/*
   *  linux/fs/namespace.c
   *
   * (C) Copyright Al Viro 2000, 2001
   *	Released under GPL v2.
   *
   * Based on code from fs/super.c, copyright Linus Torvalds and others.
   * Heavily rewritten.
   */

  #include <linux/syscalls.h>

  #include <linux/export.h>

  #include <linux/capability.h>

  #include <linux/mnt_namespace.h>

  #include <linux/user_namespace.h>

  #include <linux/namei.h>
  #include <linux/security.h>

  #include <linux/idr.h>

  #include <linux/acct.h>		/* acct_auto_close_mnt */

  #include <linux/init.h>		/* init_rootfs */

  #include <linux/fs_struct.h>	/* get_fs_root et.al. */
  #include <linux/fsnotify.h>	/* fsnotify_vfsmount_delete */
  #include <linux/uaccess.h>

  #include <linux/proc_ns.h>

  #include <linux/magic.h>

  #include "pnode.h"

  #include "internal.h"

  #define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head))
  #define HASH_SIZE (1UL << HASH_SHIFT)

  static int event;

  static DEFINE_IDA(mnt_id_ida);

  static DEFINE_IDA(mnt_group_ida);

  static DEFINE_SPINLOCK(mnt_id_lock);

  static int mnt_id_start = 0;
  static int mnt_group_start = 1;

  static struct list_head *mount_hashtable __read_mostly;

  static struct list_head *mountpoint_hashtable __read_mostly;

  static struct kmem_cache *mnt_cache __read_mostly;

  static DECLARE_RWSEM(namespace_sem);

  /* /sys/fs */

  struct kobject *fs_kobj;
  EXPORT_SYMBOL_GPL(fs_kobj);

  /*
   * vfsmount lock may be taken for read to prevent changes to the
   * vfsmount hash, ie. during mountpoint lookups or walking back
   * up the tree.
   *
   * It should be taken for write in all cases where the vfsmount
   * tree or hash is modified or when a vfsmount structure is modified.
   */

  __cacheline_aligned_in_smp DEFINE_SEQLOCK(mount_lock);

  static inline unsigned long hash(struct vfsmount *mnt, struct dentry *dentry)
  {

  	unsigned long tmp = ((unsigned long)mnt / L1_CACHE_BYTES);
  	tmp += ((unsigned long)dentry / L1_CACHE_BYTES);

  	tmp = tmp + (tmp >> HASH_SHIFT);
  	return tmp & (HASH_SIZE - 1);

  }

  /*
   * allocation is serialized by namespace_sem, but we need the spinlock to
   * serialize with freeing.
   */

  static int mnt_alloc_id(struct mount *mnt)

  {
  	int res;
  
  retry:
  	ida_pre_get(&mnt_id_ida, GFP_KERNEL);

  	spin_lock(&mnt_id_lock);

  	res = ida_get_new_above(&mnt_id_ida, mnt_id_start, &mnt->mnt_id);

  	if (!res)

  		mnt_id_start = mnt->mnt_id + 1;

  	spin_unlock(&mnt_id_lock);

  	if (res == -EAGAIN)
  		goto retry;
  
  	return res;
  }

  static void mnt_free_id(struct mount *mnt)

  {

  	int id = mnt->mnt_id;

  	spin_lock(&mnt_id_lock);

  	ida_remove(&mnt_id_ida, id);
  	if (mnt_id_start > id)
  		mnt_id_start = id;

  	spin_unlock(&mnt_id_lock);

  }

  /*
   * Allocate a new peer group ID
   *
   * mnt_group_ida is protected by namespace_sem
   */

  static int mnt_alloc_group_id(struct mount *mnt)

  {

  	int res;

  	if (!ida_pre_get(&mnt_group_ida, GFP_KERNEL))
  		return -ENOMEM;

  	res = ida_get_new_above(&mnt_group_ida,
  				mnt_group_start,

  				&mnt->mnt_group_id);

  	if (!res)

  		mnt_group_start = mnt->mnt_group_id + 1;

  
  	return res;

  }
  
  /*
   * Release a peer group ID
   */

  void mnt_release_group_id(struct mount *mnt)

  {

  	int id = mnt->mnt_group_id;

  	ida_remove(&mnt_group_ida, id);
  	if (mnt_group_start > id)
  		mnt_group_start = id;

  	mnt->mnt_group_id = 0;

  }

  /*
   * vfsmount lock must be held for read
   */

  static inline void mnt_add_count(struct mount *mnt, int n)

  {
  #ifdef CONFIG_SMP

  	this_cpu_add(mnt->mnt_pcp->mnt_count, n);

  #else
  	preempt_disable();

  	mnt->mnt_count += n;

  	preempt_enable();
  #endif
  }

  /*
   * vfsmount lock must be held for write
   */

  unsigned int mnt_get_count(struct mount *mnt)

  {
  #ifdef CONFIG_SMP

  	unsigned int count = 0;

  	int cpu;
  
  	for_each_possible_cpu(cpu) {

  		count += per_cpu_ptr(mnt->mnt_pcp, cpu)->mnt_count;

  	}
  
  	return count;
  #else

  	return mnt->mnt_count;

  #endif
  }

  static struct mount *alloc_vfsmnt(const char *name)

  {

  	struct mount *mnt = kmem_cache_zalloc(mnt_cache, GFP_KERNEL);
  	if (mnt) {

  		int err;

  		err = mnt_alloc_id(mnt);

  		if (err)
  			goto out_free_cache;
  
  		if (name) {

  			mnt->mnt_devname = kstrdup(name, GFP_KERNEL);
  			if (!mnt->mnt_devname)

  				goto out_free_id;

  		}

  #ifdef CONFIG_SMP

  		mnt->mnt_pcp = alloc_percpu(struct mnt_pcp);
  		if (!mnt->mnt_pcp)

  			goto out_free_devname;

  		this_cpu_add(mnt->mnt_pcp->mnt_count, 1);

  #else

  		mnt->mnt_count = 1;
  		mnt->mnt_writers = 0;

