On Mon, Sep 21, 2015 at 02:16:47PM +0200, Dmitry Vyukov wrote: > do_remount() does: > > mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK; > mnt->mnt.mnt_flags = mnt_flags; > > This can easily be compiled as: > > mnt->mnt.mnt_flags &= ~MNT_USER_SETTABLE_MASK; > mnt->mnt.mnt_flags |= mnt_flags; > > (also 2 memory accesses, less register pressure) > The flags are being concurrently read by e.g. do_mmap_pgoff() > which does: > > if (file->f_path.mnt->mnt_flags & MNT_NOEXEC) > > As the result we can allow to mmap a MNT_NOEXEC mount > as VM_EXEC. > > Use WRITE_ONCE() to set new flags. > > The data race was found with KernelThreadSanitizer (KTSAN). > > Signed-off-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx> Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> -- Kirill A. Shutemov -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
