On Thu, Mar 04, 2021 at 06:41:55PM +0100, Christian Brauner wrote:
Creating a series of detached mounts, attaching them to the filesystem, and unmounting them can be used to trigger an integer overflow in ns->mounts causing the kernel to block any new mounts in count_mounts() and returning ENOSPC because it falsely assumes that the maximum number of mounts in the mount namespace has been reached, i.e. it thinks it can't fit the new mounts into the mount namespace anymore.
Depending on the number of mounts in your system, this can be reproduced on any kernel that supportes open_tree() and move_mount() with the following instructions:
- Compile the following program "repro.c" via "make repro"
cat repro.c
Can you wire this up for xfstests?
The patch itself looks good:
Reviewed-by: Christoph Hellwig hch@lst.de