diff options
| author | Christian Brauner <brauner@kernel.org> | 2023-03-30 08:07:10 +0200 |
|---|---|---|
| committer | Christian Brauner <brauner@kernel.org> | 2023-03-30 08:07:10 +0200 |
| commit | 07cd4f128e718f9654235d59e9fdb97b6dfb748f (patch) | |
| tree | 5d43c4188c28df77d264af1f4e46e0274a0843cf | |
| parent | 0cf54bbe2834b25bb4d01ff976491599db92fffe (diff) | |
| download | idmapping-b4/vfs-mount_setattr-propagation-fix.tar.gz | |
fs: drop peer group ids under namespace lockb4/vfs-mount_setattr-propagation-fix
When cleaning up peer group ids in the failure path we need to make sure
to hold on to the namespace lock. Otherwise another thread might just
turn the mount into a from a shared into a non-shared mount
concurrently.
Reported-by: syzbot+8ac3859139c685c4f597@syzkaller.appspotmail.com
Link: https://lore.kernel.org/lkml/00000000000088694505f8132d77@google.com
Fixes: 2a1867219c7b ("fs: add mount_setattr()")
Cc: stable@vger.kernel.org # 5.12+
Signed-off-by: Christian Brauner <brauner@kernel.org>
| -rw-r--r-- | fs/namespace.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index bc0f15257b49c2..6836e937ee6138 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -4183,9 +4183,9 @@ out: unlock_mount_hash(); if (kattr->propagation) { - namespace_unlock(); if (err) cleanup_group_ids(mnt, NULL); + namespace_unlock(); } return err; |