  #endif

  		INIT_LIST_HEAD(&mnt->mnt_hash);
  		INIT_LIST_HEAD(&mnt->mnt_child);
  		INIT_LIST_HEAD(&mnt->mnt_mounts);
  		INIT_LIST_HEAD(&mnt->mnt_list);
  		INIT_LIST_HEAD(&mnt->mnt_expire);
  		INIT_LIST_HEAD(&mnt->mnt_share);
  		INIT_LIST_HEAD(&mnt->mnt_slave_list);
  		INIT_LIST_HEAD(&mnt->mnt_slave);

  #ifdef CONFIG_FSNOTIFY
  		INIT_HLIST_HEAD(&mnt->mnt_fsnotify_marks);
  #endif

  	}

  	return mnt;

  #ifdef CONFIG_SMP
  out_free_devname:

  	kfree(mnt->mnt_devname);

  #endif

  out_free_id:

  	mnt_free_id(mnt);

  out_free_cache:

  	kmem_cache_free(mnt_cache, mnt);

  	return NULL;

  }

  /*
   * Most r/o checks on a fs are for operations that take
   * discrete amounts of time, like a write() or unlink().
   * We must keep track of when those operations start
   * (for permission checks) and when they end, so that
   * we can determine when writes are able to occur to
   * a filesystem.
   */

  /*
   * __mnt_is_readonly: check whether a mount is read-only
   * @mnt: the mount to check for its write status
   *
   * This shouldn't be used directly ouside of the VFS.
   * It does not guarantee that the filesystem will stay
   * r/w, just that it is right *now*.  This can not and
   * should not be used in place of IS_RDONLY(inode).
   * mnt_want/drop_write() will _keep_ the filesystem
   * r/w.
   */
  int __mnt_is_readonly(struct vfsmount *mnt)
  {

  	if (mnt->mnt_flags & MNT_READONLY)
  		return 1;
  	if (mnt->mnt_sb->s_flags & MS_RDONLY)
  		return 1;
  	return 0;

  }
  EXPORT_SYMBOL_GPL(__mnt_is_readonly);

  static inline void mnt_inc_writers(struct mount *mnt)

  {
  #ifdef CONFIG_SMP

  	this_cpu_inc(mnt->mnt_pcp->mnt_writers);

  #else

  	mnt->mnt_writers++;

  #endif
  }

  static inline void mnt_dec_writers(struct mount *mnt)

  {

  #ifdef CONFIG_SMP

  	this_cpu_dec(mnt->mnt_pcp->mnt_writers);

  #else

  	mnt->mnt_writers--;

  #endif

  }

  static unsigned int mnt_get_writers(struct mount *mnt)

  {

  #ifdef CONFIG_SMP
  	unsigned int count = 0;

  	int cpu;

  
  	for_each_possible_cpu(cpu) {

  		count += per_cpu_ptr(mnt->mnt_pcp, cpu)->mnt_writers;

  	}

  	return count;
  #else
  	return mnt->mnt_writers;
  #endif

  }

  static int mnt_is_readonly(struct vfsmount *mnt)
  {
  	if (mnt->mnt_sb->s_readonly_remount)
  		return 1;
  	/* Order wrt setting s_flags/s_readonly_remount in do_remount() */
  	smp_rmb();
  	return __mnt_is_readonly(mnt);
  }

  /*

   * Most r/o & frozen checks on a fs are for operations that take discrete
   * amounts of time, like a write() or unlink().  We must keep track of when
   * those operations start (for permission checks) and when they end, so that we
   * can determine when writes are able to occur to a filesystem.

   */

  /**

   * __mnt_want_write - get write access to a mount without freeze protection

   * @m: the mount on which to take a write

   *

   * This tells the low-level filesystem that a write is about to be performed to
   * it, and makes sure that writes are allowed (mnt it read-write) before
   * returning success. This operation does not protect against filesystem being
   * frozen. When the write operation is finished, __mnt_drop_write() must be
   * called. This is effectively a refcount.

   */

  int __mnt_want_write(struct vfsmount *m)

  {

  	struct mount *mnt = real_mount(m);

  	int ret = 0;

  	preempt_disable();

  	mnt_inc_writers(mnt);

  	/*

  	 * The store to mnt_inc_writers must be visible before we pass

  	 * MNT_WRITE_HOLD loop below, so that the slowpath can see our
  	 * incremented count after it has set MNT_WRITE_HOLD.
  	 */
  	smp_mb();

  	while (ACCESS_ONCE(mnt->mnt.mnt_flags) & MNT_WRITE_HOLD)

  		cpu_relax();
  	/*
  	 * After the slowpath clears MNT_WRITE_HOLD, mnt_is_readonly will
  	 * be set to match its requirements. So we must not load that until
  	 * MNT_WRITE_HOLD is cleared.
  	 */
  	smp_rmb();

  	if (mnt_is_readonly(m)) {

  		mnt_dec_writers(mnt);

  		ret = -EROFS;

  	}

  	preempt_enable();

  
  	return ret;
  }
  
  /**
   * mnt_want_write - get write access to a mount
   * @m: the mount on which to take a write
   *
   * This tells the low-level filesystem that a write is about to be performed to
   * it, and makes sure that writes are allowed (mount is read-write, filesystem
   * is not frozen) before returning success.  When the write operation is
   * finished, mnt_drop_write() must be called.  This is effectively a refcount.
   */
  int mnt_want_write(struct vfsmount *m)
  {
  	int ret;
  
  	sb_start_write(m->mnt_sb);
  	ret = __mnt_want_write(m);
  	if (ret)
  		sb_end_write(m->mnt_sb);

  	return ret;

  }
  EXPORT_SYMBOL_GPL(mnt_want_write);
  
