git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Christian Brauner <christian@brauner.io>
	Mon, 15 Apr 2019 13:21:55 +0000 (15:21 +0200)
committer	Paolo Pisati <paolo.pisati@canonical.com>
	Tue, 2 Nov 2021 07:24:45 +0000 (08:24 +0100)
commit	14ba9a56f5088b2c8e4c4dfc818c94c31fbe88ef
tree	2b5ed6ede9380238ea28d71421a548a4f75f2528	tree
parent	25af0f236a41a586039418d9da29d1d9e99cfd1f	commit \| diff

UBUNTU: SAUCE: shiftfs: prevent use-after-free when verifying mount options

BugLink: https://bugs.launchpad.net/bugs/1824735
Copy up the passthrough mount settings of the mark mount point to the
shiftfs overlay.

Before this commit we used to keep a reference to the shiftfs mark
mount's shiftfs_super_info which was stashed in the superblock of the
mark mount. The problem is that we only take a reference to the mount of
the underlay, i.e. the filesystem that is *under* the shiftfs mark
mount. This means when someone performs a shiftfs mark mount, then a
shiftfs overlay mount and then immediately unmounts the shiftfs mark
mount we muck with invalid memory since shiftfs_put_super might have
already been called freeing that memory.

Another solution would be to start reference counting. But this would be
overkill. We only care about the passthrough mount option of the mark
mount. And we only need it to verify that on remount the new passthrough
options of the shiftfs overlay are a subset of the mark mount's
passthrough options. In other scenarios we don't care. So copying up is
good enough and also only needs to happen once on mount, i.e. when a new
superblock is created and the .fill_super method is called.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>