linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Rik van Riel <riel@surriel.com>
To: linux-kernel@vger.kernel.org
Cc: kernel-team@fb.com, linux-fsdevel@vger.kernel.org,
	paulmck@kernel.org, gscrivan@redhat.com, viro@zeniv.linux.org.uk,
	Rik van Riel <riel@surriel.com>,
	Eric Biederman <ebiederm@xmission.com>, Chris Mason <clm@fb.com>
Subject: [PATCH 1/2] vfs: free vfsmount through rcu work from kern_unmount
Date: Fri, 18 Feb 2022 13:31:13 -0500	[thread overview]
Message-ID: <20220218183114.2867528-2-riel@surriel.com> (raw)
In-Reply-To: <20220218183114.2867528-1-riel@surriel.com>

After kern_unmount returns, callers can no longer access the
vfsmount structure. However, the vfsmount structure does need
to be kept around until the end of the RCU grace period, to
make sure other accesses have all gone away too.

This can be accomplished by either gating each kern_unmount
on synchronize_rcu (the comment in the code says it all), or
by deferring the freeing until the next grace period, where
it needs to be handled in a workqueue due to the locking in
mntput_no_expire().

Suggested-by: Eric Biederman <ebiederm@xmission.com>
Reported-by: Chris Mason <clm@fb.com>
---
 fs/namespace.c        | 11 +++++++++--
 include/linux/mount.h |  2 ++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 40b994a29e90..9f62cf6c69de 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4384,13 +4384,20 @@ struct vfsmount *kern_mount(struct file_system_type *type)
 }
 EXPORT_SYMBOL_GPL(kern_mount);
 
+static void mntput_rcu_work(struct work_struct *work)
+{
+	struct vfsmount *mnt = container_of(to_rcu_work(work),
+			       struct vfsmount, free_rwork);
+	mntput(mnt);
+}
+
 void kern_unmount(struct vfsmount *mnt)
 {
 	/* release long term mount so mount point can be released */
 	if (!IS_ERR_OR_NULL(mnt)) {
 		real_mount(mnt)->mnt_ns = NULL;
-		synchronize_rcu();	/* yecchhh... */
-		mntput(mnt);
+		INIT_RCU_WORK(&mnt->free_rwork, mntput_rcu_work);
+		queue_rcu_work(system_wq, &mnt->free_rwork);
 	}
 }
 EXPORT_SYMBOL(kern_unmount);
diff --git a/include/linux/mount.h b/include/linux/mount.h
index 7f18a7555dff..cd007cb70d57 100644
--- a/include/linux/mount.h
+++ b/include/linux/mount.h
@@ -16,6 +16,7 @@
 #include <linux/spinlock.h>
 #include <linux/seqlock.h>
 #include <linux/atomic.h>
+#include <linux/workqueue.h>
 
 struct super_block;
 struct vfsmount;
@@ -73,6 +74,7 @@ struct vfsmount {
 	struct super_block *mnt_sb;	/* pointer to superblock */
 	int mnt_flags;
 	struct user_namespace *mnt_userns;
+	struct rcu_work free_rwork;
 } __randomize_layout;
 
 static inline struct user_namespace *mnt_user_ns(const struct vfsmount *mnt)
-- 
2.34.1


  reply	other threads:[~2022-02-18 18:35 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-18 18:31 [PATCH 0/2] fix rate limited ipc_namespace freeing Rik van Riel
2022-02-18 18:31 ` Rik van Riel [this message]
2022-02-18 19:26   ` [PATCH 1/2] vfs: free vfsmount through rcu work from kern_unmount Al Viro
2022-02-18 19:33     ` Rik van Riel
2022-02-18 19:43       ` Al Viro
2022-02-18 20:24         ` Al Viro
2022-02-18 21:06           ` Al Viro
2022-02-19  5:50             ` Al Viro
2022-02-19  5:53   ` Al Viro
2022-02-19  5:58     ` Al Viro
2022-02-19  6:07       ` Al Viro
2022-02-18 18:31 ` [PATCH 2/2] ipc: get rid of free_ipc_work workqueue Rik van Riel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220218183114.2867528-2-riel@surriel.com \
    --to=riel@surriel.com \
    --cc=clm@fb.com \
    --cc=ebiederm@xmission.com \
    --cc=gscrivan@redhat.com \
    --cc=kernel-team@fb.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=paulmck@kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).