propagate_umount(): only surviving overmounts should be reparented

... as the comments in reparent() clearly say.  As it is, we reparent
*all* overmounts of the mounts being taken out, including those that
are taken out themselves.  It's not only a potentially massive slowdown
(on a pathological setup we might end up with O(N^2) time for N mounts
being kicked out), it can end up with incorrect ->overmount in the
surviving mounts.

Fixes: f0d0ba19985d "Rewrite of propagate_umount()"
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/fs/pnode.c b/fs/pnode.c
index 81f7599bdac4fcf14ebbde8dfaa5ef872b5ac56b..1c789f88b3d26c7ad5a84918691829f537eea5e2 100644 (file)
--- a/fs/pnode.c
+++ b/fs/pnode.c
@@ -637,10 +637,11 @@ void propagate_umount(struct list_head *set)
        }
 
        // now to_umount consists of all acceptable candidates
-       // deal with reparenting of remaining overmounts on those
+       // deal with reparenting of surviving overmounts on those
        list_for_each_entry(m, &to_umount, mnt_list) {
-               if (m->overmount)
-                       reparent(m->overmount);
+               struct mount *over = m->overmount;
+               if (over && !will_be_unmounted(over))
+                       reparent(over);
        }
 
        // and fold them into the set