  /**

   * mnt_clone_write - get write access to a mount
   * @mnt: the mount on which to take a write
   *
   * This is effectively like mnt_want_write, except
   * it must only be used to take an extra write reference
   * on a mountpoint that we already know has a write reference
   * on it. This allows some optimisation.
   *
   * After finished, mnt_drop_write must be called as usual to
   * drop the reference.
   */
  int mnt_clone_write(struct vfsmount *mnt)
  {
  	/* superblock may be r/o */
  	if (__mnt_is_readonly(mnt))
  		return -EROFS;
  	preempt_disable();

  	mnt_inc_writers(real_mount(mnt));

  	preempt_enable();
  	return 0;
  }
  EXPORT_SYMBOL_GPL(mnt_clone_write);
  
  /**

   * __mnt_want_write_file - get write access to a file's mount

   * @file: the file who's mount on which to take a write
   *

   * This is like __mnt_want_write, but it takes a file and can

   * do some optimisations if the file is open for write already
   */

  int __mnt_want_write_file(struct file *file)

  {

  	struct inode *inode = file_inode(file);

  	if (!(file->f_mode & FMODE_WRITE) || special_file(inode->i_mode))

  		return __mnt_want_write(file->f_path.mnt);

  	else
  		return mnt_clone_write(file->f_path.mnt);
  }

  
  /**
   * mnt_want_write_file - get write access to a file's mount
   * @file: the file who's mount on which to take a write
   *
   * This is like mnt_want_write, but it takes a file and can
   * do some optimisations if the file is open for write already
   */
  int mnt_want_write_file(struct file *file)
  {
  	int ret;
  
  	sb_start_write(file->f_path.mnt->mnt_sb);
  	ret = __mnt_want_write_file(file);
  	if (ret)
  		sb_end_write(file->f_path.mnt->mnt_sb);
  	return ret;
  }

  EXPORT_SYMBOL_GPL(mnt_want_write_file);
  
  /**

   * __mnt_drop_write - give up write access to a mount

   * @mnt: the mount on which to give up write access
   *
   * Tells the low-level filesystem that we are done
   * performing writes to it.  Must be matched with

   * __mnt_want_write() call above.

   */

  void __mnt_drop_write(struct vfsmount *mnt)

  {

  	preempt_disable();

  	mnt_dec_writers(real_mount(mnt));

  	preempt_enable();

  }

  
  /**
   * mnt_drop_write - give up write access to a mount
   * @mnt: the mount on which to give up write access
   *
   * Tells the low-level filesystem that we are done performing writes to it and
   * also allows filesystem to be frozen again.  Must be matched with
   * mnt_want_write() call above.
   */
  void mnt_drop_write(struct vfsmount *mnt)
  {
  	__mnt_drop_write(mnt);
  	sb_end_write(mnt->mnt_sb);
  }

  EXPORT_SYMBOL_GPL(mnt_drop_write);

  void __mnt_drop_write_file(struct file *file)
  {
  	__mnt_drop_write(file->f_path.mnt);
  }

  void mnt_drop_write_file(struct file *file)
  {
  	mnt_drop_write(file->f_path.mnt);
  }
  EXPORT_SYMBOL(mnt_drop_write_file);

  static int mnt_make_readonly(struct mount *mnt)

  {

  	int ret = 0;

  	lock_mount_hash();

  	mnt->mnt.mnt_flags |= MNT_WRITE_HOLD;

  	/*

  	 * After storing MNT_WRITE_HOLD, we'll read the counters. This store
  	 * should be visible before we do.

  	 */

  	smp_mb();

  	/*

  	 * With writers on hold, if this value is zero, then there are
  	 * definitely no active writers (although held writers may subsequently
  	 * increment the count, they'll have to wait, and decrement it after
  	 * seeing MNT_READONLY).
  	 *
  	 * It is OK to have counter incremented on one CPU and decremented on
  	 * another: the sum will add up correctly. The danger would be when we
  	 * sum up each counter, if we read a counter before it is incremented,
  	 * but then read another CPU's count which it has been subsequently
  	 * decremented from -- we would see more decrements than we should.
  	 * MNT_WRITE_HOLD protects against this scenario, because
  	 * mnt_want_write first increments count, then smp_mb, then spins on
  	 * MNT_WRITE_HOLD, so it can't be decremented by another CPU while
  	 * we're counting up here.

  	 */

  	if (mnt_get_writers(mnt) > 0)

  		ret = -EBUSY;
  	else

  		mnt->mnt.mnt_flags |= MNT_READONLY;

  	/*
  	 * MNT_READONLY must become visible before ~MNT_WRITE_HOLD, so writers
  	 * that become unheld will see MNT_READONLY.
  	 */
  	smp_wmb();

  	mnt->mnt.mnt_flags &= ~MNT_WRITE_HOLD;

  	unlock_mount_hash();

  	return ret;

  }

  static void __mnt_unmake_readonly(struct mount *mnt)

  {

  	lock_mount_hash();

  	mnt->mnt.mnt_flags &= ~MNT_READONLY;

  	unlock_mount_hash();

  }

  int sb_prepare_remount_readonly(struct super_block *sb)
  {
  	struct mount *mnt;
  	int err = 0;

  	/* Racy optimization.  Recheck the counter under MNT_WRITE_HOLD */
  	if (atomic_long_read(&sb->s_remove_count))
  		return -EBUSY;

  	lock_mount_hash();

  	list_for_each_entry(mnt, &sb->s_mounts, mnt_instance) {
  		if (!(mnt->mnt.mnt_flags & MNT_READONLY)) {
  			mnt->mnt.mnt_flags |= MNT_WRITE_HOLD;
  			smp_mb();
  			if (mnt_get_writers(mnt) > 0) {
  				err = -EBUSY;
  				break;
  			}
  		}
  	}

  	if (!err && atomic_long_read(&sb->s_remove_count))
  		err = -EBUSY;

  	if (!err) {
  		sb->s_readonly_remount = 1;
  		smp_wmb();
  	}
  	list_for_each_entry(mnt, &sb->s_mounts, mnt_instance) {
  		if (mnt->mnt.mnt_flags & MNT_WRITE_HOLD)
  			mnt->mnt.mnt_flags &= ~MNT_WRITE_HOLD;
  	}

  	unlock_mount_hash();

  
  	return err;
  }

  static void free_vfsmnt(struct mount *mnt)

