tjh.dev
+5
-2
fs/namespace.c
+5
-2
fs/namespace.c
···
1713
1713
{
1714
1714
struct mount *mnt = real_mount(path->mnt);
1715
1715
1716
-
if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW))
1717
-
return -EINVAL;
1718
1716
if (!may_mount())
1719
1717
return -EPERM;
1720
1718
if (path->dentry != path->mnt->mnt_root)
···
1726
1728
return 0;
1727
1729
}
1728
1730
1731
+
// caller is responsible for flags being sane
1729
1732
int path_umount(struct path *path, int flags)
1730
1733
{
1731
1734
struct mount *mnt = real_mount(path->mnt);
···
1747
1748
int lookup_flags = LOOKUP_MOUNTPOINT;
1748
1749
struct path path;
1749
1750
int ret;
1751
+
1752
+
// basic validity checks done first
1753
+
if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW))
1754
+
return -EINVAL;
1750
1755
1751
1756
if (!(flags & UMOUNT_NOFOLLOW))
1752
1757
lookup_flags |= LOOKUP_FOLLOW;
+1
-1
lib/iov_iter.c
+1
-1
lib/iov_iter.c
+5
-2
security/lsm_audit.c
+5
-2
security/lsm_audit.c
···
275
275
struct inode *inode;
276
276
277
277
audit_log_format(ab, " name=");
278
+
spin_lock(&a->u.dentry->d_lock);
278
279
audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
280
+
spin_unlock(&a->u.dentry->d_lock);
279
281
280
282
inode = d_backing_inode(a->u.dentry);
281
283
if (inode) {
···
295
293
dentry = d_find_alias(inode);
296
294
if (dentry) {
297
295
audit_log_format(ab, " name=");
298
-
audit_log_untrustedstring(ab,
299
-
dentry->d_name.name);
296
+
spin_lock(&dentry->d_lock);
297
+
audit_log_untrustedstring(ab, dentry->d_name.name);
298
+
spin_unlock(&dentry->d_lock);
300
299
dput(dentry);
301
300
}
302
301
audit_log_format(ab, " dev=");