On Fri, Feb 18, 2022 at 09:06:31PM +0000, Al Viro wrote:
> FWIW, that won't work correctly wrt failure exits. I'm digging
> through the lifetime rules in there right now, will post when
> I'm done.
OK, now that I'd reconstructed the picture... The problems with
delayed shutdown are prevented by mq_clear_sbinfo() call in there -
mqueue is capable of more or less gracefully dealing with
having ->s_fs_info ripped from under it, which is what that
thing does. Before the kern_unmount(). And since that code is
non-modular, we don't need to protect that either.
IOW, having
void put_ipc_ns(struct ipc_namespace *ns)
{
if (refcount_dec_and_lock(&ns->ns.count, &mq_lock)) {
mq_clear_sbinfo(ns);
spin_unlock(&mq_lock);
free_ipc_ns(ns);
}
}
and
void mq_put_mnt(struct ipc_namespace *ns)
{
/*
* The only reason it's safe to have the mntput async
* is that we'd already ripped the ipc_namespace away
* from the mqueue superblock, by having called
* mq_clear_sbinfo().
*
* NOTE: kern_unmount_rcu() IS NOT SAFE TO USE
* WITHOUT SERIOUS PRECAUTIONS.
*
* Anything that is used by filesystem must either
* be already taken away (and fs must survive that)
* or have its destruction delayed until the superblock
* shutdown.
*
*/
kern_unmount_rcu(ns->mq_mnt);
}
would suffice. free_ipc_work/free_ipc/mnt_llist can be killed off.
