From: Miklos Szeredi Date: Fri, 8 Jul 2005 00:57:26 +0000 (-0700) Subject: [PATCH] namespace.c: fix expiring of detached mount X-Git-Tag: firefly_0821_release~42987 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=ed42c879b7b1463aa7a15fdbbeb2b1914d60be8a;p=firefly-linux-kernel-4.4.55.git [PATCH] namespace.c: fix expiring of detached mount This patch fixes a bug noticed by Al Viro: However, we still have a problem here - just what would happen if vfsmount is detached while we were grabbing namespace semaphore? Refcount alone is not useful here - we might be held by whoever had detached the vfsmount. IOW, we should check that it's still attached (i.e. that mnt->mnt_parent != mnt). If it's not - just leave it alone, do mntput() and let whoever holds it deal with the sucker. No need to put it back on lists. Signed-off-by: Miklos Szeredi Cc: Acked-by: Christoph Hellwig Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/namespace.c b/fs/namespace.c index d82cf18a1a94..2b4635e43ae8 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -829,6 +829,15 @@ static void expire_mount(struct vfsmount *mnt, struct list_head *mounts) { spin_lock(&vfsmount_lock); + /* + * Check if mount is still attached, if not, let whoever holds it deal + * with the sucker + */ + if (mnt->mnt_parent == mnt) { + spin_unlock(&vfsmount_lock); + return; + } + /* * Check that it is still dead: the count should now be 2 - as * contributed by the vfsmount parent and the mntget above