vfs: fsmount: add missing mntget()

sys_fsmount() needs to take a reference to the new mount when adding it to the anonymous mount namespace. Otherwise the filesystem can be unmounted while it's still in use, as found by syzkaller. Reported-by: Mark Rutland <[email protected]> Reported-by: [email protected] Reported-by: [email protected] Fixes: 93766fbd2696 ("vfs: syscall: Add fsmount() to create a mount for a superblock") Signed-off-by: Eric Biggers <[email protected]> Signed-off-by: Al Viro <[email protected]>
author: Eric Biggers <[email protected]> 2019-06-12 11:43:13 -0700
committer: Al Viro <[email protected]> 2019-06-17 17:36:07 -0400
commit: 1b0b9cc8d3793e31b313e6c9685513b08cd883c4 (patch)
tree: 35a629a4bfb4025cf8a49335d5d3d39dd0187d01
parent: 9e0babf2c06c73cda2c0cd37a1653d823adb40ec (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index b26778bdc236..5dc137a22d40 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3445,6 +3445,7 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
 	ns->root = mnt;
 	ns->mounts = 1;
 	list_add(&mnt->mnt_list, &ns->list);
+	mntget(newmount.mnt);
 
 	/* Attach to an apparent O_PATH fd with a note that we need to unmount
 	 * it, not just simply put it.
author	Eric Biggers <[email protected]>	2019-06-12 11:43:13 -0700
committer	Al Viro <[email protected]>	2019-06-17 17:36:07 -0400
commit	1b0b9cc8d3793e31b313e6c9685513b08cd883c4 (patch)
tree	35a629a4bfb4025cf8a49335d5d3d39dd0187d01
parent	9e0babf2c06c73cda2c0cd37a1653d823adb40ec (diff)