  {

  	kfree(mnt->mnt_devname);

  	mnt_free_id(mnt);

  #ifdef CONFIG_SMP

  	free_percpu(mnt->mnt_pcp);

  #endif

  	kmem_cache_free(mnt_cache, mnt);

  }

  /* call under rcu_read_lock */
  bool legitimize_mnt(struct vfsmount *bastard, unsigned seq)
  {
  	struct mount *mnt;
  	if (read_seqretry(&mount_lock, seq))
  		return false;
  	if (bastard == NULL)
  		return true;
  	mnt = real_mount(bastard);
  	mnt_add_count(mnt, 1);
  	if (likely(!read_seqretry(&mount_lock, seq)))
  		return true;
  	if (bastard->mnt_flags & MNT_SYNC_UMOUNT) {
  		mnt_add_count(mnt, -1);
  		return false;
  	}
  	rcu_read_unlock();
  	mntput(bastard);
  	rcu_read_lock();
  	return false;
  }

  /*

   * find the first mount at @dentry on vfsmount @mnt.

   * call under rcu_read_lock()

   */

  struct mount *__lookup_mnt(struct vfsmount *mnt, struct dentry *dentry)

  {

  	struct list_head *head = mount_hashtable + hash(mnt, dentry);

  	struct mount *p;

  	list_for_each_entry_rcu(p, head, mnt_hash)

  		if (&p->mnt_parent->mnt == mnt && p->mnt_mountpoint == dentry)
  			return p;
  	return NULL;
  }
  
  /*
   * find the last mount at @dentry on vfsmount @mnt.

   * mount_lock must be held.

   */
  struct mount *__lookup_mnt_last(struct vfsmount *mnt, struct dentry *dentry)
  {
  	struct list_head *head = mount_hashtable + hash(mnt, dentry);
  	struct mount *p;
  
  	list_for_each_entry_reverse(p, head, mnt_hash)
  		if (&p->mnt_parent->mnt == mnt && p->mnt_mountpoint == dentry)
  			return p;
  	return NULL;

  }

  /*

   * lookup_mnt - Return the first child mount mounted at path
   *
   * "First" means first mounted chronologically.  If you create the
   * following mounts:
   *
   * mount /dev/sda1 /mnt
   * mount /dev/sda2 /mnt
   * mount /dev/sda3 /mnt
   *
   * Then lookup_mnt() on the base /mnt dentry in the root mount will
   * return successively the root dentry and vfsmount of /dev/sda1, then
   * /dev/sda2, then /dev/sda3, then NULL.
   *
   * lookup_mnt takes a reference to the found vfsmount.

   */

  struct vfsmount *lookup_mnt(struct path *path)

  {

  	struct mount *child_mnt;

  	struct vfsmount *m;
  	unsigned seq;

  	rcu_read_lock();
  	do {
  		seq = read_seqbegin(&mount_lock);
  		child_mnt = __lookup_mnt(path->mnt, path->dentry);
  		m = child_mnt ? &child_mnt->mnt : NULL;
  	} while (!legitimize_mnt(m, seq));
  	rcu_read_unlock();
  	return m;

  }

  static struct mountpoint *new_mountpoint(struct dentry *dentry)
  {
  	struct list_head *chain = mountpoint_hashtable + hash(NULL, dentry);
  	struct mountpoint *mp;

  	int ret;

  
  	list_for_each_entry(mp, chain, m_hash) {
  		if (mp->m_dentry == dentry) {
  			/* might be worth a WARN_ON() */
  			if (d_unlinked(dentry))
  				return ERR_PTR(-ENOENT);
  			mp->m_count++;
  			return mp;
  		}
  	}
  
  	mp = kmalloc(sizeof(struct mountpoint), GFP_KERNEL);
  	if (!mp)
  		return ERR_PTR(-ENOMEM);

  	ret = d_set_mounted(dentry);
  	if (ret) {

  		kfree(mp);

  		return ERR_PTR(ret);

  	}

  	mp->m_dentry = dentry;
  	mp->m_count = 1;
  	list_add(&mp->m_hash, chain);
  	return mp;
  }
  
  static void put_mountpoint(struct mountpoint *mp)
  {
  	if (!--mp->m_count) {
  		struct dentry *dentry = mp->m_dentry;
  		spin_lock(&dentry->d_lock);
  		dentry->d_flags &= ~DCACHE_MOUNTED;
  		spin_unlock(&dentry->d_lock);
  		list_del(&mp->m_hash);
  		kfree(mp);
  	}
  }

  static inline int check_mnt(struct mount *mnt)

  {

  	return mnt->mnt_ns == current->nsproxy->mnt_ns;

  }

  /*
   * vfsmount lock must be held for write
   */

  static void touch_mnt_namespace(struct mnt_namespace *ns)

  {
  	if (ns) {
  		ns->event = ++event;
  		wake_up_interruptible(&ns->poll);
  	}
  }

  /*
   * vfsmount lock must be held for write
   */

  static void __touch_mnt_namespace(struct mnt_namespace *ns)

  {
  	if (ns && ns->event != event) {
  		ns->event = event;
  		wake_up_interruptible(&ns->poll);
  	}
  }

  /*
   * vfsmount lock must be held for write
   */

  static void detach_mnt(struct mount *mnt, struct path *old_path)
  {

  	old_path->dentry = mnt->mnt_mountpoint;

  	old_path->mnt = &mnt->mnt_parent->mnt;
  	mnt->mnt_parent = mnt;

  	mnt->mnt_mountpoint = mnt->mnt.mnt_root;

  	list_del_init(&mnt->mnt_child);

  	list_del_init(&mnt->mnt_hash);

  	put_mountpoint(mnt->mnt_mp);
  	mnt->mnt_mp = NULL;

  }

  /*
   * vfsmount lock must be held for write
   */

  void mnt_set_mountpoint(struct mount *mnt,
  			struct mountpoint *mp,

  			struct mount *child_mnt)

