On 23/6/25 12:49, Al Viro wrote:
On Tue, Jun 10, 2025 at 09:17:58AM +0100, Al Viro wrote:
The next pile of mount massage; it will grow - there will be
further modifications, as well as fixes and documentation, but this is
the subset I've got in more or less settled form right now.
Review and testing would be very welcome.
This series (-rc1-based) sits in
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #work.mount
individual patches in followups.
Updated variant force-pushed to
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #work.mount
individual patches in followups. It seems to survive testing here, but
more testing and review would be very welcome. That's still not all -
there's more stuff in local queue, but it needs more massage; this is
the reasonably settled-down subset at the moment.
I'll have a look through these too and run my tests against them.
Btw, I did run my tests against v1 without any noticeable problem.
I also have revived my patch to make may_umount_tree() namespace aware
and it still seems to work fine. I'm not going to spend time on my second
patch that was meant to add some optimization because it seemed too
aggressive somehow and stopped working a while after it was done and I
couldn't see why. So for now I've dropped it.
Ian
Changes since v1:
Added fixes (-stable fodder, IMO):
replace collect_mounts()/drop_collected_mounts() with safer variant
attach_recursive_mnt(): do not lock the covering tree when sliding something under it
Another thing that is probably a -stable candidate:
prevent mount hash conflicts
That's an old headache hopefully taken care of; what we get out of it
is the warranty that there won't be more than one hashed mount with
given parent/mountpoint at any given time. I've pulled that very
early in the sequence, so that we had a chance to backport it.
That comes with two prereqs (reordered from the middle of v1 series),
both should be trivial to backport.
Added cleanups:
__attach_mnt(): lose the second argument
copy_tree(): don't link the mounts via mnt_list
All uses of ->mnt_list are transient now - basically, various sets
used during umount_tree().
mount: separate the flags accessed only under namespace_sem
Makes for simpler locking; some of the flags are accessed only under
namespace_sem, and we already rely upon that in the readers; taking
them to a separate word avoids the need to grab mount_lock on the
write side.
propagate_one(): get rid of dest_master
propagate_mnt(): get rid of globals
Linus asked to get rid of fs/pnode.c globals; done.
take freeing of emptied mnt_namespace to namespace_unlock()
A couple of commits made simpler by "prevent mount hash conflicts" -
Rewrite of propagate_umount()
reparenting is guaranteed that there won't be more than one overmount now,
no loop needed.
don't have mounts pin their parents
simpler logics for "is there something other than overmount?"
Rough overview:
Part 1: fixes
1) replace collect_mounts()/drop_collected_mounts() with safer variant
2) attach_recursive_mnt(): do not lock the covering tree when sliding something under it
Part 2: getting rid of mount hash conflicts for good
3) attach_mnt(): expand in attach_recursive_mnt(), then lose the flag argument
4) get rid of mnt_set_mountpoint_beneath()
5) prevent mount hash conflicts
Part 3: trivial cleanups and helpers:
6) copy_tree(): don't set ->mnt_mountpoint on the root of copy
7) constify mnt_has_parent()
8) pnode: lift peers() into pnode.h
9) new predicate: mount_is_ancestor()
10) constify is_local_mountpoint()
11) new predicate: anon_ns_root(mount)
12) dissolve_on_fput(): use anon_ns_root()
13) __attach_mnt(): lose the second argument
... and rename to make_visible()
14) don't set MNT_LOCKED on parentless mounts
15) clone_mnt(): simplify the propagation-related logics
16) do_umount(): simplify the "is it still mounted" checks
Part 4: (somewhat of a side story) restore the machinery for long-term
mounts from accumulated bitrot.
17) sanitize handling of long-term internal mounts
Part 5: propagate_umount() rewrite (posted last cycle)
18) Rewrite of propagate_umount()
Part 6: untangling do_move_mount()/attach_recursive_mnt().
19) make commit_tree() usable in same-namespace move case
20) attach_recursive_mnt(): unify the mnt_change_mountpoint() logics
21) attach_recursive_mnt(): pass destination mount in all cases
22) attach_recursive_mnt(): get rid of flags entirely
23) do_move_mount(): take dropping the old mountpoint into attach_recursive_mnt()
24) do_move_mount(): get rid of 'attached' flag
Part 7: change locking for expiry lists.
25) attach_recursive_mnt(): remove from expiry list on move
26) take ->mnt_expire handling under mount_lock [read_seqlock_excl]
Part 8: struct mountpoint massage.
27) pivot_root(): reorder tree surgeries, collapse unhash_mnt() and put_mountpoint()
28) combine __put_mountpoint() with unhash_mnt()
29) get rid of mountpoint->m_count
Part 9: regularize mount refcounting a bit
30) don't have mounts pin their parents
Part 10: misc stuff, will grow...
31) copy_tree(): don't link the mounts via mnt_list
32) mount: separate the flags accessed only under namespace_sem
33) propagate_one(): get rid of dest_master
34) propagate_mnt(): get rid of globals
35) take freeing of emptied mnt_namespace to namespace_unlock()
Diffstat:
Documentation/filesystems/porting.rst | 9 +
Documentation/filesystems/propagate_umount.txt | 484 +++++++++++++++
drivers/gpu/drm/i915/gem/i915_gemfs.c | 21 +-
drivers/gpu/drm/v3d/v3d_gemfs.c | 21 +-
fs/hugetlbfs/inode.c | 2 +-
fs/mount.h | 36 +-
fs/namespace.c | 783 +++++++++++--------------
fs/pnode.c | 499 ++++++++--------
fs/pnode.h | 28 +-
include/linux/mount.h | 24 +-
ipc/mqueue.c | 2 +-
kernel/audit_tree.c | 63 +-
12 files changed, 1214 insertions(+), 758 deletions(-)
create mode 100644 Documentation/filesystems/propagate_umount.txt
