From: Miklos Szeredi <miklos@szeredi.hu>

This patch fixes a bug noticed by Al Viro:

   However, we still have a problem here - just what would
   happen if vfsmount is detached while we were grabbing namespace
   semaphore?  Refcount alone is not useful here - we might be held by
   whoever had detached the vfsmount.  IOW, we should check that it's
   still attached (i.e. that mnt->mnt_parent != mnt).  If it's not -
   just leave it alone, do mntput() and let whoever holds it deal with
   the sucker.  No need to put it back on lists.

Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Cc: <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 fs/namespace.c |    7 +++++++
 1 files changed, 7 insertions(+)

diff -puN fs/namespace.c~namespacec-fix-expiring-of-detached-mount fs/namespace.c
--- 25/fs/namespace.c~namespacec-fix-expiring-of-detached-mount	Mon May 23 16:16:53 2005
+++ 25-akpm/fs/namespace.c	Mon May 23 16:16:53 2005
@@ -829,6 +829,13 @@ static void expire_mount(struct vfsmount
 {
 	spin_lock(&vfsmount_lock);
 
+	/* check if mount is still attached, if not, let whoever holds
+	   it deal with the sucker */
+	if (mnt->mnt_parent == mnt) {
+		spin_unlock(&vfsmount_lock);
+		return;
+	}
+
 	/* check that it is still dead: the count should now be 2 - as
 	 * contributed by the vfsmount parent and the mntget above */
 	if (atomic_read(&mnt->mnt_count) == 2) {
_