1 files changed, 8 insertions, 2 deletions

diff --git a/fs/namespace.c b/fs/namespace.c
index 4fb1691b4355..783004af5707 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2409,8 +2409,10 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
                         mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV;
                 }
                 if (type->fs_flags & FS_USERNS_VISIBLE) {
-                        if (!fs_fully_visible(type, &mnt_flags))
+                        if (!fs_fully_visible(type, &mnt_flags)) {
+                                put_filesystem(type);
                                 return -EPERM;
+                        }
                 }
         }
 
@@ -3245,6 +3247,10 @@ static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags)
                 if (mnt->mnt.mnt_sb->s_iflags & SB_I_NOEXEC)
                         mnt_flags &= ~(MNT_LOCK_NOSUID | MNT_LOCK_NOEXEC);
 
+                /* Don't miss readonly hidden in the superblock flags */
+                if (mnt->mnt.mnt_sb->s_flags & MS_RDONLY)
+                        mnt_flags |= MNT_LOCK_READONLY;
+
                 /* Verify the mount flags are equal to or more permissive
                  * than the proposed new mount.
                  */
@@ -3271,7 +3277,7 @@ static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags)
                 list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {
                         struct inode *inode = child->mnt_mountpoint->d_inode;
                         /* Only worry about locked mounts */
-                        if (!(mnt_flags & MNT_LOCKED))
+                        if (!(child->mnt.mnt_flags & MNT_LOCKED))
                                 continue;
                         /* Is the directory permanetly empty? */
                         if (!is_empty_dir_inode(inode))