  {

  	mp->m_count++;

  	mnt_add_count(mnt, 1);	/* essentially, that's mntget */

  	child_mnt->mnt_mountpoint = dget(mp->m_dentry);

  	child_mnt->mnt_parent = mnt;

  	child_mnt->mnt_mp = mp;

  }

  /*
   * vfsmount lock must be held for write
   */

  static void attach_mnt(struct mount *mnt,
  			struct mount *parent,
  			struct mountpoint *mp)

  {

  	mnt_set_mountpoint(parent, mp, mnt);

  	list_add_tail(&mnt->mnt_hash, mount_hashtable +

  			hash(&parent->mnt, mp->m_dentry));
  	list_add_tail(&mnt->mnt_child, &parent->mnt_mounts);

  }
  
  /*

   * vfsmount lock must be held for write

   */

  static void commit_tree(struct mount *mnt)

  {

  	struct mount *parent = mnt->mnt_parent;

  	struct mount *m;

  	LIST_HEAD(head);

  	struct mnt_namespace *n = parent->mnt_ns;

  	BUG_ON(parent == mnt);

  	list_add_tail(&head, &mnt->mnt_list);

  	list_for_each_entry(m, &head, mnt_list)

  		m->mnt_ns = n;

  	list_splice(&head, n->list.prev);

  	list_add_tail(&mnt->mnt_hash, mount_hashtable +

  				hash(&parent->mnt, mnt->mnt_mountpoint));

  	list_add_tail(&mnt->mnt_child, &parent->mnt_mounts);

  	touch_mnt_namespace(n);

  }

  static struct mount *next_mnt(struct mount *p, struct mount *root)

  {

  	struct list_head *next = p->mnt_mounts.next;
  	if (next == &p->mnt_mounts) {

  		while (1) {

  			if (p == root)

  				return NULL;

  			next = p->mnt_child.next;
  			if (next != &p->mnt_parent->mnt_mounts)

  				break;

  			p = p->mnt_parent;

  		}
  	}

  	return list_entry(next, struct mount, mnt_child);

  }

  static struct mount *skip_mnt_tree(struct mount *p)

  {

  	struct list_head *prev = p->mnt_mounts.prev;
  	while (prev != &p->mnt_mounts) {
  		p = list_entry(prev, struct mount, mnt_child);
  		prev = p->mnt_mounts.prev;

  	}
  	return p;
  }

  struct vfsmount *
  vfs_kern_mount(struct file_system_type *type, int flags, const char *name, void *data)
  {

  	struct mount *mnt;

  	struct dentry *root;
  
  	if (!type)
  		return ERR_PTR(-ENODEV);
  
  	mnt = alloc_vfsmnt(name);
  	if (!mnt)
  		return ERR_PTR(-ENOMEM);
  
  	if (flags & MS_KERNMOUNT)

  		mnt->mnt.mnt_flags = MNT_INTERNAL;

  
  	root = mount_fs(type, flags, name, data);
  	if (IS_ERR(root)) {
  		free_vfsmnt(mnt);
  		return ERR_CAST(root);
  	}

  	mnt->mnt.mnt_root = root;
  	mnt->mnt.mnt_sb = root->d_sb;

  	mnt->mnt_mountpoint = mnt->mnt.mnt_root;

  	mnt->mnt_parent = mnt;

  	lock_mount_hash();

  	list_add_tail(&mnt->mnt_instance, &root->d_sb->s_mounts);

  	unlock_mount_hash();

  	return &mnt->mnt;

  }
  EXPORT_SYMBOL_GPL(vfs_kern_mount);

  static struct mount *clone_mnt(struct mount *old, struct dentry *root,

  					int flag)

  {

  	struct super_block *sb = old->mnt.mnt_sb;

  	struct mount *mnt;
  	int err;

  	mnt = alloc_vfsmnt(old->mnt_devname);
  	if (!mnt)
  		return ERR_PTR(-ENOMEM);

  	if (flag & (CL_SLAVE | CL_PRIVATE | CL_SHARED_TO_SLAVE))

  		mnt->mnt_group_id = 0; /* not a peer of original */
  	else
  		mnt->mnt_group_id = old->mnt_group_id;

  	if ((flag & CL_MAKE_SHARED) && !mnt->mnt_group_id) {
  		err = mnt_alloc_group_id(mnt);
  		if (err)
  			goto out_free;

  	}

  
  	mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~MNT_WRITE_HOLD;

  	/* Don't allow unprivileged users to change mount flags */
  	if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY))
  		mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;

  	/* Don't allow unprivileged users to reveal what is under a mount */
  	if ((flag & CL_UNPRIVILEGED) && list_empty(&old->mnt_expire))
  		mnt->mnt.mnt_flags |= MNT_LOCKED;

  	atomic_inc(&sb->s_active);
  	mnt->mnt.mnt_sb = sb;
  	mnt->mnt.mnt_root = dget(root);
  	mnt->mnt_mountpoint = mnt->mnt.mnt_root;
  	mnt->mnt_parent = mnt;

  	lock_mount_hash();

  	list_add_tail(&mnt->mnt_instance, &sb->s_mounts);

  	unlock_mount_hash();

  	if ((flag & CL_SLAVE) ||
  	    ((flag & CL_SHARED_TO_SLAVE) && IS_MNT_SHARED(old))) {

  		list_add(&mnt->mnt_slave, &old->mnt_slave_list);
  		mnt->mnt_master = old;
  		CLEAR_MNT_SHARED(mnt);
  	} else if (!(flag & CL_PRIVATE)) {
  		if ((flag & CL_MAKE_SHARED) || IS_MNT_SHARED(old))
  			list_add(&mnt->mnt_share, &old->mnt_share);
  		if (IS_MNT_SLAVE(old))
  			list_add(&mnt->mnt_slave, &old->mnt_slave);
  		mnt->mnt_master = old->mnt_master;
  	}
  	if (flag & CL_MAKE_SHARED)
  		set_mnt_shared(mnt);
  
