From cbfbd9e932dec85e9b30550b79d3b1ba040ce1d5 Mon Sep 17 00:00:00 2001 From: Alistair Delva Date: Mon, 22 Jul 2019 14:29:35 -0700 Subject: [PATCH] ANDROID: mnt: Fix null pointer dereference Fix "ANDROID: mnt: Add filesystem private data to mount points" to only call update_mnt_data() if the filesystem provides the function. This avoids a null pointer dereference in do_mount(). Reported-by: youling 257 Signed-off-by: Alistair Delva Signed-off-by: Daniel Rosenberg Change-Id: I6aedaa89536ae85e6bc29093f38934c672c8fe42 --- fs/namespace.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 8ae0f75599da..a49bfa1314de 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -956,9 +956,11 @@ static struct mount *skip_mnt_tree(struct mount *p) struct vfsmount *vfs_create_mount(struct fs_context *fc) { struct mount *mnt; + struct super_block *sb; if (!fc->root) return ERR_PTR(-EINVAL); + sb = fc->root->d_sb; mnt = alloc_vfsmnt(fc->source ?: "none"); if (!mnt) @@ -971,7 +973,8 @@ struct vfsmount *vfs_create_mount(struct fs_context *fc) free_vfsmnt(mnt); return ERR_PTR(-ENOMEM); } - fc->root->d_sb->s_op->update_mnt_data(mnt->mnt.data, fc); + if (sb->s_op->update_mnt_data) + sb->s_op->update_mnt_data(mnt->mnt.data, fc); } if (fc->sb_flags & SB_KERNMOUNT) mnt->mnt.mnt_flags = MNT_INTERNAL; @@ -2550,7 +2553,7 @@ static int do_remount(struct path *path, int ms_flags, int sb_flags, err = -EPERM; if (ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) { err = reconfigure_super(fc); - if (!err) { + if (!err && sb->s_op->update_mnt_data) { sb->s_op->update_mnt_data(mnt->mnt.data, fc); set_mount_attributes(mnt, mnt_flags); namespace_lock(); @@ -2558,7 +2561,8 @@ static int do_remount(struct path *path, int ms_flags, int sb_flags, propagate_remount(mnt); unlock_mount_hash(); namespace_unlock(); - } + } else if (!err) + set_mount_attributes(mnt, mnt_flags); } up_write(&sb->s_umount); }