proc: block mounting on top of /proc/<pid>/fd/*

brauner · brauner · commit 74ce208089f4 · 2024-08-30T08:22:13.000+02:00
Entries under /proc/<pid>/fd/* are ephemeral and may go away before the process dies. As such allowing them to be used as mount points creates the ability to leak mounts that linger until the process dies with no ability to unmount them until then. Don't allow using them as mountpoints. Link: https://lore.kernel.org/r/20240806-work-procfs-v1-5-fb04e1d09f0c@kernel.org Reviewed-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Christian Brauner <brauner@kernel.org>
diff --git a/fs/proc/fd.c b/fs/proc/fd.c
@@ -220,8 +220,8 @@ static struct dentry *proc_fd_instantiate(struct dentry *dentry,
 	ei->op.proc_get_link = proc_fd_link;
 	tid_fd_update_inode(task, inode, data->mode);
 
-	d_set_d_op(dentry, &tid_fd_dentry_operations);
-	return d_splice_alias(inode, dentry);
+	return proc_splice_unmountable(inode, dentry,
+				       &tid_fd_dentry_operations);
 }
 
 static struct dentry *proc_lookupfd_common(struct inode *dir,

Original file line number	Diff line number	Diff line change
`@@ -220,8 +220,8 @@ static struct dentry proc_fd_instantiate(struct dentry dentry,`
`220`	`220`	`ei->op.proc_get_link = proc_fd_link;`
`221`	`221`	`tid_fd_update_inode(task, inode, data->mode);`
`222`	`222`
`223`		`- d_set_d_op(dentry, &tid_fd_dentry_operations);`
`224`		`- return d_splice_alias(inode, dentry);`
	`223`	`+ return proc_splice_unmountable(inode, dentry,`
	`224`	`+ &tid_fd_dentry_operations);`
`225`	`225`	`}`
`226`	`226`
`227`	`227`	`static struct dentry proc_lookupfd_common(struct inode dir,`