From: Al Viro <viro@zeniv.linux.org.uk>
Date: Wed, 4 Jun 2025 16:27:08 +0000 (-0400)
Subject: do_change_type(): refuse to operate on unmounted/not ours mounts
X-Git-Tag: v6.12.34~116
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23;p=thirdparty%2Fkernel%2Fstable.git

do_change_type(): refuse to operate on unmounted/not ours mounts

[ Upstream commit 12f147ddd6de7382dad54812e65f3f08d05809fc ]

Ensure that propagation settings can only be changed for mounts located
in the caller's mount namespace. This change aligns permission checking
with the rest of mount(2).

Reviewed-by: Christian Brauner <brauner@kernel.org>
Fixes: 07b20889e305 ("beginning of the shared-subtree proper")
Reported-by: "Orlando, Noah" <Noah.Orlando@deshaw.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/fs/namespace.c b/fs/namespace.c
index 1022a5af691d6..843bc6191f30b 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2714,6 +2714,10 @@ static int do_change_type(struct path *path, int ms_flags)
 		return -EINVAL;
 
 	namespace_lock();
+	if (!check_mnt(mnt)) {
+		err = -EINVAL;
+		goto out_unlock;
+	}
 	if (type == MS_SHARED) {
 		err = invent_group_ids(mnt, recurse);
 		if (err)