ksys_umount was refactored to into split into another function (path_umount) to enable sharing code. This changed the order that flags and permissions are validated in, and made it so that user_path_at was called before validating flags and capabilities. Unfortunately, libfuse2[1] and libmount[2] rely on the old flag validation behaviour to determine whether or not the kernel supports UMOUNT_NOFOLLOW. The other path that this validation is being checked on is init_umount->path_umount->can_umount. That's all internal to the kernel. [1]: https://github.com/libfuse/libfuse/blob/9bfbeb576c5901b62a171d35510f0d1a922020b7/util/fusermount.c#L403 [2]: https://github.com/karelzak/util-linux/blob/7ed579523b556b1270f28dbdb7ee07dee310f157/libmount/src/context_umount.c#L813 Signed-off-by: Sargun Dhillon <sargun@xxxxxxxxx> Cc: Christoph Hellwig <hch@xxxxxx> Cc: stable@xxxxxxxxxxxxxxx Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: linux-fsdevel@xxxxxxxxxxxxxxx Fixes: 41525f56e256 ("fs: refactor ksys_umount") --- fs/namespace.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index cebaa3e81794..dc76f1cb89f4 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1710,10 +1710,6 @@ static int can_umount(const struct path *path, int flags) { struct mount *mnt = real_mount(path->mnt); - if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW)) - return -EINVAL; - if (!may_mount()) - return -EPERM; if (path->dentry != path->mnt->mnt_root) return -EINVAL; if (!check_mnt(mnt)) @@ -1746,6 +1742,12 @@ static int ksys_umount(char __user *name, int flags) struct path path; int ret; + if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW)) + return -EINVAL; + + if (!may_mount()) + return -EPERM; + if (!(flags & UMOUNT_NOFOLLOW)) lookup_flags |= LOOKUP_FOLLOW; ret = user_path_at(AT_FDCWD, name, lookup_flags, &path); -- 2.25.1
