ANDROID: mnt: Fix null pointer dereference

Fix "ANDROID: mnt: Add filesystem private data to mount points" to only call update_mnt_data() if the filesystem provides the function. This avoids a null pointer dereference in do_mount(). Reported-by: youling 257 <youling257@gmail.com> Signed-off-by: Alistair Delva <adelva@google.com> Signed-off-by: Daniel Rosenberg <drosen@google.com> Change-Id: I6aedaa89536ae85e6bc29093f38934c672c8fe42
2026-06-06 10:58:48 +09:00 · 2019-07-22 14:29:35 -07:00
parent f04767b9fa
commit cbfbd9e932
1 changed files with 7 additions and 3 deletions
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -956,9 +956,11 @@ static struct mount *skip_mnt_tree(struct mount *p)
 struct vfsmount *vfs_create_mount(struct fs_context *fc)
 {
 	struct mount *mnt;
+	struct super_block *sb;

 	if (!fc->root)
 		return ERR_PTR(-EINVAL);
+	sb = fc->root->d_sb;

 	mnt = alloc_vfsmnt(fc->source ?: "none");
 	if (!mnt)
@@ -971,7 +973,8 @@ struct vfsmount *vfs_create_mount(struct fs_context *fc)
 			free_vfsmnt(mnt);
 			return ERR_PTR(-ENOMEM);
 		}
-		fc->root->d_sb->s_op->update_mnt_data(mnt->mnt.data, fc);
+		if (sb->s_op->update_mnt_data)
+			sb->s_op->update_mnt_data(mnt->mnt.data, fc);
 	}
 	if (fc->sb_flags & SB_KERNMOUNT)
 		mnt->mnt.mnt_flags = MNT_INTERNAL;
@@ -2550,7 +2553,7 @@ static int do_remount(struct path *path, int ms_flags, int sb_flags,
 		err = -EPERM;
 		if (ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) {
 			err = reconfigure_super(fc);
-			if (!err) {
+			if (!err && sb->s_op->update_mnt_data) {
 				sb->s_op->update_mnt_data(mnt->mnt.data, fc);
 				set_mount_attributes(mnt, mnt_flags);
 				namespace_lock();
@@ -2558,7 +2561,8 @@ static int do_remount(struct path *path, int ms_flags, int sb_flags,
 				propagate_remount(mnt);
 				unlock_mount_hash();
 				namespace_unlock();
-			}
+			} else if (!err)
+				set_mount_attributes(mnt, mnt_flags);
 		}
 		up_write(&sb->s_umount);
 	}