ksys_umount was refactored to into split into another function (path_umount) to enable sharing code. This changed the order that flags and permissions are validated in, and made it so that user_path_at was called before validating flags and capabilities.
Unfortunately, libfuse2[1] and libmount[2] rely on the old flag validation behaviour to determine whether or not the kernel supports UMOUNT_NOFOLLOW. The other path that this validation is being checked on is init_umount->path_umount->can_umount. That's all internal to the kernel.
[1]: https://github.com/libfuse/libfuse/blob/9bfbeb576c5901b62a171d35510f0d1a9220... [2]: https://github.com/karelzak/util-linux/blob/7ed579523b556b1270f28dbdb7ee07de...
Signed-off-by: Sargun Dhillon sargun@sargun.me Cc: Christoph Hellwig hch@lst.de Cc: stable@vger.kernel.org Cc: Alexander Viro viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org Fixes: 41525f56e256 ("fs: refactor ksys_umount") --- fs/namespace.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c index cebaa3e81794..dc76f1cb89f4 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1710,10 +1710,6 @@ static int can_umount(const struct path *path, int flags) { struct mount *mnt = real_mount(path->mnt);
- if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW)) - return -EINVAL; - if (!may_mount()) - return -EPERM; if (path->dentry != path->mnt->mnt_root) return -EINVAL; if (!check_mnt(mnt)) @@ -1746,6 +1742,12 @@ static int ksys_umount(char __user *name, int flags) struct path path; int ret;
+ if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW)) + return -EINVAL; + + if (!may_mount()) + return -EPERM; + if (!(flags & UMOUNT_NOFOLLOW)) lookup_flags |= LOOKUP_FOLLOW; ret = user_path_at(AT_FDCWD, name, lookup_flags, &path);