summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2019-06-12 11:43:13 -0700
committerAl Viro <viro@zeniv.linux.org.uk>2019-06-17 17:36:07 -0400
commit1b0b9cc8d3793e31b313e6c9685513b08cd883c4 (patch)
tree35a629a4bfb4025cf8a49335d5d3d39dd0187d01 /fs
parent9e0babf2c06c73cda2c0cd37a1653d823adb40ec (diff)
vfs: fsmount: add missing mntget()
sys_fsmount() needs to take a reference to the new mount when adding it to the anonymous mount namespace. Otherwise the filesystem can be unmounted while it's still in use, as found by syzkaller. Reported-by: Mark Rutland <mark.rutland@arm.com> Reported-by: syzbot+99de05d099a170867f22@syzkaller.appspotmail.com Reported-by: syzbot+7008b8b8ba7df475fdc8@syzkaller.appspotmail.com Fixes: 93766fbd2696 ("vfs: syscall: Add fsmount() to create a mount for a superblock") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r--fs/namespace.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index b26778bdc236..5dc137a22d40 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3445,6 +3445,7 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
ns->root = mnt;
ns->mounts = 1;
list_add(&mnt->mnt_list, &ns->list);
+ mntget(newmount.mnt);
/* Attach to an apparent O_PATH fd with a note that we need to unmount
* it, not just simply put it.