Re: [PATCH v3 25/25] selinux: Change how dentry's d_lock field is accessed

[Al Viro <viro@ZenIV.linux.org.uk>]

On Wed, Jul 03, 2013 at 04:22:17PM -0400, Waiman Long wrote:
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index ff42773..c83a201 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -1187,28 +1187,28 @@ static void sel_remove_entries(struct dentry *de)
>  {
>  	struct list_head *node;
>  
> -	spin_lock(&de->d_lock);
> +	d_lock(de);
>  	node = de->d_subdirs.next;
>  	while (node != &de->d_subdirs) {
>  		struct dentry *d = list_entry(node, struct dentry, d_u.d_child);
>  
> -		spin_lock_nested(&d->d_lock, DENTRY_D_LOCK_NESTED);
> +		d_lock_nested(d, DENTRY_D_LOCK_NESTED);
>  		list_del_init(node);
>  
>  		if (d->d_inode) {
>  			dget_dlock(d);
> -			spin_unlock(&de->d_lock);
> -			spin_unlock(&d->d_lock);
> +			d_unlock(de);
> +			d_unlock(d);
>  			d_delete(d);
>  			simple_unlink(de->d_inode, d);
>  			dput(d);
> -			spin_lock(&de->d_lock);
> +			d_lock(de);
>  		} else
> -			spin_unlock(&d->d_lock);
> +			d_unlock(d);
>  		node = de->d_subdirs.next;
>  	}
>  
> -	spin_unlock(&de->d_lock);
> +	d_unlock(de);

BTW, all that bunch (this and similar simple_unlink() callers) is seriously
asking for a common helper somewhere in libfs.c; I'd started experimenting
in that direction several times, but got sidetracked.  The real question
here is what do we do with the stuff mounted on those.

Linus, do you have any suggestions re semantics of mounts on such mountpoints?
I see two variants - disslove all mounts on those when the kernel decides to
kill such a volatile mountpoint (the same goes for e.g. /proc/42/fd getting
invalidated, etc.) or ban mounting on them in the first place (i.e. set
DCACHE_CANT_MOUNT when these dentries are created)...  Preferences, alternative
suggestions?