Unverified Commit 593d9e4c authored by Yuntao Wang's avatar Yuntao Wang Committed by Christian Brauner
Browse files

fs: fix incorrect lflags value in the move_mount syscall 



The lflags value used to look up from_path was overwritten by the one used
to look up to_path.

In other words, from_path was looked up with the wrong lflags value. Fix it.

Fixes: f9fde814 ("fs: support getname_maybe_null() in move_mount()")
Signed-off-by: default avatarYuntao Wang <yuntao.wang@linux.dev>
Link: https://lore.kernel.org/20250811052426.129188-1-yuntao.wang@linux.dev


[Christian Brauner <brauner@kernel.org>: massage patch]
Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parent 2319f9d0

fs/namespace.c

+20 −12
Original line number Diff line number Diff line
@@ -4551,20 +4551,10 @@ SYSCALL_DEFINE5(move_mount, 
	if (flags & MOVE_MOUNT_SET_GROUP)	mflags |= MNT_TREE_PROPAGATION;

	if (flags & MOVE_MOUNT_BENEATH)		mflags |= MNT_TREE_BENEATH;



	lflags = 0;

	if (flags & MOVE_MOUNT_F_SYMLINKS)	lflags |= LOOKUP_FOLLOW;

	if (flags & MOVE_MOUNT_F_AUTOMOUNTS)	lflags |= LOOKUP_AUTOMOUNT;

	uflags = 0;

	if (flags & MOVE_MOUNT_F_EMPTY_PATH)	uflags = AT_EMPTY_PATH;

	from_name = getname_maybe_null(from_pathname, uflags);

	if (IS_ERR(from_name))

		return PTR_ERR(from_name);

	if (flags & MOVE_MOUNT_T_EMPTY_PATH)

		uflags = AT_EMPTY_PATH;



	lflags = 0;

	if (flags & MOVE_MOUNT_T_SYMLINKS)	lflags |= LOOKUP_FOLLOW;

	if (flags & MOVE_MOUNT_T_AUTOMOUNTS)	lflags |= LOOKUP_AUTOMOUNT;

	uflags = 0;

	if (flags & MOVE_MOUNT_T_EMPTY_PATH)	uflags = AT_EMPTY_PATH;

	to_name = getname_maybe_null(to_pathname, uflags);

	if (IS_ERR(to_name))

		return PTR_ERR(to_name);
@@ -4577,11 +4567,24 @@ SYSCALL_DEFINE5(move_mount, 
		to_path = fd_file(f_to)->f_path;

		path_get(&to_path);

	} else {

		lflags = 0;

		if (flags & MOVE_MOUNT_T_SYMLINKS)

			lflags |= LOOKUP_FOLLOW;

		if (flags & MOVE_MOUNT_T_AUTOMOUNTS)

			lflags |= LOOKUP_AUTOMOUNT;

		ret = filename_lookup(to_dfd, to_name, lflags, &to_path, NULL);

		if (ret)

			return ret;

	}



	uflags = 0;

	if (flags & MOVE_MOUNT_F_EMPTY_PATH)

		uflags = AT_EMPTY_PATH;



	from_name = getname_maybe_null(from_pathname, uflags);

	if (IS_ERR(from_name))

		return PTR_ERR(from_name);



	if (!from_name && from_dfd >= 0) {

		CLASS(fd_raw, f_from)(from_dfd);

		if (fd_empty(f_from))
@@ -4590,6 +4593,11 @@ SYSCALL_DEFINE5(move_mount, 
		return vfs_move_mount(&fd_file(f_from)->f_path, &to_path, mflags);

	}



	lflags = 0;

	if (flags & MOVE_MOUNT_F_SYMLINKS)

		lflags |= LOOKUP_FOLLOW;

	if (flags & MOVE_MOUNT_F_AUTOMOUNTS)

		lflags |= LOOKUP_AUTOMOUNT;

	ret = filename_lookup(from_dfd, from_name, lflags, &from_path, NULL);

	if (ret)

		return ret;