[RH7] alloc_vfsmnt cleanup

Submitted by Vasily Averin on July 5, 2018, 11:19 a.m.

Details

Message ID 320a4dd4-f7f2-495a-c7a6-d41662c5e9b9@virtuozzo.com
State New
Series "alloc_vfsmnt cleanup"
Headers show

Commit Message

Vasily Averin July 5, 2018, 11:19 a.m.
host can crash  if mnt allocation fails in alloc_vfsmnt:
ve_mount_nr_inc() will be called with mnt=NULL and dereference it inside

https://bugs.openvz.org/browse/OVZ-7039

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>

Patch hide | download patch | download mbox

diff --git a/fs/namespace.c b/fs/namespace.c
index 7d6340b9a6b9..cb57697f0c0a 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -250,8 +250,8 @@  static struct mount *alloc_vfsmnt(const char *name)
 		INIT_HLIST_NODE(&mnt->mnt_mp_list);
 		INIT_LIST_HEAD(&mnt->mnt_umounting);
 		init_fs_pin(&mnt->mnt_umount, drop_mountpoint);
+		ve_mount_nr_inc(mnt);
 	}
-	ve_mount_nr_inc(mnt);
 	return mnt;
 
 #ifdef CONFIG_SMP