propagate_umount(): only surviving overmounts should be reparented
... as the comments in reparent() clearly say. As it is, we reparent
*all* overmounts of the mounts being taken out, including those that
are taken out themselves. It's not only a potentially massive slowdown
(on a pathological setup we might end up with O(N^2) time for N mounts
being kicked out), it can end up with incorrect ->overmount in the
surviving mounts.
Fixes: f0d0ba1998 "Rewrite of propagate_umount()"
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro
@@ -637,10 +637,11 @@ void propagate_umount(struct list_head *set)
|
||||
}
|
||||
|
||||
// now to_umount consists of all acceptable candidates
|
||||
// deal with reparenting of remaining overmounts on those
|
||||
// deal with reparenting of surviving overmounts on those
|
||||
list_for_each_entry(m, &to_umount, mnt_list) {
|
||||
if (m->overmount)
|
||||
reparent(m->overmount);
|
||||
struct mount *over = m->overmount;
|
||||
if (over && !will_be_unmounted(over))
|
||||
reparent(over);
|
||||
}
|
||||
|
||||
// and fold them into the set
|
||||
|
||||
Reference in New Issue
Block a user