summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2020-08-07 21:03:25 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2020-08-07 21:03:25 -0700
commitd57b2b5bc4301f37d1b07e3351d575bd634c7300 (patch)
treedf66f74a8c060b9a2c699e40615915af01aec03f /fs
parent049eb096da48db0421dd5e358b9b082a1a8a2025 (diff)
parent25ccd24ffd9119c452d711efa2604a7a0c35956e (diff)
Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull mount leak fix from Al Viro: "Regression fix for the syscalls-for-init series - fix a leak of a 'struct path'" * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fs: fix a struct path leak in path_umount
Diffstat (limited to 'fs')
-rw-r--r--fs/namespace.c32
1 files changed, 18 insertions, 14 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 016553d0f925..bae0e95b3713 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1706,34 +1706,38 @@ static inline bool may_mandlock(void)
}
#endif
-int path_umount(struct path *path, int flags)
+static int can_umount(const struct path *path, int flags)
{
- struct mount *mnt;
- int retval;
+ struct mount *mnt = real_mount(path->mnt);
if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW))
return -EINVAL;
if (!may_mount())
return -EPERM;
-
- mnt = real_mount(path->mnt);
- retval = -EINVAL;
if (path->dentry != path->mnt->mnt_root)
- goto dput_and_out;
+ return -EINVAL;
if (!check_mnt(mnt))
- goto dput_and_out;
+ return -EINVAL;
if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
- goto dput_and_out;
- retval = -EPERM;
+ return -EINVAL;
if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
- goto dput_and_out;
+ return -EPERM;
+ return 0;
+}
+
+int path_umount(struct path *path, int flags)
+{
+ struct mount *mnt = real_mount(path->mnt);
+ int ret;
+
+ ret = can_umount(path, flags);
+ if (!ret)
+ ret = do_umount(mnt, flags);
- retval = do_umount(mnt, flags);
-dput_and_out:
/* we mustn't call path_put() as that would clear mnt_expiry_mark */
dput(path->dentry);
mntput_no_expire(mnt);
- return retval;
+ return ret;
}
static int ksys_umount(char __user *name, int flags)