  	/* stick the duplicate mount on the same expiry list
  	 * as the original if that was on one */
  	if (flag & CL_EXPIRE) {
  		if (!list_empty(&old->mnt_expire))
  			list_add(&mnt->mnt_expire, &old->mnt_expire);
  	}

  	return mnt;

  
   out_free:
  	free_vfsmnt(mnt);

  	return ERR_PTR(err);

  }

  static void delayed_free(struct rcu_head *head)
  {
  	struct mount *mnt = container_of(head, struct mount, mnt_rcu);
  	kfree(mnt->mnt_devname);
  #ifdef CONFIG_SMP
  	free_percpu(mnt->mnt_pcp);
  #endif
  	kmem_cache_free(mnt_cache, mnt);
  }

  static void mntput_no_expire(struct mount *mnt)

  {

  put_again:

  	rcu_read_lock();
  	mnt_add_count(mnt, -1);
  	if (likely(mnt->mnt_ns)) { /* shouldn't be the last one */
  		rcu_read_unlock();

  		return;

  	}

  	lock_mount_hash();

  	if (mnt_get_count(mnt)) {

  		rcu_read_unlock();

  		unlock_mount_hash();

  		return;
  	}

  	if (unlikely(mnt->mnt_pinned)) {
  		mnt_add_count(mnt, mnt->mnt_pinned + 1);
  		mnt->mnt_pinned = 0;

  		rcu_read_unlock();

  		unlock_mount_hash();

  		acct_auto_close_mnt(&mnt->mnt);

  		goto put_again;

  	}

  	if (unlikely(mnt->mnt.mnt_flags & MNT_DOOMED)) {
  		rcu_read_unlock();
  		unlock_mount_hash();
  		return;
  	}
  	mnt->mnt.mnt_flags |= MNT_DOOMED;
  	rcu_read_unlock();

  	list_del(&mnt->mnt_instance);

  	unlock_mount_hash();

  
  	/*
  	 * This probably indicates that somebody messed
  	 * up a mnt_want/drop_write() pair.  If this
  	 * happens, the filesystem was probably unable
  	 * to make r/w->r/o transitions.
  	 */
  	/*
  	 * The locking used to deal with mnt_count decrement provides barriers,
  	 * so mnt_get_writers() below is safe.
  	 */
  	WARN_ON(mnt_get_writers(mnt));
  	fsnotify_vfsmount_delete(&mnt->mnt);
  	dput(mnt->mnt.mnt_root);
  	deactivate_super(mnt->mnt.mnt_sb);

  	mnt_free_id(mnt);
  	call_rcu(&mnt->mnt_rcu, delayed_free);

  }

  
  void mntput(struct vfsmount *mnt)
  {
  	if (mnt) {

  		struct mount *m = real_mount(mnt);

  		/* avoid cacheline pingpong, hope gcc doesn't get "smart" */

  		if (unlikely(m->mnt_expiry_mark))
  			m->mnt_expiry_mark = 0;
  		mntput_no_expire(m);

  	}
  }
  EXPORT_SYMBOL(mntput);
  
  struct vfsmount *mntget(struct vfsmount *mnt)
  {
  	if (mnt)

  		mnt_add_count(real_mount(mnt), 1);

  	return mnt;
  }
  EXPORT_SYMBOL(mntget);

  void mnt_pin(struct vfsmount *mnt)
  {

  	lock_mount_hash();

  	real_mount(mnt)->mnt_pinned++;

  	unlock_mount_hash();

  }

  EXPORT_SYMBOL(mnt_pin);

  void mnt_unpin(struct vfsmount *m)

  {

  	struct mount *mnt = real_mount(m);

  	lock_mount_hash();

  	if (mnt->mnt_pinned) {

  		mnt_add_count(mnt, 1);

  		mnt->mnt_pinned--;
  	}

  	unlock_mount_hash();

  }

  EXPORT_SYMBOL(mnt_unpin);

  static inline void mangle(struct seq_file *m, const char *s)
  {
  	seq_escape(m, s, " \t
  \\");
  }
  
  /*
   * Simple .show_options callback for filesystems which don't want to
   * implement more complex mount option showing.
   *
   * See also save_mount_options().
   */

  int generic_show_options(struct seq_file *m, struct dentry *root)

  {

  	const char *options;
  
  	rcu_read_lock();

  	options = rcu_dereference(root->d_sb->s_options);

  
  	if (options != NULL && options[0]) {
  		seq_putc(m, ',');
  		mangle(m, options);
  	}

  	rcu_read_unlock();

  
  	return 0;
  }
  EXPORT_SYMBOL(generic_show_options);
  
  /*
   * If filesystem uses generic_show_options(), this function should be
   * called from the fill_super() callback.
   *
   * The .remount_fs callback usually needs to be handled in a special
   * way, to make sure, that previous options are not overwritten if the
   * remount fails.
   *
   * Also note, that if the filesystem's .remount_fs function doesn't
   * reset all options to their default value, but changes only newly
   * given options, then the displayed options will not reflect reality
   * any more.
   */
  void save_mount_options(struct super_block *sb, char *options)
  {

  	BUG_ON(sb->s_options);
  	rcu_assign_pointer(sb->s_options, kstrdup(options, GFP_KERNEL));

  }
  EXPORT_SYMBOL(save_mount_options);

  void replace_mount_options(struct super_block *sb, char *options)
  {
  	char *old = sb->s_options;
  	rcu_assign_pointer(sb->s_options, options);
  	if (old) {
  		synchronize_rcu();
  		kfree(old);
  	}
  }
  EXPORT_SYMBOL(replace_mount_options);

  #ifdef CONFIG_PROC_FS

  /* iterator; we want it to have access to namespace_sem, thus here... */

  static void *m_start(struct seq_file *m, loff_t *pos)
  {

  	struct proc_mounts *p = proc_mounts(m);

  	down_read(&namespace_sem);

  	return seq_list_start(&p->ns->list, *pos);

  }
  
  static void *m_next(struct seq_file *m, void *v, loff_t *pos)
  {

  	struct proc_mounts *p = proc_mounts(m);

  	return seq_list_next(v, &p->ns->list, pos);

