do_change_type(): refuse to operate on unmounted/not ours mounts

[ Upstream commit 12f147ddd6de7382dad54812e65f3f08d05809fc ]

Ensure that propagation settings can only be changed for mounts located
in the caller's mount namespace. This change aligns permission checking
with the rest of mount(2).

Reviewed-by: Christian Brauner <brauner@kernel.org>
Fixes: 07b20889e305 ("beginning of the shared-subtree proper")
Reported-by: "Orlando, Noah" <Noah.Orlando@deshaw.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/namespace.c b/fs/namespace.c
index 1022a5af691d69878865e7f130ad1bf42a6d70bb..843bc6191f30b490f05ef4fe7c6cc8c0a1baa492 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2714,6 +2714,10 @@ static int do_change_type(struct path *path, int ms_flags)
                return -EINVAL;
 
        namespace_lock();
+       if (!check_mnt(mnt)) {
+               err = -EINVAL;
+               goto out_unlock;
+       }
        if (type == MS_SHARED) {
                err = invent_group_ids(mnt, recurse);
                if (err)