fs: fix incorrect lflags value in the move_mount syscall

[ Upstream commit 593d9e4c3d634c370f226f55453c376bf43b3684 ]

The lflags value used to look up from_path was overwritten by the one used
to look up to_path.

In other words, from_path was looked up with the wrong lflags value. Fix it.

Fixes: f9fde814de37 ("fs: support getname_maybe_null() in move_mount()")
Signed-off-by: Yuntao Wang <yuntao.wang@linux.dev>
Link: https://lore.kernel.org/20250811052426.129188-1-yuntao.wang@linux.dev
[Christian Brauner <brauner@kernel.org>: massage patch]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/namespace.c b/fs/namespace.c
index ea724ad3d113e192c71e91caeac2ae2cdcc1bafe..49d0167114698330b8c8455744ce3e2aadda90be 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4657,20 +4657,10 @@ SYSCALL_DEFINE5(move_mount,
        if (flags & MOVE_MOUNT_SET_GROUP)       mflags |= MNT_TREE_PROPAGATION;
        if (flags & MOVE_MOUNT_BENEATH)         mflags |= MNT_TREE_BENEATH;
 
-       lflags = 0;
-       if (flags & MOVE_MOUNT_F_SYMLINKS)      lflags |= LOOKUP_FOLLOW;
-       if (flags & MOVE_MOUNT_F_AUTOMOUNTS)    lflags |= LOOKUP_AUTOMOUNT;
        uflags = 0;
-       if (flags & MOVE_MOUNT_F_EMPTY_PATH)    uflags = AT_EMPTY_PATH;
-       from_name = getname_maybe_null(from_pathname, uflags);
-       if (IS_ERR(from_name))
-               return PTR_ERR(from_name);
+       if (flags & MOVE_MOUNT_T_EMPTY_PATH)
+               uflags = AT_EMPTY_PATH;
 
-       lflags = 0;
-       if (flags & MOVE_MOUNT_T_SYMLINKS)      lflags |= LOOKUP_FOLLOW;
-       if (flags & MOVE_MOUNT_T_AUTOMOUNTS)    lflags |= LOOKUP_AUTOMOUNT;
-       uflags = 0;
-       if (flags & MOVE_MOUNT_T_EMPTY_PATH)    uflags = AT_EMPTY_PATH;
        to_name = getname_maybe_null(to_pathname, uflags);
        if (IS_ERR(to_name))
                return PTR_ERR(to_name);
@@ -4683,11 +4673,24 @@ SYSCALL_DEFINE5(move_mount,
                to_path = fd_file(f_to)->f_path;
                path_get(&to_path);
        } else {
+               lflags = 0;
+               if (flags & MOVE_MOUNT_T_SYMLINKS)
+                       lflags |= LOOKUP_FOLLOW;
+               if (flags & MOVE_MOUNT_T_AUTOMOUNTS)
+                       lflags |= LOOKUP_AUTOMOUNT;
                ret = filename_lookup(to_dfd, to_name, lflags, &to_path, NULL);
                if (ret)
                        return ret;
        }
 
+       uflags = 0;
+       if (flags & MOVE_MOUNT_F_EMPTY_PATH)
+               uflags = AT_EMPTY_PATH;
+
+       from_name = getname_maybe_null(from_pathname, uflags);
+       if (IS_ERR(from_name))
+               return PTR_ERR(from_name);
+
        if (!from_name && from_dfd >= 0) {
                CLASS(fd_raw, f_from)(from_dfd);
                if (fd_empty(f_from))
@@ -4696,6 +4699,11 @@ SYSCALL_DEFINE5(move_mount,
                return vfs_move_mount(&fd_file(f_from)->f_path, &to_path, mflags);
        }
 
+       lflags = 0;
+       if (flags & MOVE_MOUNT_F_SYMLINKS)
+               lflags |= LOOKUP_FOLLOW;
+       if (flags & MOVE_MOUNT_F_AUTOMOUNTS)
+               lflags |= LOOKUP_AUTOMOUNT;
        ret = filename_lookup(from_dfd, from_name, lflags, &from_path, NULL);
        if (ret)
                return ret;