On Mon, Sep 21, 2015 at 02:16:47PM +0200, Dmitry Vyukov wrote: > do_remount() does: > > mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK; > mnt->mnt.mnt_flags = mnt_flags; > > This can easily be compiled as: > > mnt->mnt.mnt_flags &= ~MNT_USER_SETTABLE_MASK; > mnt->mnt.mnt_flags |= mnt_flags; > > (also 2 memory accesses, less register pressure) > The flags are being concurrently read by e.g. do_mmap_pgoff() > which does: > > if (file->f_path.mnt->mnt_flags & MNT_NOEXEC) > > As the result we can allow to mmap a MNT_NOEXEC mount > as VM_EXEC. > > Use WRITE_ONCE() to set new flags. > > The data race was found with KernelThreadSanitizer (KTSAN). > > Signed-off-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx> Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> -- Kirill A. Shutemov -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>