[CRIU] [PATCH 2/2] mnt: Fix validation of dumpable mountpoints

Andrew Vagin avagin at parallels.com
Wed Jun 4 06:24:01 PDT 2014 

On Fri, May 30, 2014 at 05:57:55PM +0400, Pavel Emelyanov wrote:
> This patch consists of 3 unsplittable (from my POV) fixes.
> 
> 1. Remove messy check from dump_one_mountpoint() -- we have
>    validate_mounts to check whether we can dump the tree
>    or not.
> 
> 2. Other than being in the wron place the mentioned check
>    is wrong. Comparing of the length of the mp->source-s
>    makes no sense -- it should be mp->root, but even this
>    would be wrong...
>    
> 3. ... instead, we should check for bind mount root path
>    being accessible from the target mount root path, i.e.
>    the bind->root should start with src->root.
> 
> Signed-off-by: Pavel Emelyanov <xemul at parallels.com>
>

Acked-by: Andrew Vagin <avagin at parallels.com>
 
> ---
>  mount.c | 42 +++++++++++++++++++++++-------------------
>  1 file changed, 23 insertions(+), 19 deletions(-)
> 
> diff --git a/mount.c b/mount.c
> index 33dc590..11ca8cf 100644
> --- a/mount.c
> +++ b/mount.c
> @@ -313,7 +313,7 @@ static int validate_mounts(struct mount_info *info, bool call_plugins)
>  	struct mount_info *m, *t;
>  
>  	for (m = info; m; m = m->next) {
> -		if (m->parent == NULL)
> +		if (m->parent == NULL || m->is_ns_root)
>  			/* root mount can be any */
>  			continue;
>  
> @@ -337,11 +337,31 @@ static int validate_mounts(struct mount_info *info, bool call_plugins)
>  			}
>  		}
>  
> -		if (!fsroot_mounted(m)) {
> +		/*
> +		 * Mountpoint can point to / of an FS. In that case this FS
> +		 * should be of some known type so that we can just mount one.
> +		 *
> +		 * Otherwise it's a bindmount mountpoint and we try to find
> +		 * what fsroot mountpoint it's bound to. If this point is the
> +		 * root mount, the path to bindmount root should be accessible
> +		 * form the rootmount path (the strstartswith check in the
> +		 * else branch below).
> +		 */
> +
> +		if (fsroot_mounted(m)) {
> +			if (m->fstype->code == FSTYPE__UNSUPPORTED) {
> +				pr_err("FS mnt %s dev %#x root %s unsupported id %x\n",
> +						m->mountpoint, m->s_dev, m->root, m->mnt_id);
> +				return -1;
> +			}
> +		} else {
>  			list_for_each_entry(t, &m->mnt_bind, mnt_bind) {
> -				if (fsroot_mounted(t) || t->parent == NULL)
> +				if (fsroot_mounted(t) ||
> +						(t->parent == NULL &&
> +						 strstartswith(m->root, t->root)))
>  					break;
>  			}
> +
>  			if (&t->mnt_bind == &m->mnt_bind) {
>  				int ret;
>  
> @@ -772,22 +792,6 @@ static int dump_one_mountpoint(struct mount_info *pm, int fd)
>  			pm->root, pm->mountpoint);
>  
>  	me.fstype		= pm->fstype->code;
> -	if ((me.fstype == FSTYPE__UNSUPPORTED) && !is_root_mount(pm)) {
> -		struct mount_info *t;
> -
> -		/* Is it a bind-mount of the root mount */
> -		list_for_each_entry(t, &pm->mnt_bind, mnt_bind)
> -			if (t->parent == NULL)
> -				break;
> -
> -		if (&t->mnt_bind == &pm->mnt_bind ||
> -		    strlen(t->source) > strlen(pm->source)) {
> -			pr_err("FS mnt %s dev %#x root %s unsupported\n",
> -					pm->mountpoint, pm->s_dev, pm->root);
> -			return -1;
> -		}
> -	}
> -
>  	if (!pm->need_plugin && pm->fstype->dump && pm->fstype->dump(pm))
>  		return -1;
>  
> -- 
> 1.8.4.2
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu

More information about the CRIU mailing list