move_mount(2): take sanity checks in 'beneath' case into do_lock_mount()

[ Upstream commit d29da1a8f119130e6fc7d5d71029d402dabe2cb0 ]

We want to mount beneath the given location.  For that operation to
make sense, location must be the root of some mount that has something
under it.  Currently we let it proceed if those requirements are not met,
with rather meaningless results, and have that bogosity caught further
down the road; let's fail early instead - do_lock_mount() doesn't make
sense unless those conditions hold, and checking them there makes
things simpler.

Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/namespace.c b/fs/namespace.c
index c8c2376bb24245ba6746036f69a6be2ab8dc8328..fa7c034ac4a695040e66e5a9ed6ae86b4fdfc0ce 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2785,12 +2785,19 @@ static int do_lock_mount(struct path *path, struct pinned_mountpoint *pinned, bo
        struct path under = {};
        int err = -ENOENT;
 
+       if (unlikely(beneath) && !path_mounted(path))
+               return -EINVAL;
+
        for (;;) {
                struct mount *m = real_mount(mnt);
 
                if (beneath) {
                        path_put(&under);
                        read_seqlock_excl(&mount_lock);
+                       if (unlikely(!mnt_has_parent(m))) {
+                               read_sequnlock_excl(&mount_lock);
+                               return -EINVAL;
+                       }
                        under.mnt = mntget(&m->mnt_parent->mnt);
                        under.dentry = dget(m->mnt_mountpoint);
                        read_sequnlock_excl(&mount_lock);
@@ -3462,8 +3469,6 @@ static bool mount_is_ancestor(const struct mount *p1, const struct mount *p2)
  * @to:   mount under which to mount
  * @mp:   mountpoint of @to
  *
- * - Make sure that @to->dentry is actually the root of a mount under
- *   which we can mount another mount.
  * - Make sure that nothing can be mounted beneath the caller's current
  *   root or the rootfs of the namespace.
  * - Make sure that the caller can unmount the topmost mount ensuring
@@ -3485,12 +3490,6 @@ static int can_move_mount_beneath(const struct path *from,
                     *mnt_to = real_mount(to->mnt),
                     *parent_mnt_to = mnt_to->mnt_parent;
 
-       if (!mnt_has_parent(mnt_to))
-               return -EINVAL;
-
-       if (!path_mounted(to))
-               return -EINVAL;
-
        if (IS_MNT_LOCKED(mnt_to))
                return -EINVAL;