summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2019-06-12 20:43:13 +0200
committerAl Viro <viro@zeniv.linux.org.uk>2019-06-17 23:36:07 +0200
commit1b0b9cc8d3793e31b313e6c9685513b08cd883c4 (patch)
tree35a629a4bfb4025cf8a49335d5d3d39dd0187d01
parentLinux 5.2-rc5 (diff)
downloadlinux-1b0b9cc8d3793e31b313e6c9685513b08cd883c4.tar.xz
linux-1b0b9cc8d3793e31b313e6c9685513b08cd883c4.zip
vfs: fsmount: add missing mntget()
sys_fsmount() needs to take a reference to the new mount when adding it to the anonymous mount namespace. Otherwise the filesystem can be unmounted while it's still in use, as found by syzkaller. Reported-by: Mark Rutland <mark.rutland@arm.com> Reported-by: syzbot+99de05d099a170867f22@syzkaller.appspotmail.com Reported-by: syzbot+7008b8b8ba7df475fdc8@syzkaller.appspotmail.com Fixes: 93766fbd2696 ("vfs: syscall: Add fsmount() to create a mount for a superblock") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--fs/namespace.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index b26778bdc236..5dc137a22d40 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3445,6 +3445,7 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
ns->root = mnt;
ns->mounts = 1;
list_add(&mnt->mnt_list, &ns->list);
+ mntget(newmount.mnt);
/* Attach to an apparent O_PATH fd with a note that we need to unmount
* it, not just simply put it.