From: Herbert Poetzl proc_check_chroot() does the check in a very unintuitive way (keeping a copy of the argument, then modifying the argument), and has uncommented sideeffects. Signed-off-by: Herbert Poetzl Signed-off-by: Andrew Morton --- fs/proc/base.c | 13 ++++++++----- 1 files changed, 8 insertions(+), 5 deletions(-) diff -puN fs/proc/base.c~trivial-cleanup-to-proc_check_chroot fs/proc/base.c --- devel/fs/proc/base.c~trivial-cleanup-to-proc_check_chroot 2006-02-27 20:58:54.000000000 -0800 +++ devel-akpm/fs/proc/base.c 2006-02-27 20:58:54.000000000 -0800 @@ -534,12 +534,15 @@ static int proc_oom_score(struct task_st /* If the process being read is separated by chroot from the reading process, * don't let the reader access the threads. + * + * note: this does dput(root) and mntput(vfsmnt) on exit. */ static int proc_check_chroot(struct dentry *root, struct vfsmount *vfsmnt) { struct dentry *de, *base; struct vfsmount *our_vfsmnt, *mnt; int res = 0; + read_lock(¤t->fs->lock); our_vfsmnt = mntget(current->fs->rootmnt); base = dget(current->fs->root); @@ -549,11 +552,11 @@ static int proc_check_chroot(struct dent de = root; mnt = vfsmnt; - while (vfsmnt != our_vfsmnt) { - if (vfsmnt == vfsmnt->mnt_parent) + while (mnt != our_vfsmnt) { + if (mnt == mnt->mnt_parent) goto out; - de = vfsmnt->mnt_mountpoint; - vfsmnt = vfsmnt->mnt_parent; + de = mnt->mnt_mountpoint; + mnt = mnt->mnt_parent; } if (!is_subdir(de, base)) @@ -564,7 +567,7 @@ exit: dput(base); mntput(our_vfsmnt); dput(root); - mntput(mnt); + mntput(vfsmnt); return res; out: spin_unlock(&vfsmount_lock); _