propagate_one(): mnt_set_mountpoint() needs mount_lock
authorAl Viro <viro@zeniv.linux.org.uk>
Mon, 27 Apr 2020 14:26:22 +0000 (10:26 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 2 May 2020 06:48:44 +0000 (08:48 +0200)
commitdb66fd5fef687816276d6b08adf6728086fd3c9f
treec1340146407b90a53ef5549f117057e8073ab6d2
parentf9e41e4bbe61ad92139747b408163794992a544a
propagate_one(): mnt_set_mountpoint() needs mount_lock

commit b0d3869ce9eeacbb1bbd541909beeef4126426d5 upstream.

... to protect the modification of mp->m_count done by it.  Most of
the places that modify that thing also have namespace_lock held,
but not all of them can do so, so we really need mount_lock here.
Kudos to Piotr Krysiuk <piotras@gmail.com>, who'd spotted a related
bug in pivot_root(2) (fixed unnoticed in 5.3); search for other
similar turds has caught out this one.

Cc: stable@kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/pnode.c