On Tue, Jun 10, 2025 at 05:30:11PM -0500, Eric W. Biederman wrote:
> Al Viro <viro@xxxxxxxxxxxxxxxxxx> writes:
>
> > It never made any sense - neither when copy_tree() had been introduced
> > (2.4.11-pre5), nor at any point afterwards. Mountpoint is meaningless
> > without parent mount and the root of copied tree has no parent until we get
> > around to attaching it somewhere. At that time we'll have mountpoint set;
> > before that we have no idea which dentry will be used as mountpoint.
> > IOW, copy_tree() should just leave the default value.
>
> I will just note that does not result in dst_mnt->mnt_mountpoint
> being left as NULL.
>
> Rather dst_mnt->mnt_mountpoint retains the value that clone_mnt
> sets it to which is dst_mnt->mnt.mnt_root.
>
> It would be nice to have a note that says something like leaving
> dst_mnt->mnt_parent and dst_mnt->mnt_mountpoint alone indicates that the
> mount is not mounted anywhere, and that the current situation of just
> setting one of them completely confusing.
s/default value/& for a parentless mount/, perhaps?
<digs through the half-finished documentation>
----------------------------------------------------------------------------
Rootwards linkage.
Once a mount has been attached to a subtree of some filesystem,
it becomes a part of forest. Past that stage each mount is either
parentless or has a parent mount and a mountpoint - some dentry on
the filesystem associated with the parent.
The linkage is protected by mount_lock.
Checking if mount is parentless is done by mnt_has_parent(mount);
it returns true for mounts that have a parent and false for parentless
ones.
Four fields of struct mount are involved in storing that linkage.
1) struct mount *mnt_parent
Never NULL, points to self for parentless, to parent mount otherwise.
2) struct dentry *mnt_mountpoint
Never NULL, points to root dentry of mount itself for parentless
and to mountpoint dentry otherwise.
3) struct mountpoint *mnt_mp.
NULL for parentless, points to struct mountpoint associated with
mountpoint dentry otherwise.
4) struct hlist_node mnt_mp_list - linkage for the list all mounts sharing
the mountpoint.
These fields are always updated together. They make sense only
after mount has been attached to a filesystem - prior to that they happen
to contain NULL (and empty hlist_node), but they are visible only to whoever
had allocated the mount, so nobody else should care.[1]
The values in these fields are not independent. If mount m is not
parentless, m->mnt_parent->mnt.mnt_sb == m->mnt_mountpoint->d_sb,
m->mnt_mp->m_dentry == m->mnt_mountpoint and m->mnt_mp_list belongs to
the list anchored in m->mnt_mp->m_list.
All accesses to ->mnt_mp_list and ->mnt_mp are under mount_lock.
Access to ->mnt_parent and ->mnt_mountpoint under mount_lock is safe.
Access to ->mnt_parent and ->mnt_mountpoint under rcu_read_lock() is
memory-safe; it needs to be validated with mount_lock seqcount component
afterwards.
Access to ->mnt_parent and ->mnt_mountpoint under namespace_sem is
safe for anything crownwards of a pinned mount. In particular, it is safe
for anything in a mount tree of any namespace, including its rbtree. It
is also safe for anything reachable via the propagation graph. [XXX: probably
worth an explicit name for that state of a mount]
[1] it might be tempting to change the representation, so that parentless would
have NULL ->mnt_mountpoint; doing that would be a serious headache, though,
especially for RCU traversals towards parent mount. We really depend upon never
seeing NULL in that field once mount has been attached to filesystem.
----------------------------------------------------------------------------
