do_move_mount(): fix an unsafe use of is_anon_ns()
What triggers it is a race between mount --move and umount -l of the source; we should reject it (the source is parentless *and* not the root of anon namespace at that), but the check for namespace being an anon one is broken in that case - is_anon_ns() needs ns to be non-NULL. Better fixed here than in is_anon_ns(), since the rest of the callers is guaranteed to get a non-NULL argument... Reported-by: syzbot+494c7ddf66acac0ad747@syzkaller.appspotmail.com Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
80f232121b
commit
05883eee85
|
@ -2599,7 +2599,7 @@ static int do_move_mount(struct path *old_path, struct path *new_path)
|
||||||
if (attached && !check_mnt(old))
|
if (attached && !check_mnt(old))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
if (!attached && !is_anon_ns(ns))
|
if (!attached && !(ns && is_anon_ns(ns)))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
if (old->mnt.mnt_flags & MNT_LOCKED)
|
if (old->mnt.mnt_flags & MNT_LOCKED)
|
||||||
|
|
Loading…
Reference in New Issue