[PATCH] namespace.c: fix expiring of detached mount
This patch fixes a bug noticed by Al Viro:
However, we still have a problem here - just what would
happen if vfsmount is detached while we were grabbing namespace
semaphore? Refcount alone is not useful here - we might be held by
whoever had detached the vfsmount. IOW, we should check that it's
still attached (i.e. that mnt->mnt_parent != mnt). If it's not -
just leave it alone, do mntput() and let whoever holds it deal with
the sucker. No need to put it back on lists.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Cc: <viro@parcelfarce.linux.theplanet.co.uk>
Acked-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
diff --git a/fs/namespace.c b/fs/namespace.c
index d82cf18..2b4635e 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -830,6 +830,15 @@
spin_lock(&vfsmount_lock);
/*
+ * Check if mount is still attached, if not, let whoever holds it deal
+ * with the sucker
+ */
+ if (mnt->mnt_parent == mnt) {
+ spin_unlock(&vfsmount_lock);
+ return;
+ }
+
+ /*
* Check that it is still dead: the count should now be 2 - as
* contributed by the vfsmount parent and the mntget above
*/