* A data race on mnt->mnt.mnt_flags
@ 2023-05-29 20:38 Gong, Sishuai
0 siblings, 0 replies; only message in thread
From: Gong, Sishuai @ 2023-05-29 20:38 UTC (permalink / raw)
To: viro@zeniv.linux.org.uk; +Cc: linux-fsdevel@vger.kernel.org
Hello,
We found a data race that could happen between clone_mnt() and
mnt_hold_writers() over mnt->mnt.mnt_flags.
The two functions can write to mnt->mnt.mnt_flags concurrently.
Although mnt_hold_writers() holds the lock_mount_hash(), clone_mnt() does not
respect this lock at this moment (it will apply for this lock later).
Thread-1 Thread-2
// clone_mnt() // mnt_hold_writers() holding lock_mount_hash()
mnt->mnt.mnt_flags &= ~(MNT_WRITE_HOLD|MNT_MARKED|MNT_INTERNAL);
mnt->mnt.mnt_flags |= MNT_WRITE_HOLD;
It is not clear whether this is a serious problem but we would like to report it
just in case.
Thanks,
Sishuai
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-05-29 20:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-29 20:38 A data race on mnt->mnt.mnt_flags Gong, Sishuai
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).