fs: fix a struct path leak in path_umount
Make sure we also put the dentry and vfsmnt in the illegal flags
and !may_umount cases.
Fixes: 41525f56e256 ("fs: refactor ksys_umount")
Reported-by: Vikas Kumar <vikas.kumar2@arm.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/fs/namespace.c b/fs/namespace.c
index a730179..1c74a46 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1706,34 +1706,38 @@ static inline bool may_mandlock(void)
}
#endif
-int path_umount(struct path *path, int flags)
+static int can_umount(const struct path *path, int flags)
{
- struct mount *mnt;
- int retval;
+ struct mount *mnt = real_mount(path->mnt);
if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW))
return -EINVAL;
if (!may_mount())
return -EPERM;
-
- mnt = real_mount(path->mnt);
- retval = -EINVAL;
if (path->dentry != path->mnt->mnt_root)
- goto dput_and_out;
+ return -EINVAL;
if (!check_mnt(mnt))
- goto dput_and_out;
+ return -EINVAL;
if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
- goto dput_and_out;
- retval = -EPERM;
+ return -EINVAL;
if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
- goto dput_and_out;
+ return -EPERM;
+ return 0;
+}
- retval = do_umount(mnt, flags);
-dput_and_out:
+int path_umount(struct path *path, int flags)
+{
+ struct mount *mnt = real_mount(path->mnt);
+ int ret;
+
+ ret = can_umount(path, flags);
+ if (!ret)
+ ret = do_umount(mnt, flags);
+
/* we mustn't call path_put() as that would clear mnt_expiry_mark */
dput(path->dentry);
mntput_no_expire(mnt);
- return retval;
+ return ret;
}
static int ksys_umount(char __user *name, int flags)