From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: [2.6.38] Deadlock between rename_lock and vfsmount_lock.
Date: Fri, 18 Mar 2011 12:13:05 +0000
Message-ID: <20110318121305.GI22723@ZenIV.linux.org.uk>
References: <201103160854.p2G8sR6c077737@www262.sakura.ne.jp>
 <201103170501.p2H51PjU052428@www262.sakura.ne.jp>
 <201103181959.CHC73937.SQOLJtVHOMFFOF@I-love.SAKURA.ne.jp>
 <20110318110603.GG22723@ZenIV.linux.org.uk>
 <20110318120748.GH22723@ZenIV.linux.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: npiggin@kernel.dk, linux-fsdevel@vger.kernel.org
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from zeniv.linux.org.uk ([195.92.253.2]:54825 "EHLO
	ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753232Ab1CRMNG (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Fri, 18 Mar 2011 08:13:06 -0400
Content-Disposition: inline
In-Reply-To: <20110318120748.GH22723@ZenIV.linux.org.uk>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Fri, Mar 18, 2011 at 12:07:48PM +0000, Al Viro wrote:

> Actually, why do we hold vfsmount_lock over that loop at all?  We already
> hold namespace_sem, so ->mnt_parent is protected...

Argh...  No, it isn't.  We flip it to final (mnt->mnt_parent = mnt)
outside of namespace_sem in release_mounts().  HOWEVER, by that point
we have already cleared ->mnt_ns - under namespace_sem.

So what we need is check_mnt(new.mnt) in addition to test for root.mnt
we already have there.  That'll be enough.