On Wed, Oct 14, 2020 at 02:49:18PM -0700, Linus Torvalds wrote: > On Wed, Oct 14, 2020 at 2:40 PM Andrii Nakryiko <andrii@xxxxxxxxxx> wrote: > > > > Fix data race in prepend_path() with re-reading mnt->mnt_ns twice without > > holding the lock. is_mounted() does check for NULL, but is_anon_ns(mnt->mnt_ns) > > might re-read the pointer again which could be NULL already, if in between > > reads one of kern_unmount()/kern_unmount_array()/umount_tree() sets mnt->mnt_ns > > to NULL. > > This seems like the obviously correct fix, so I think I'll just apply > it directly. > > Al? Holler if you have any issues with this.. See upthread. If you've already grabbed it, I'll just push a followup cleanup.
