userns and mnt_idmap leak in open_tree_attr(2)
[ Upstream commit0748e553df] Once want_mount_setattr() has returned a positive, it does require finish_mount_kattr() to release ->mnt_userns. Failing do_mount_setattr() does not change that. As the result, we can end up leaking userns and possibly mnt_idmap as well. Fixes:c4a16820d9("fs: add open_tree_attr()") Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Al Viro
committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
parent
d01042e318
commit
142db4e761
@@ -5307,16 +5307,12 @@ SYSCALL_DEFINE5(open_tree_attr, int, dfd, const char __user *, filename,
|
||||
kattr.kflags |= MOUNT_KATTR_RECURSE;
|
||||
|
||||
ret = wants_mount_setattr(uattr, usize, &kattr);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
if (ret) {
|
||||
if (ret > 0) {
|
||||
ret = do_mount_setattr(&file->f_path, &kattr);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
finish_mount_kattr(&kattr);
|
||||
}
|
||||
if (ret)
|
||||
return ret;
|
||||
}
|
||||
|
||||
fd = get_unused_fd_flags(flags & O_CLOEXEC);
|
||||
|
||||
Reference in New Issue
Block a user