[PATCH] make new mount API honour SB_NOUSER (was Re: [PATCH] block: Avoid mounting the bdev pseudo-filesystem in userspace)

Next message: Hillf Danton: "Re: [PATCH v3] loop: Fix NULL pointer dereference in lo_rw_aio()"
Previous message: Li Jun: "[PATCH v3] ASoC: loongson: Fix invalid position error in ls_pcm_pointer"
In reply to: Al Viro: "Re: [PATCH] block: Avoid mounting the bdev pseudo-filesystem in userspace"
Next in thread: Jan Kara: "Re: [PATCH] make new mount API honour SB_NOUSER (was Re: [PATCH] block: Avoid mounting the bdev pseudo-filesystem in userspace)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Al Viro

Date: Mon Jun 01 2026 - 22:04:55 EST

one should *not* be allowed to mount one of those, new API or not.

Reported-by: Denis Arefev <arefev@xxxxxxxxx>
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
---
[[ I still want to see the rest of the reproducer - report smells like a missing
d_can_lookup() somewhere, on top of fsmount(2) bug]]
diff --git a/fs/namespace.c b/fs/namespace.c
index fe919abd2f01..17777c837683 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4499,6 +4499,10 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
new_mnt = vfs_create_mount(fc);
if (IS_ERR(new_mnt))
return PTR_ERR(new_mnt);
+ if (new_mnt->mnt_sb->s_flags & SB_NOUSER) {
+ mntput(new_mnt);
+ return -EINVAL;
+ }
new_mnt->mnt_flags = mnt_flags;

new_path.dentry = dget(fc->root);