[PATCH review 0/7] Bind mount escape fixes
torvalds at linux-foundation.org
Sat Aug 15 19:48:34 UTC 2015
On Sat, Aug 15, 2015 at 12:36 PM, Linus Torvalds
<torvalds at linux-foundation.org> wrote:
> Can we really not validate ".." some clever way _without_ adding all
> those "mount escape" flags? And by "clever" I potentially mean "not
> clever" and in fact just fairly brute force. I'd almost prefer to just
> walk the parent chains all the way to the root and validate the ".."
> that way..
For example: while it's true that walking a logn chain of parents (to
validate that we hit root etc) would be expensive, I don't think we'd
necessarily need to do it for the common case.
For example, if out current "mnt->mnt_root" is a _real_ root (so
IS_ROOT() is true), then we know we're not in some possibly partial
bind mount, so we don't need to check anything else, and we can
happily move to the parent dentry *without* having to be particularly
Otherwise we might need to walk the dentry parent chain to check that
yes, we will hit that mnt->mnt_root" entry, and that we're not
possibly escaping the bind mount. But even that walk is "just"
following a chain of pointers. It's not *that* expensive.
I'd much rather make ".." more expensive, if it means that we don't
have to track the status of whether a mount has a potentially escaped
directory in it or not. Because I think we can avoid the costs for
traditional non-bind mounts.
More information about the Containers