From b7b09470ca7f08f42b0f3a6701192adbdf198870 Mon Sep 17 00:00:00 2001
From: Linus Groh <mail@linusgroh.de>
Date: Thu, 28 Jan 2021 23:46:30 +0100
Subject: [PATCH] Kernel: Return -ENOTDIR for non-directory mount target

The absence of this check allowed silly things like this:

    # touch file
    # mount /dev/hda file
---
 Base/usr/share/man/man2/mount.md | 1 +
 Kernel/Syscalls/mount.cpp        | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/Base/usr/share/man/man2/mount.md b/Base/usr/share/man/man2/mount.md
index 69918b89fa..3ece948f60 100644
--- a/Base/usr/share/man/man2/mount.md
+++ b/Base/usr/share/man/man2/mount.md
@@ -89,6 +89,7 @@ launch the initial userspace process.
 * `EBADF`: If the `source_fd` is not valid, and either `fs_type` specifies a
   file-backed filesystem (and not a pseudo filesystem), or `MS_BIND` is
   specified in flags.
+* `ENOTDIR`: If `target` is not a directory.
 
 All of the usual path resolution errors may also occur.
 
diff --git a/Kernel/Syscalls/mount.cpp b/Kernel/Syscalls/mount.cpp
index a212e1ef4a..5376563530 100644
--- a/Kernel/Syscalls/mount.cpp
+++ b/Kernel/Syscalls/mount.cpp
@@ -67,6 +67,9 @@ int Process::sys$mount(Userspace<const Syscall::SC_mount_params*> user_params)
 
     auto& target_custody = custody_or_error.value();
 
+    if (!target_custody->inode().is_directory())
+        return -ENOTDIR;
+
     if (params.flags & MS_REMOUNT) {
         // We're not creating a new mount, we're updating an existing one!
         return VFS::the().remount(target_custody, params.flags & ~MS_REMOUNT);