01a8e29a12
Instead of locking the dentry associated with the internal mount structure, use the vfsmount structure. This means we don't have to check mount counts (in the face of bind mounts). Additionally add checking of the actual backing device being pinned instead of going arbitrarily after the rootdev, which may not be the pinning origin (in the case of recovery kernels, etc). BUG=b:21762937 TEST=gizmo build, umount a bind mount doesn't disable module pinning Change-Id: I2d845ab2d178ac52a48cce5ca34efb9365d78edb Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/277330 Reviewed-by: Aaron Durbin <adurbin@chromium.org>