Unverified Commit cb2239c1 authored Mar 30, 2023 by Christian Brauner

fs: drop peer group ids under namespace lock

When cleaning up peer group ids in the failure path we need to make sure
to hold on to the namespace lock. Otherwise another thread might just
turn the mount from a shared into a non-shared mount concurrently.

Link: https://lore.kernel.org/lkml/00000000000088694505f8132d77@google.com

Fixes: 2a186721 ("fs: add mount_setattr()")
Reported-by: <syzbot+8ac3859139c685c4f597@syzkaller.appspotmail.com>
Cc: stable@vger.kernel.org # 5.12+
Message-Id: <20230330-vfs-mount_setattr-propagation-fix-v1-1-37548d91533b@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>

parent 197b6b60

fs/namespace.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -4183,9 +4183,9 @@ static int do_mount_setattr(struct path path, struct mount_kattr kattr)
		unlock_mount_hash();

		if (kattr->propagation) {
		namespace_unlock();
		if (err)
		cleanup_group_ids(mnt, NULL);
		namespace_unlock();
		}

		return err;