to start reference counting. But this would be
> overkill. We only care about the passthrough mount option of the mark
> mount. And we only need it to verify that on remount the new passthrough
> options of the shiftfs overlay are a subset of the mark mount's
> passthrough options. In other scenarios we don't care. So copying up is
> good enough and also only needs to happen once on mount, i.e. when a new
> superblock is created and the .fill_super method is called.
> 
> Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>

Avoids use-after-free. Removing checks of mark mount's passthrough
options for ioctls is okay because the mount's passthrough flags are
strictly limited to be a subset of the mark mount's flags, and the mark
mount's flags are not allowed to change. So this all looks good.

One note for applying, the buglink should be changed to the standard
format.

Acked-by: Seth Forshee <seth.forshee at canonical.com>