summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorMiklos Szeredi <miklos@szeredi.hu>2005-09-07 00:19:36 +0200
committerLinus Torvalds <torvalds@g5.osdl.org>2005-09-08 01:58:01 +0200
commit0bb6fcc13ae4fad98e0d610458975e47be0d2203 (patch)
tree1d0fd24ce8d49c139b0b01c5ce59f073d3ae20a9 /fs
parent[PATCH] kprobes: fix bug when probed on task and isr functions (diff)
downloadlinux-0bb6fcc13ae4fad98e0d610458975e47be0d2203.tar.xz
linux-0bb6fcc13ae4fad98e0d610458975e47be0d2203.zip
[PATCH] pivot_root() circular reference fix
Fix http://bugzilla.kernel.org/show_bug.cgi?id=4857 When pivot_root is called from an init script in an initramfs environment, it causes a circular reference in the mount tree. The cause of this is that pivot_root() is not prepared to handle pivoting an unattached mount. In an initramfs environment, rootfs is the root of the namespace, and so it is not attached. This patch fixes this and related problems, by returning -EINVAL if either the current root or the new root is detached. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> Acked-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Cc: <bigfish@asmallpond.org> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/namespace.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 29b70669435c..34156260c9b6 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1334,8 +1334,12 @@ asmlinkage long sys_pivot_root(const char __user *new_root, const char __user *p
error = -EINVAL;
if (user_nd.mnt->mnt_root != user_nd.dentry)
goto out2; /* not a mountpoint */
+ if (user_nd.mnt->mnt_parent == user_nd.mnt)
+ goto out2; /* not attached */
if (new_nd.mnt->mnt_root != new_nd.dentry)
goto out2; /* not a mountpoint */
+ if (new_nd.mnt->mnt_parent == new_nd.mnt)
+ goto out2; /* not attached */
tmp = old_nd.mnt; /* make sure we can reach put_old from new_root */
spin_lock(&vfsmount_lock);
if (tmp != new_nd.mnt) {