UBUNTU: SAUCE: proc: prevent stacking filesystems on top

BugLink: http://bugs.launchpad.net/bugs/1588871

This prevents stacking filesystems (ecryptfs and overlayfs)
from using procfs as lower filesystem. There is too much magic
going on inside procfs, and there is no good reason to stack
stuff on top of procfs.

(For example, procfs does access checks in VFS open handlers,
and ecryptfs by design calls open handlers from a kernel
thread that doesn't drop privileges or so.)
Signed-off-by: Jann Horn <jannh@google.com>
Cc: stable@vger.kernel.org
CVE-2016-1583
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Luis Henriques <luis.henriques@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>

fs/proc/root.c

@@ -122,6 +122,13 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
 	if (IS_ERR(sb))
 		return ERR_CAST(sb);
 
+	/*
+	 * procfs isn't actually a stacking filesystem; however, there is
+	 * too much magic going on inside it to permit stacking things on
+	 * top of it
+	 */
+	sb->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH;
+
 	if (!proc_parse_options(options, ns)) {
 		deactivate_locked_super(sb);
 		return ERR_PTR(-EINVAL);