From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 15 Aug 2025 03:32:26 +0000 (-0400)
Subject: propagate_umount(): only surviving overmounts should be reparented
X-Git-Tag: v6.17-rc3~38^2~2
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=da025cdb97a23c1916d8491925b878f3e1de0bca;p=users%2Fgriffoul%2Flinux.git

propagate_umount(): only surviving overmounts should be reparented

... as the comments in reparent() clearly say.  As it is, we reparent
*all* overmounts of the mounts being taken out, including those that
are taken out themselves.  It's not only a potentially massive slowdown
(on a pathological setup we might end up with O(N^2) time for N mounts
being kicked out), it can end up with incorrect ->overmount in the
surviving mounts.

Fixes: f0d0ba19985d "Rewrite of propagate_umount()"
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

diff --git a/fs/pnode.c b/fs/pnode.c
index 81f7599bdac4f..1c789f88b3d26 100644
--- a/fs/pnode.c
+++ b/fs/pnode.c
@@ -637,10 +637,11 @@ void propagate_umount(struct list_head *set)
 	}
 
 	// now to_umount consists of all acceptable candidates
-	// deal with reparenting of remaining overmounts on those
+	// deal with reparenting of surviving overmounts on those
 	list_for_each_entry(m, &to_umount, mnt_list) {
-		if (m->overmount)
-			reparent(m->overmount);
+		struct mount *over = m->overmount;
+		if (over && !will_be_unmounted(over))
+			reparent(over);
 	}
 
 	// and fold them into the set