blk-mq: Fix a use-after-free
[linux/fpc-iii.git] / fs / pnode.c
blobaae331a5d03b2591e670c9a08451bd00ad8e66f9
1 /*
2 * linux/fs/pnode.c
4 * (C) Copyright IBM Corporation 2005.
5 * Released under GPL v2.
6 * Author : Ram Pai (linuxram@us.ibm.com)
8 */
9 #include <linux/mnt_namespace.h>
10 #include <linux/mount.h>
11 #include <linux/fs.h>
12 #include <linux/nsproxy.h>
13 #include "internal.h"
14 #include "pnode.h"
16 /* return the next shared peer mount of @p */
17 static inline struct mount *next_peer(struct mount *p)
19 return list_entry(p->mnt_share.next, struct mount, mnt_share);
22 static inline struct mount *first_slave(struct mount *p)
24 return list_entry(p->mnt_slave_list.next, struct mount, mnt_slave);
27 static inline struct mount *next_slave(struct mount *p)
29 return list_entry(p->mnt_slave.next, struct mount, mnt_slave);
32 static struct mount *get_peer_under_root(struct mount *mnt,
33 struct mnt_namespace *ns,
34 const struct path *root)
36 struct mount *m = mnt;
38 do {
39 /* Check the namespace first for optimization */
40 if (m->mnt_ns == ns && is_path_reachable(m, m->mnt.mnt_root, root))
41 return m;
43 m = next_peer(m);
44 } while (m != mnt);
46 return NULL;
50 * Get ID of closest dominating peer group having a representative
51 * under the given root.
53 * Caller must hold namespace_sem
55 int get_dominating_id(struct mount *mnt, const struct path *root)
57 struct mount *m;
59 for (m = mnt->mnt_master; m != NULL; m = m->mnt_master) {
60 struct mount *d = get_peer_under_root(m, mnt->mnt_ns, root);
61 if (d)
62 return d->mnt_group_id;
65 return 0;
68 static int do_make_slave(struct mount *mnt)
70 struct mount *peer_mnt = mnt, *master = mnt->mnt_master;
71 struct mount *slave_mnt;
74 * slave 'mnt' to a peer mount that has the
75 * same root dentry. If none is available then
76 * slave it to anything that is available.
78 while ((peer_mnt = next_peer(peer_mnt)) != mnt &&
79 peer_mnt->mnt.mnt_root != mnt->mnt.mnt_root) ;
81 if (peer_mnt == mnt) {
82 peer_mnt = next_peer(mnt);
83 if (peer_mnt == mnt)
84 peer_mnt = NULL;
86 if (mnt->mnt_group_id && IS_MNT_SHARED(mnt) &&
87 list_empty(&mnt->mnt_share))
88 mnt_release_group_id(mnt);
90 list_del_init(&mnt->mnt_share);
91 mnt->mnt_group_id = 0;
93 if (peer_mnt)
94 master = peer_mnt;
96 if (master) {
97 list_for_each_entry(slave_mnt, &mnt->mnt_slave_list, mnt_slave)
98 slave_mnt->mnt_master = master;
99 list_move(&mnt->mnt_slave, &master->mnt_slave_list);
100 list_splice(&mnt->mnt_slave_list, master->mnt_slave_list.prev);
101 INIT_LIST_HEAD(&mnt->mnt_slave_list);
102 } else {
103 struct list_head *p = &mnt->mnt_slave_list;
104 while (!list_empty(p)) {
105 slave_mnt = list_first_entry(p,
106 struct mount, mnt_slave);
107 list_del_init(&slave_mnt->mnt_slave);
108 slave_mnt->mnt_master = NULL;
111 mnt->mnt_master = master;
112 CLEAR_MNT_SHARED(mnt);
113 return 0;
117 * vfsmount lock must be held for write
119 void change_mnt_propagation(struct mount *mnt, int type)
121 if (type == MS_SHARED) {
122 set_mnt_shared(mnt);
123 return;
125 do_make_slave(mnt);
126 if (type != MS_SLAVE) {
127 list_del_init(&mnt->mnt_slave);
128 mnt->mnt_master = NULL;
129 if (type == MS_UNBINDABLE)
130 mnt->mnt.mnt_flags |= MNT_UNBINDABLE;
131 else
132 mnt->mnt.mnt_flags &= ~MNT_UNBINDABLE;
137 * get the next mount in the propagation tree.