  }
  
  static void m_stop(struct seq_file *m, void *v)
  {

  	up_read(&namespace_sem);

  }

  static int m_show(struct seq_file *m, void *v)

  {

  	struct proc_mounts *p = proc_mounts(m);

  	struct mount *r = list_entry(v, struct mount, mnt_list);

  	return p->show(m, &r->mnt);

  }

  const struct seq_operations mounts_op = {

  	.start	= m_start,
  	.next	= m_next,
  	.stop	= m_stop,

  	.show	= m_show,

  };

  #endif  /* CONFIG_PROC_FS */

  /**
   * may_umount_tree - check if a mount tree is busy
   * @mnt: root of mount tree
   *
   * This is called to check if a tree of mounts has any
   * open files, pwds, chroots or sub mounts that are
   * busy.
   */

  int may_umount_tree(struct vfsmount *m)

  {

  	struct mount *mnt = real_mount(m);

  	int actual_refs = 0;
  	int minimum_refs = 0;

  	struct mount *p;

  	BUG_ON(!m);

  	/* write lock needed for mnt_get_count */

  	lock_mount_hash();

  	for (p = mnt; p; p = next_mnt(p, mnt)) {

  		actual_refs += mnt_get_count(p);

  		minimum_refs += 2;

  	}

  	unlock_mount_hash();

  
  	if (actual_refs > minimum_refs)

  		return 0;

  	return 1;

  }
  
  EXPORT_SYMBOL(may_umount_tree);
  
  /**
   * may_umount - check if a mount point is busy
   * @mnt: root of mount
   *
   * This is called to check if a mount point has any
   * open files, pwds, chroots or sub mounts. If the
   * mount has sub mounts this will return busy
   * regardless of whether the sub mounts are busy.
   *
   * Doesn't take quota and stuff into account. IOW, in some cases it will
   * give false negatives. The main reason why it's here is that we need
   * a non-destructive way to look for easily umountable filesystems.
   */
  int may_umount(struct vfsmount *mnt)
  {

  	int ret = 1;

  	down_read(&namespace_sem);

  	lock_mount_hash();

  	if (propagate_mount_busy(real_mount(mnt), 2))

  		ret = 0;

  	unlock_mount_hash();

  	up_read(&namespace_sem);

  	return ret;

  }
  
  EXPORT_SYMBOL(may_umount);

  static LIST_HEAD(unmounted);	/* protected by namespace_sem */

  static void namespace_unlock(void)

  {

  	struct mount *mnt;

  	LIST_HEAD(head);
  
  	if (likely(list_empty(&unmounted))) {
  		up_write(&namespace_sem);
  		return;
  	}
  
  	list_splice_init(&unmounted, &head);
  	up_write(&namespace_sem);

  	synchronize_rcu();

  	while (!list_empty(&head)) {
  		mnt = list_first_entry(&head, struct mount, mnt_hash);

  		list_del_init(&mnt->mnt_hash);

  		if (mnt->mnt_ex_mountpoint.mnt)
  			path_put(&mnt->mnt_ex_mountpoint);

  		mntput(&mnt->mnt);

  	}
  }

  static inline void namespace_lock(void)

  {

  	down_write(&namespace_sem);

  }

  /*

   * mount_lock must be held

   * namespace_sem must be held for write

   * how = 0 => just this tree, don't propagate
   * how = 1 => propagate; we know that nobody else has reference to any victims
   * how = 2 => lazy umount

   */

  void umount_tree(struct mount *mnt, int how)

  {

  	LIST_HEAD(tmp_list);

  	struct mount *p;

  	for (p = mnt; p; p = next_mnt(p, mnt))

  		list_move(&p->mnt_hash, &tmp_list);

  	if (how)

  		propagate_umount(&tmp_list);

  	list_for_each_entry(p, &tmp_list, mnt_hash) {

  		list_del_init(&p->mnt_expire);

  		list_del_init(&p->mnt_list);

  		__touch_mnt_namespace(p->mnt_ns);
  		p->mnt_ns = NULL;

  		if (how < 2)
  			p->mnt.mnt_flags |= MNT_SYNC_UMOUNT;

  		list_del_init(&p->mnt_child);

  		if (mnt_has_parent(p)) {

  			put_mountpoint(p->mnt_mp);

  			/* move the reference to mountpoint into ->mnt_ex_mountpoint */
  			p->mnt_ex_mountpoint.dentry = p->mnt_mountpoint;
  			p->mnt_ex_mountpoint.mnt = &p->mnt_parent->mnt;
  			p->mnt_mountpoint = p->mnt.mnt_root;
  			p->mnt_parent = p;

  			p->mnt_mp = NULL;

  		}

  		change_mnt_propagation(p, MS_PRIVATE);

  	}

  	list_splice(&tmp_list, &unmounted);

  }

  static void shrink_submounts(struct mount *mnt);

  static int do_umount(struct mount *mnt, int flags)

  {

  	struct super_block *sb = mnt->mnt.mnt_sb;

  	int retval;

  	retval = security_sb_umount(&mnt->mnt, flags);

  	if (retval)
  		return retval;
  
  	/*
  	 * Allow userspace to request a mountpoint be expired rather than
  	 * unmounting unconditionally. Unmount only happens if:
  	 *  (1) the mark is already set (the mark is cleared by mntput())
  	 *  (2) the usage count == 1 [parent vfsmount] + 1 [sys_umount]
  	 */
  	if (flags & MNT_EXPIRE) {

  		if (&mnt->mnt == current->fs->root.mnt ||

  		    flags & (MNT_FORCE | MNT_DETACH))
  			return -EINVAL;

  		/*
  		 * probably don't strictly need the lock here if we examined
  		 * all race cases, but it's a slowpath.
  		 */

  		lock_mount_hash();

  		if (mnt_get_count(mnt) != 2) {

  			unlock_mount_hash();

  			return -EBUSY;

