From 212ca2b7388add1e0df78440a3280941959d90c3 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 8 Jun 2021 21:22:51 +0800 Subject: [PATCH] nfs_remount(): don't leak, don't ignore LSM options quietly mainline inclusion from mainline-v5.0-rc1 commit 6a0440e5b7562512c021aa1b5a706fcc545773db category: bugfix bugzilla: NA CVE: NA -------------------------------- * if mount(2) passes something like "context=foo" with MS_REMOUNT in flags (/sbin/mount.nfs will _not_ do that - you need to issue the syscall manually), you'll get leaked copies for LSM options. The reason is that instead of nfs_{alloc,free}_parsed_mount_data() nfs_remount() uses kzalloc/kfree, which lacks the needed cleanup. * selinux options are not changed on remount (as for any other fs), but in case of NFS the failure is quiet - they are not compared to what we used to have, with complaint in case of attempted changes. Trivially fixed by converting to use of security_sb_remount(). Reviewed-by: David Howells Signed-off-by: Al Viro Conflict: fs/nfs/super.c Signed-off-by: Zhang Xiaoxu Reviewed-by: Zhang Yi Signed-off-by: Yang Yingliang --- fs/nfs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/nfs/super.c b/fs/nfs/super.c index 5db7aceb4190..fe107348aabe 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -2272,7 +2272,7 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data) options->version <= 6)))) return 0; - data = kzalloc(sizeof(*data), GFP_KERNEL); + data = nfs_alloc_parsed_mount_data(); if (data == NULL) return -ENOMEM; @@ -2312,7 +2312,7 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data) /* compare new mount options with old ones */ error = nfs_compare_remount_data(nfss, data); out: - kfree(data); + nfs_free_parsed_mount_data(data); return error; } EXPORT_SYMBOL_GPL(nfs_remount); -- GitLab