138 * @m: the mount seen last
139 * @origin: the original mount from where the tree walk initiated
141 * Note that peer groups form contiguous segments of slave lists.
142 * We rely on that in get_source() to be able to find out if
143 * vfsmount found while iterating with propagation_next() is
144 * a peer of one we'd found earlier.
146 static struct mount *propagation_next(struct mount *m,
147 struct mount *origin)
149 /* are there any slaves of this mount? */
150 if (!IS_MNT_NEW(m) && !list_empty(&m->mnt_slave_list))
151 return first_slave(m);
153 while (1) {
154 struct mount *master = m->mnt_master;
156 if (master == origin->mnt_master) {
157 struct mount *next = next_peer(m);
158 return (next == origin) ? NULL : next;
159 } else if (m->mnt_slave.next != &master->mnt_slave_list)
160 return next_slave(m);
162 /* back at master */
163 m = master;
167 static struct mount *next_group(struct mount *m, struct mount *origin)
169 while (1) {
170 while (1) {
171 struct mount *next;
172 if (!IS_MNT_NEW(m) && !list_empty(&m->mnt_slave_list))
173 return first_slave(m);
174 next = next_peer(m);
175 if (m->mnt_group_id == origin->mnt_group_id) {
176 if (next == origin)
177 return NULL;
178 } else if (m->mnt_slave.next != &next->mnt_slave)
179 break;
180 m = next;
182 /* m is the last peer */
183 while (1) {
184 struct mount *master = m->mnt_master;
185 if (m->mnt_slave.next != &master->mnt_slave_list)
186 return next_slave(m);
187 m = next_peer(master);
188 if (master->mnt_group_id == origin->mnt_group_id)
189 break;
190 if (master->mnt_slave.next == &m->mnt_slave)
191 break;
192 m = master;
194 if (m == origin)
195 return NULL;
199 /* all accesses are serialized by namespace_sem */
200 static struct user_namespace *user_ns;
201 static struct mount *last_dest, *last_source, *dest_master;
202 static struct mountpoint *mp;
203 static struct hlist_head *list;
205 static int propagate_one(struct mount *m)
207 struct mount *child;
208 int type;
209 /* skip ones added by this propagate_mnt() */
210 if (IS_MNT_NEW(m))
211 return 0;
212 /* skip if mountpoint isn't covered by it */
213 if (!is_subdir(mp->m_dentry, m->mnt.mnt_root))
214 return 0;
215 if (m->mnt_group_id == last_dest->mnt_group_id) {
216 type = CL_MAKE_SHARED;
217 } else {
218 struct mount *n, *p;
219 for (n = m; ; n = p) {
220 p = n->mnt_master;
221 if (p == dest_master || IS_MNT_MARKED(p)) {
222 while (last_dest->mnt_master != p) {
223 last_source = last_source->mnt_master;
224 last_dest = last_source->mnt_parent;
226 if (n->mnt_group_id != last_dest->mnt_group_id) {
227 last_source = last_source->mnt_master;
228 last_dest = last_source->mnt_parent;
230 break;
233 type = CL_SLAVE;
234 /* beginning of peer group among the slaves? */
235 if (IS_MNT_SHARED(m))
236 type |= CL_MAKE_SHARED;
239 /* Notice when we are propagating across user namespaces */
240 if (m->mnt_ns->user_ns != user_ns)
241 type |= CL_UNPRIVILEGED;
242 child = copy_tree(last_source, last_source->mnt.mnt_root, type);
243 if (IS_ERR(child))
244 return PTR_ERR(child);
245 mnt_set_mountpoint(m, mp, child);
246 last_dest = m;
247 last_source = child;
248 if (m->mnt_master != dest_master) {
249 read_seqlock_excl(&mount_lock);
250 SET_MNT_MARK(m->mnt_master);
251 read_sequnlock_excl(&mount_lock);
253 hlist_add_head(&child->mnt_hash, list);
254 return 0;
258 * mount 'source_mnt' under the destination 'dest_mnt' at
259 * dentry 'dest_dentry'. And propagate that mount to
260 * all the peer and slave mounts of 'dest_mnt'.
261 * Link all the new mounts into a propagation tree headed at
262 * source_mnt. Also link all the new mounts using ->mnt_list
263 * headed at source_mnt's ->mnt_list
265 * @dest_mnt: destination mount.
