diff options
| author | Eric Biggers <[email protected]> | 2019-06-29 13:27:44 -0700 |
|---|---|---|
| committer | Al Viro <[email protected]> | 2019-07-01 10:46:36 -0400 |
| commit | 570d7a98e7d6d5d8706d94ffd2d40adeaa318332 (patch) | |
| tree | 56980b6ac051d46174e62c1919ec14d02d25ad5d /drivers/fpga/socfpga.c | |
| parent | d728cf79164bb38e9628d15276e636539f857ef1 (diff) | |
vfs: move_mount: reject moving kernel internal mounts
sys_move_mount() crashes by dereferencing the pointer MNT_NS_INTERNAL,
a.k.a. ERR_PTR(-EINVAL), if the old mount is specified by fd for a
kernel object with an internal mount, such as a pipe or memfd.
Fix it by checking for this case and returning -EINVAL.
[AV: what we want is is_mounted(); use that instead of making the
condition even more convoluted]
Reproducer:
#include <unistd.h>
#define __NR_move_mount 429
#define MOVE_MOUNT_F_EMPTY_PATH 0x00000004
int main()
{
int fds[2];
pipe(fds);
syscall(__NR_move_mount, fds[0], "", -1, "/", MOVE_MOUNT_F_EMPTY_PATH);
}
Reported-by: [email protected]
Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Al Viro <[email protected]>
Diffstat (limited to 'drivers/fpga/socfpga.c')
0 files changed, 0 insertions, 0 deletions