+++ /dev/null
-From e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9 Mon Sep 17 00:00:00 2001
-From: Jann Horn <jannh@google.com>
-Date: Wed, 1 Jun 2016 11:55:05 +0200
-Subject: proc: prevent stacking filesystems on top
-
-From: Jann Horn <jannh@google.com>
-
-commit e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9 upstream.
-
-This prevents stacking filesystems (ecryptfs and overlayfs) from using
-procfs as lower filesystem. There is too much magic going on inside
-procfs, and there is no good reason to stack stuff on top of procfs.
-
-(For example, procfs does access checks in VFS open handlers, and
-ecryptfs by design calls open handlers from a kernel thread that doesn't
-drop privileges or so.)
-
-Signed-off-by: Jann Horn <jannh@google.com>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/proc/root.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
---- a/fs/proc/root.c
-+++ b/fs/proc/root.c
-@@ -122,6 +122,13 @@ static struct dentry *proc_mount(struct
- if (IS_ERR(sb))
- return ERR_CAST(sb);
-
-+ /*
-+ * procfs isn't actually a stacking filesystem; however, there is
-+ * too much magic going on inside it to permit stacking things on
-+ * top of it
-+ */
-+ sb->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH;
-+
- if (!proc_parse_options(options, ns)) {
- deactivate_locked_super(sb);
- return ERR_PTR(-EINVAL);
parisc-fix-pagefault-crash-in-unaligned-__get_user-call.patch
ecryptfs-forbid-opening-files-without-mmap-handler.patch
wext-fix-32-bit-iwpriv-compatibility-issue-with-64-bit-kernel.patch
-proc-prevent-stacking-filesystems-on-top.patch
fix-d_walk-non-delayed-__d_free-race.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
