[RHEL7,COMMIT] ms/fs: Avoid userspace mounting anon_inodefs filesystem

Submitted by Konstantin Khorenko on Dec. 19, 2017, 11:03 a.m.

Details

Message ID 201712191103.vBJB3WeV017358@finist_ce7.work
State New
Series "ms/fs: Avoid userspace mounting anon_inodefs filesystem"
Headers show

Commit Message

Konstantin Khorenko Dec. 19, 2017, 11:03 a.m.
The commit is pushed to "branch-rh7-3.10.0-693.11.1.vz7.39.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-693.11.1.vz7.39.7
------>
commit 057c9fd670be52cbb90125b099f920365ef61cd5
Author: Jan Kara <jack@suse.cz>
Date:   Tue Dec 19 14:03:31 2017 +0300

    ms/fs: Avoid userspace mounting anon_inodefs filesystem
    
    Patchset description:
    Do not expose anon_inodefs to userspace
    
    anon_inodefs is special. It should only be mounted once by the kernel
    and should not be exposed to userspace directly, otherwise hard-to-debug
    memory corruptions and other problems may happen.
    
    This patch series prevents such problems.
    
    I suppose, there is no security impact here because anon_inodefs is not
    available in CTs and the non-root users on the host are unable to mount
    it as well.
    
    Still, the fuzzers like Syzkaller run into anon_inodefs-related issues
    quite often. So it is worth to include these fixes, in my opinion, at
    least to make kernel fuzz testing a bit easier.
    
    ======================================================
    This patch description:
    
    anon_inodefs filesystem is a kernel internal filesystem userspace
    shouldn't mess with. Remove registration of it so userspace cannot
    even try to mount it (which would fail anyway because the filesystem is
    MS_NOUSER).
    
    This fixes an oops triggered by trinity when it tried mounting
    anon_inodefs which overwrote anon_inode_inode pointer while other CPU
    has been in anon_inode_getfile() between ihold() and d_instantiate().
    Thus effectively creating dentry pointing to an inode without holding a
    reference to it.
    
    Reported-by: Sasha Levin <sasha.levin@oracle.com>
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    
    ms commit: d6f2589ad561 ("fs: Avoid userspace mounting anon_inodefs
    filesystem")
    
    https://jira.sw.ru/browse/PSBM-75068
    
    Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
---
 fs/anon_inodes.c | 3 ---
 1 file changed, 3 deletions(-)

Patch hide | download patch | download mbox

diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
index 24084732b1d0..4b4543b8b894 100644
--- a/fs/anon_inodes.c
+++ b/fs/anon_inodes.c
@@ -177,9 +177,6 @@  static int __init anon_inode_init(void)
 {
 	int error;
 
-	error = register_filesystem(&anon_inode_fs_type);
-	if (error)
-		goto err_exit;
 	anon_inode_mnt = kern_mount(&anon_inode_fs_type);
 	if (IS_ERR(anon_inode_mnt)) {
 		error = PTR_ERR(anon_inode_mnt);