Re: [PATCH] fs: fix data race on mnt.mnt_flags
From: Kirill A. Shutemov <hidden>
Date: 2015-09-21 14:06:19
Also in:
linux-fsdevel, lkml
From: Kirill A. Shutemov <hidden>
Date: 2015-09-21 14:06:19
Also in:
linux-fsdevel, lkml
On Mon, Sep 21, 2015 at 02:16:47PM +0200, Dmitry Vyukov wrote:
do_remount() does: mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK; mnt->mnt.mnt_flags = mnt_flags; This can easily be compiled as: mnt->mnt.mnt_flags &= ~MNT_USER_SETTABLE_MASK; mnt->mnt.mnt_flags |= mnt_flags; (also 2 memory accesses, less register pressure) The flags are being concurrently read by e.g. do_mmap_pgoff() which does: if (file->f_path.mnt->mnt_flags & MNT_NOEXEC) As the result we can allow to mmap a MNT_NOEXEC mount as VM_EXEC. Use WRITE_ONCE() to set new flags. The data race was found with KernelThreadSanitizer (KTSAN). Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Kirill A. Shutemov <redacted> -- Kirill A. Shutemov -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>