do_umount(): add missing barrier before refcount checks in sync case - kernel

diff options

author	Al Viro <[email protected]>	2025-04-29 03:56:14 +0000
committer	Al Viro <[email protected]>	2025-05-09 22:05:55 +0000
commit	65781e19dcfcb4aed1167d87a3ffcc2a0c071d47 (patch)
tree	bcb00291386cc4f07f1f1eaf15073b6877dea46e /scripts/gcc-plugins/sancov_plugin.c
parent	__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (diff)
download	kernel-65781e19dcfcb4aed1167d87a3ffcc2a0c071d47.tar.gz kernel-65781e19dcfcb4aed1167d87a3ffcc2a0c071d47.zip

do_umount(): add missing barrier before refcount checks in sync case

do_umount() analogue of the race fixed in 119e1ef80ecf "fix __legitimize_mnt()/mntput() race". Here we want to make sure that if __legitimize_mnt() doesn't notice our lock_mount_hash(), we will notice their refcount increment. Harder to hit than mntput_no_expire() one, fortunately, and consequences are milder (sync umount acting like umount -l on a rare race with RCU pathwalk hitting at just the wrong time instead of use-after-free galore mntput_no_expire() counterpart used to be hit). Still a bug... Fixes: 48a066e72d97 ("RCU'd vfsmounts") Reviewed-by: Christian Brauner <[email protected]> Signed-off-by: Al Viro <[email protected]>

Diffstat (limited to 'scripts/gcc-plugins/sancov_plugin.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: