On Wed, Oct 14, 2020 at 2:40 PM Andrii Nakryiko <andrii@xxxxxxxxxx> wrote:
>
> Fix data race in prepend_path() with re-reading mnt->mnt_ns twice without
> holding the lock. is_mounted() does check for NULL, but is_anon_ns(mnt->mnt_ns)
> might re-read the pointer again which could be NULL already, if in between
> reads one of kern_unmount()/kern_unmount_array()/umount_tree() sets mnt->mnt_ns
> to NULL.
This seems like the obviously correct fix, so I think I'll just apply
it directly.
Al? Holler if you have any issues with this..
Linus
