git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Al Viro <viro@zeniv.linux.org.uk>
	Sun, 1 Jun 2025 18:02:26 +0000 (14:02 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 19 Jun 2025 13:32:21 +0000 (15:32 +0200)
commit	1d792307191cdfdb6130debbd3ee6981941a6a17
tree	3bd5d19a38002baf6ba11997eebdb3a72c7acca8	tree \| snapshot
parent	1be1f3b8487caf1271d9c3bcc03332cd183b35c0	commit \| diff

path_overmount(): avoid false negatives

[ Upstream commit 5f31c549382bcddbbd754c72c5433b19420d485d ]

Holding namespace_sem is enough to make sure that result remains valid.
It is *not* enough to avoid false negatives from __lookup_mnt(). Mounts
can be unhashed outside of namespace_sem (stuck children getting detached
on final mntput() of lazy-umounted mount) and having an unrelated mount
removed from the hash chain while we traverse it may end up with false
negative from __lookup_mnt(). We need to sample and recheck the seqlock
component of mount_lock...

Bug predates the introduction of path_overmount() - it had come from
the code in finish_automount() that got abstracted into that helper.

Reviewed-by: Christian Brauner <brauner@kernel.org>
Fixes: 26df6034fdb2 ("fix automount/automount race properly")
Fixes: 6ac392815628 ("fs: allow to mount beneath top mount")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>