On Sun, Apr 27, 2025 at 08:50:02PM +0100, Al Viro wrote: > [another catch from struct mount audit] > ... or we risk stealing final mntput from sync umount - raising mnt_count > after umount(2) has verified that victim is not busy, but before it > has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see > that it's safe to quietly undo mnt_count increment and leaves dropping > the reference to caller, where it'll be a full-blown mntput(). > > Check under mount_lock is needed; leaving the current one done before > taking that makes no sense - it's nowhere near common enough to bother > with. > > Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > --- Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>
