This patch fixes a bug noticed by Al Viro:
However, we still have a problem here - just what would
happen if vfsmount is detached while we were grabbing namespace
semaphore? Refcount alone is not useful here - we might be held by
whoever had detached the vfsmount. IOW, we should check that it's
still attached (i.e. that mnt->mnt_parent != mnt). If it's not -
just leave it alone, do mntput() and let whoever holds it deal with
the sucker. No need to put it back on lists.
Signed-off-by: Miklos Szeredi <[email protected]>
Index: linux/fs/namespace.c
===================================================================
--- linux.orig/fs/namespace.c 2005-05-20 20:01:26.000000000 +0200
+++ linux/fs/namespace.c 2005-05-20 20:04:56.000000000 +0200
@@ -829,6 +829,13 @@ static void expire_mount(struct vfsmount
{
spin_lock(&vfsmount_lock);
+ /* check if mount is still attached, if not, let whoever holds
+ it deal with the sucker */
+ if (mnt->mnt_parent == mnt) {
+ spin_unlock(&vfsmount_lock);
+ return;
+ }
+
/* check that it is still dead: the count should now be 2 - as
* contributed by the vfsmount parent and the mntget above */
if (atomic_read(&mnt->mnt_count) == 2) {
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