  		}

  		unlock_mount_hash();

  		if (!xchg(&mnt->mnt_expiry_mark, 1))

  			return -EAGAIN;
  	}
  
  	/*
  	 * If we may have to abort operations to get out of this
  	 * mount, and they will themselves hold resources we must
  	 * allow the fs to do things. In the Unix tradition of
  	 * 'Gee thats tricky lets do it in userspace' the umount_begin
  	 * might fail to complete on the first run through as other tasks
  	 * must return, and the like. Thats for the mount program to worry
  	 * about for the moment.
  	 */

  	if (flags & MNT_FORCE && sb->s_op->umount_begin) {

  		sb->s_op->umount_begin(sb);

  	}

  
  	/*
  	 * No sense to grab the lock for this test, but test itself looks
  	 * somewhat bogus. Suggestions for better replacement?
  	 * Ho-hum... In principle, we might treat that as umount + switch
  	 * to rootfs. GC would eventually take care of the old vfsmount.
  	 * Actually it makes sense, especially if rootfs would contain a
  	 * /reboot - static binary that would close all descriptors and
  	 * call reboot(9). Then init(8) could umount root and exec /reboot.
  	 */

  	if (&mnt->mnt == current->fs->root.mnt && !(flags & MNT_DETACH)) {

  		/*
  		 * Special case for "unmounting" root ...
  		 * we just try to remount it readonly.
  		 */
  		down_write(&sb->s_umount);

  		if (!(sb->s_flags & MS_RDONLY))

  			retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);

  		up_write(&sb->s_umount);
  		return retval;
  	}

  	namespace_lock();

  	lock_mount_hash();

  	event++;

  	if (flags & MNT_DETACH) {

  		if (!list_empty(&mnt->mnt_list))

  			umount_tree(mnt, 2);

  		retval = 0;

  	} else {
  		shrink_submounts(mnt);
  		retval = -EBUSY;
  		if (!propagate_mount_busy(mnt, 2)) {
  			if (!list_empty(&mnt->mnt_list))
  				umount_tree(mnt, 1);
  			retval = 0;
  		}

  	}

  	unlock_mount_hash();

  	namespace_unlock();

  	return retval;
  }

  /* 
   * Is the caller allowed to modify his namespace?
   */
  static inline bool may_mount(void)
  {
  	return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN);
  }

  /*
   * Now umount can handle mount points as well as block devices.
   * This is important for filesystems which use unnamed block devices.
   *
   * We now support a flag for forced unmount like the other 'big iron'
   * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
   */

  SYSCALL_DEFINE2(umount, char __user *, name, int, flags)

  {

  	struct path path;

  	struct mount *mnt;

  	int retval;

  	int lookup_flags = 0;

  	if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW))
  		return -EINVAL;

  	if (!may_mount())
  		return -EPERM;

  	if (!(flags & UMOUNT_NOFOLLOW))
  		lookup_flags |= LOOKUP_FOLLOW;

  	retval = user_path_mountpoint_at(AT_FDCWD, name, lookup_flags, &path);

  	if (retval)
  		goto out;

  	mnt = real_mount(path.mnt);

  	retval = -EINVAL;

  	if (path.dentry != path.mnt->mnt_root)

  		goto dput_and_out;

  	if (!check_mnt(mnt))

  		goto dput_and_out;

  	if (mnt->mnt.mnt_flags & MNT_LOCKED)
  		goto dput_and_out;

  	retval = do_umount(mnt, flags);

  dput_and_out:

  	/* we mustn't call path_put() as that would clear mnt_expiry_mark */

  	dput(path.dentry);

  	mntput_no_expire(mnt);

  out:
  	return retval;
  }
  
  #ifdef __ARCH_WANT_SYS_OLDUMOUNT
  
  /*

   *	The 2.0 compatible umount. No flags.

   */

  SYSCALL_DEFINE1(oldumount, char __user *, name)

  {

  	return sys_umount(name, 0);

  }
  
  #endif

  static bool is_mnt_ns_file(struct dentry *dentry)

  {

  	/* Is this a proxy for a mount namespace? */
  	struct inode *inode = dentry->d_inode;

  	struct proc_ns *ei;

  
  	if (!proc_ns_inode(inode))
  		return false;

  	ei = get_proc_ns(inode);

  	if (ei->ns_ops != &mntns_operations)
  		return false;

  	return true;
  }
  
  static bool mnt_ns_loop(struct dentry *dentry)
  {
  	/* Could bind mounting the mount namespace inode cause a
  	 * mount namespace loop?
  	 */
  	struct mnt_namespace *mnt_ns;
  	if (!is_mnt_ns_file(dentry))
  		return false;
  
  	mnt_ns = get_proc_ns(dentry->d_inode)->ns;

  	return current->nsproxy->mnt_ns->seq >= mnt_ns->seq;
  }

  struct mount *copy_tree(struct mount *mnt, struct dentry *dentry,

  					int flag)

  {

  	struct mount *res, *p, *q, *r, *parent;

  	if (!(flag & CL_COPY_UNBINDABLE) && IS_MNT_UNBINDABLE(mnt))
  		return ERR_PTR(-EINVAL);
  
  	if (!(flag & CL_COPY_MNT_NS_FILE) && is_mnt_ns_file(dentry))

  		return ERR_PTR(-EINVAL);

  	res = q = clone_mnt(mnt, dentry, flag);

  	if (IS_ERR(q))
  		return q;

  	q->mnt.mnt_flags &= ~MNT_LOCKED;

  	q->mnt_mountpoint = mnt->mnt_mountpoint;

  
  	p = mnt;

  	list_for_each_entry(r, &mnt->mnt_mounts, mnt_child) {

  		struct mount *s;

  		if (!is_subdir(r->mnt_mountpoint, dentry))

  			continue;

  		for (s = r; s; s = next_mnt(s, r)) {

  			if (!(flag & CL_COPY_UNBINDABLE) &&
  			    IS_MNT_UNBINDABLE(s)) {
  				s = skip_mnt_tree(s);
  				continue;
  			}
  			if (!(flag & CL_COPY_MNT_NS_FILE) &&
  			    is_mnt_ns_file(s->mnt.mnt_root)) {

  				s = skip_mnt_tree(s);
  				continue;
  			}