do_change_type(): refuse to operate on unmounted/not ours mounts

Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2). Reviewed-by: Christian Brauner <brauner@kernel.org> Fixes: 07b20889e305 ("beginning of the shared-subtree proper") Reported-by: "Orlando, Noah" <Noah.Orlando@deshaw.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2025-06-04 12:27:08 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2025-06-07 01:37:56 -0400
commit: 12f147ddd6de7382dad54812e65f3f08d05809fc (patch)
tree: f80b09accd93e5e61c8bb63b8c59be1dbc3ac1bd
parent: c28f922c9dcee0e4876a2c095939d77fe7e15116 (diff)
download: linux-12f147ddd6de7382dad54812e65f3f08d05809fc.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 1c54c16c7babeb..2721d64ecfdf1c 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2959,6 +2959,10 @@ static int do_change_type(struct path *path, int ms_flags)
 		return -EINVAL;
 
 	namespace_lock();
+	if (!check_mnt(mnt)) {
+		err = -EINVAL;
+		goto out_unlock;
+	}
 	if (type == MS_SHARED) {
 		err = invent_group_ids(mnt, recurse);
 		if (err)
author	Al Viro <viro@zeniv.linux.org.uk>	2025-06-04 12:27:08 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2025-06-07 01:37:56 -0400
commit	12f147ddd6de7382dad54812e65f3f08d05809fc (patch)
tree	f80b09accd93e5e61c8bb63b8c59be1dbc3ac1bd
parent	c28f922c9dcee0e4876a2c095939d77fe7e15116 (diff)
download	linux-12f147ddd6de7382dad54812e65f3f08d05809fc.tar.gz