On Thu, Mar 04, 2021 at 06:41:55PM +0100, Christian Brauner wrote: > Creating a series of detached mounts, attaching them to the filesystem, > and unmounting them can be used to trigger an integer overflow in > ns->mounts causing the kernel to block any new mounts in count_mounts() > and returning ENOSPC because it falsely assumes that the maximum number > of mounts in the mount namespace has been reached, i.e. it thinks it > can't fit the new mounts into the mount namespace anymore. > > Depending on the number of mounts in your system, this can be reproduced > on any kernel that supportes open_tree() and move_mount() with the > following instructions: > > 1. Compile the following program "repro.c" via "make repro" > > cat repro.c Can you wire this up for xfstests? The patch itself looks good: Reviewed-by: Christoph Hellwig <hch@xxxxxx>
