From be1a16a0ae29a7c90081a657b64aa51cb1a65a27 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Tue, 5 Oct 2010 12:31:09 +0200 Subject: [PATCH] vfs: fix infinite loop caused by clone_mnt race If clone_mnt() happens while mnt_make_readonly() is running, the cloned mount might have MNT_WRITE_HOLD flag set, which results in mnt_want_write() spinning forever on this mount. Needs CAP_SYS_ADMIN to trigger deliberately and unlikely to happen accidentally. But if it does happen it can hang the machine. Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro --- fs/namespace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namespace.c b/fs/namespace.c index 7ca5182c0bed..8a415c9c5e55 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -595,7 +595,7 @@ static struct vfsmount *clone_mnt(struct vfsmount *old, struct dentry *root, goto out_free; } - mnt->mnt_flags = old->mnt_flags; + mnt->mnt_flags = old->mnt_flags & ~MNT_WRITE_HOLD; atomic_inc(&sb->s_active); mnt->mnt_sb = sb; mnt->mnt_root = dget(root); -- 2.20.1