266 * @dest_dentry: destination dentry.
267 * @source_mnt: source mount.
268 * @tree_list : list of heads of trees to be attached.
270 int propagate_mnt(struct mount *dest_mnt, struct mountpoint *dest_mp,
271 struct mount *source_mnt, struct hlist_head *tree_list)
273 struct mount *m, *n;
274 int ret = 0;
277 * we don't want to bother passing tons of arguments to
278 * propagate_one(); everything is serialized by namespace_sem,
279 * so globals will do just fine.
281 user_ns = current->nsproxy->mnt_ns->user_ns;
282 last_dest = dest_mnt;
283 last_source = source_mnt;
284 mp = dest_mp;
285 list = tree_list;
286 dest_master = dest_mnt->mnt_master;
288 /* all peers of dest_mnt, except dest_mnt itself */
289 for (n = next_peer(dest_mnt); n != dest_mnt; n = next_peer(n)) {
290 ret = propagate_one(n);
291 if (ret)
292 goto out;
295 /* all slave groups */
296 for (m = next_group(dest_mnt, dest_mnt); m;
297 m = next_group(m, dest_mnt)) {
298 /* everything in that slave group */
299 n = m;
300 do {
301 ret = propagate_one(n);
302 if (ret)
303 goto out;
304 n = next_peer(n);
305 } while (n != m);
307 out:
308 read_seqlock_excl(&mount_lock);
309 hlist_for_each_entry(n, tree_list, mnt_hash) {
310 m = n->mnt_parent;
311 if (m->mnt_master != dest_mnt->mnt_master)
312 CLEAR_MNT_MARK(m->mnt_master);
314 read_sequnlock_excl(&mount_lock);
315 return ret;
319 * return true if the refcount is greater than count
321 static inline int do_refcount_check(struct mount *mnt, int count)
323 return mnt_get_count(mnt) > count;
327 * check if the mount 'mnt' can be unmounted successfully.
328 * @mnt: the mount to be checked for unmount
329 * NOTE: unmounting 'mnt' would naturally propagate to all
330 * other mounts its parent propagates to.
331 * Check if any of these mounts that **do not have submounts**
332 * have more references than 'refcnt'. If so return busy.
334 * vfsmount lock must be held for write
336 int propagate_mount_busy(struct mount *mnt, int refcnt)
338 struct mount *m, *child;
339 struct mount *parent = mnt->mnt_parent;
340 int ret = 0;
342 if (mnt == parent)
343 return do_refcount_check(mnt, refcnt);
346 * quickly check if the current mount can be unmounted.
347 * If not, we don't have to go checking for all other
348 * mounts
350 if (!list_empty(&mnt->mnt_mounts) || do_refcount_check(mnt, refcnt))
351 return 1;
353 for (m = propagation_next(parent, parent); m;
354 m = propagation_next(m, parent)) {
355 child = __lookup_mnt_last(&m->mnt, mnt->mnt_mountpoint);
356 if (child && list_empty(&child->mnt_mounts) &&
357 (ret = do_refcount_check(child, 1)))
358 break;
360 return ret;
364 * NOTE: unmounting 'mnt' naturally propagates to all other mounts its
365 * parent propagates to.
367 static void __propagate_umount(struct mount *mnt)
369 struct mount *parent = mnt->mnt_parent;
370 struct mount *m;
372 BUG_ON(parent == mnt);
374 for (m = propagation_next(parent, parent); m;
375 m = propagation_next(m, parent)) {
377 struct mount *child = __lookup_mnt_last(&m->mnt,
378 mnt->mnt_mountpoint);
380 * umount the child only if the child has no
381 * other children
383 if (child && list_empty(&child->mnt_mounts)) {
384 list_del_init(&child->mnt_child);
385 hlist_del_init_rcu(&child->mnt_hash);
386 hlist_add_before_rcu(&child->mnt_hash, &mnt->mnt_hash);
392 * collect all mounts that receive propagation from the mount in @list,
393 * and return these additional mounts in the same list.
394 * @list: the list of mounts to be unmounted.
396 * vfsmount lock must be held for write
398 int propagate_umount(struct hlist_head *list)
400 struct mount *mnt;
402 hlist_for_each_entry(mnt, list, mnt_hash)
403 __propagate_umount(mnt);
404 return 0;