[CRIU] [PATCH 37/37] mount: prevent dumping nested mount namespace without mnt_id in fdinfo

[Andrey Vagin]

When we don't know mnt_id, we don't know to which namespace a file
belongs.

Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 cr-check.c           | 2 +-
 include/proc_parse.h | 2 ++
 mount.c              | 9 ++++++++-
 namespaces.c         | 1 +
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/cr-check.c b/cr-check.c
index 2103659..333d593 100644
--- a/cr-check.c
+++ b/cr-check.c
@@ -249,7 +249,7 @@ static int check_one_sfd(union fdinfo_entries *e, void *arg)
 	return 0;
 }
 
-static int check_mnt_id(void)
+int check_mnt_id(void)
 {
 	struct fdinfo_common fdinfo = { .mnt_id = -1 };
 	int ret;
diff --git a/include/proc_parse.h b/include/proc_parse.h
index d57ea27..a1dfd7a 100644
--- a/include/proc_parse.h
+++ b/include/proc_parse.h
@@ -176,4 +176,6 @@ extern int parse_file_locks(void);
 struct pid;
 extern int parse_threads(int pid, struct pid **_t, int *_n);
 
+extern int check_mnt_id(void);
+
 #endif /* __CR_PROC_PARSE_H__ */
diff --git a/mount.c b/mount.c
index e3f0a59..5ae204b 100644
--- a/mount.c
+++ b/mount.c
@@ -1879,7 +1879,7 @@ err:
 int dump_mnt_namespaces(void)
 {
 	struct ns_id *ns;
-	int ret = 0;
+	int ret = 0, n = 0;
 
 	for (ns = ns_ids; ns; ns = ns->next) {
 		/* Skip current namespaces, which are in the list too  */
@@ -1894,6 +1894,13 @@ int dump_mnt_namespaces(void)
 		if (!(ns->nd->cflag & CLONE_NEWNS))
 			continue;
 
+		n++;
+
+		if (n == 2 && check_mnt_id()) {
+			pr_err("Nested mount namespaces are not supported "
+				"without mnt_id in fdinfo\n");
+			return -1;
+		}
 		pr_info("Dump MNT namespace (mountpoints) %d via %d\n",
 				ns->id, ns->pid);
 		ret = dump_mnt_ns(ns);
diff --git a/namespaces.c b/namespaces.c
index c335765..5d317b4 100644
--- a/namespaces.c
+++ b/namespaces.c
@@ -11,6 +11,7 @@
 #include "mount.h"
 #include "pstree.h"
 #include "namespaces.h"
+#include "proc_parse.h"
 #include "net.h"
 
 #include "protobuf.h"
-- 
1.8.5.3