From: Miklos Szeredi Date: Tue, 5 Oct 2010 10:31:09 +0000 (+0200) Subject: vfs: fix infinite loop caused by clone_mnt race X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=be1a16a0ae29a7c90081a657b64aa51cb1a65a27;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git vfs: fix infinite loop caused by clone_mnt race If clone_mnt() happens while mnt_make_readonly() is running, the cloned mount might have MNT_WRITE_HOLD flag set, which results in mnt_want_write() spinning forever on this mount. Needs CAP_SYS_ADMIN to trigger deliberately and unlikely to happen accidentally. But if it does happen it can hang the machine. Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro --- diff --git a/fs/namespace.c b/fs/namespace.c index 7ca5182c0bed..8a415c9c5e55 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -595,7 +595,7 @@ static struct vfsmount *clone_mnt(struct vfsmount *old, struct dentry *root, goto out_free; } - mnt->mnt_flags = old->mnt_flags; + mnt->mnt_flags = old->mnt_flags & ~MNT_WRITE_HOLD; atomic_inc(&sb->s_active); mnt->mnt_sb = sb; mnt->mnt_root = dget(root);