diff options
author | Miklos Szeredi <mszeredi@suse.cz> | 2010-10-05 06:31:09 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2010-10-25 21:24:16 -0400 |
commit | be1a16a0ae29a7c90081a657b64aa51cb1a65a27 (patch) | |
tree | 18bef9178b1142d839b906ce3bf38c92eb650ee8 | |
parent | 89b0fc38cca4e6c92a90b58960881ffc5dddd89c (diff) |
vfs: fix infinite loop caused by clone_mnt race
If clone_mnt() happens while mnt_make_readonly() is running, the
cloned mount might have MNT_WRITE_HOLD flag set, which results in
mnt_want_write() spinning forever on this mount.
Needs CAP_SYS_ADMIN to trigger deliberately and unlikely to happen
accidentally. But if it does happen it can hang the machine.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | fs/namespace.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index 7ca5182c0bed..8a415c9c5e55 100644 --- a/fs/namespace.c +++ b/fs/namespace.c | |||
@@ -595,7 +595,7 @@ static struct vfsmount *clone_mnt(struct vfsmount *old, struct dentry *root, | |||
595 | goto out_free; | 595 | goto out_free; |
596 | } | 596 | } |
597 | 597 | ||
598 | mnt->mnt_flags = old->mnt_flags; | 598 | mnt->mnt_flags = old->mnt_flags & ~MNT_WRITE_HOLD; |
599 | atomic_inc(&sb->s_active); | 599 | atomic_inc(&sb->s_active); |
600 | mnt->mnt_sb = sb; | 600 | mnt->mnt_sb = sb; |
601 | mnt->mnt_root = dget(root); | 601 | mnt->mnt_root = dget(root); |