Hey Andrew! Folks!
the proc_check_chroot() function does the check
in a very unintuitive way (keeping a copy of the
argument, then modifying the argument), and has
uncommented sideeffects ...
please consider this 'trivial' cleanup so that
nobody gets confused there (as I was) ...
Signed-off-by: Herbert Poetzl <[email protected]>
---
--- linux-2.6.16-rc2/fs/proc/base.c 2006-02-07 11:53:02 +0100
+++ linux-2.6.16-rc2-mnt/fs/proc/base.c 2006-02-10 12:37:35 +0100
@@ -531,6 +531,8 @@ static int proc_oom_score
/* If the process being read is separated by chroot from the reading process,
* don't let the reader access the threads.
+ *
+ * note: this does dput(root) and mntput(vfsmnt) on exit.
*/
static int proc_check_chroot(struct dentry *root, struct vfsmount *vfsmnt)
{
@@ -537,6 +539,7 @@ static int proc_check_chroot
struct dentry *de, *base;
struct vfsmount *our_vfsmnt, *mnt;
int res = 0;
+
read_lock(¤t->fs->lock);
our_vfsmnt = mntget(current->fs->rootmnt);
base = dget(current->fs->root);
@@ -546,11 +549,11 @@ static int proc_check_chroot
de = root;
mnt = vfsmnt;
- while (vfsmnt != our_vfsmnt) {
- if (vfsmnt == vfsmnt->mnt_parent)
+ while (mnt != our_vfsmnt) {
+ if (mnt == mnt->mnt_parent)
goto out;
- de = vfsmnt->mnt_mountpoint;
- vfsmnt = vfsmnt->mnt_parent;
+ de = mnt->mnt_mountpoint;
+ mnt = mnt->mnt_parent;
}
if (!is_subdir(de, base))
@@ -561,7 +564,7 @@ exit:
dput(base);
mntput(our_vfsmnt);
dput(root);
- mntput(mnt);
+ mntput(vfsmnt);
return res;
out:
spin_unlock(&vfsmount_lock);