On 07/10/2018 11:48, Alan Jenkins wrote: > On 05/10/2018 19:24, Alan Jenkins wrote: >> On 21/09/2018 17:30, David Howells wrote: >>> From: Al Viro >>> >>> Allow a detached tree created by open_tree(..., OPEN_TREE_CLONE) to be >>> attached by move_mount(2). >>> >>> If by the time of final fput() of OPEN_TREE_CLONE-opened file its >>> tree is >>> not detached anymore, it won't be dissolved.  move_mount(2) is adjusted >>> to handle detached source. >>> >>> That gives us equivalents of mount --bind and mount --rbind. >>> >>> Signed-off-by: Al Viro >>> Signed-off-by: David Howells >>> --- >>> >>>   fs/namespace.c |   26 ++++++++++++++++++++------ >>>   1 file changed, 20 insertions(+), 6 deletions(-) >>> The lockup seems to be a general problem with the cleanup code. Even >>> if I use this as advertised, i.e. for a simple bind mount. Ah, I see.  The problem is you were expecting me to use the FD from open_tree() directly.  But I did fchdir() into the FD, and then "mount --move . /mnt" :-). If I use the FD directly, it avoids the hang.  I used two separate C programs (attached, to avoid my MUA damage)... > (I was suspicious that being able to pass around detached trees as an > FD, and re-attach them in any namespace, allows leaking memory by > creating a namespace loop.  I.e. maybe it gives you enough rope to > skip the test in mnt_ns_loop(). ...so here's the memory leak. # open_tree --help usage: open_tree 3 'mnt:[4026532334]' # findmnt | grep /tmp ├─/tmp tmpfs tmpfs rw,nosuid,nodev,seclabel,size=1247640k,nr_inodes=311910 │ └─/tmp/private_mnt tmp tmpfs rw,relatime,seclabel,uid=1000,gid=1000 │ └─/tmp/private_mnt/child_ns nsfs[mnt:[4026532334]] nsfs rw,seclabel Create a reference cycle: # ~/test-open_tree 3