On Thu, May 08, 2025 at 09:01:37PM +0100, Al Viro wrote:
> do_umount() analogue of the race fixed in 119e1ef80ecf "fix
> __legitimize_mnt()/mntput() race". Here we want to make sure that
> if __legitimize_mnt() doesn't notice our lock_mount_hash(), we will
> notice their refcount increment. Harder to hit than mntput_no_expire()
> one, fortunately, and consequences are milder (sync umount acting
> like umount -l on a rare race with RCU pathwalk hitting at just the
> wrong time instead of use-after-free galore mntput_no_expire()
> counterpart used to be hit). Still a bug...
>
> Fixes: 48a066e72d97 ("RCU'd vfsmounts")
> Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> ---
Thanks!
Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>
