From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Djalal Harouni <tixxdz@gmail.com>, Chris Mason <clm@fb.com>,
tytso@mit.edu, Serge Hallyn <serge.hallyn@canonical.com>,
Josh Triplett <josh@joshtriplett.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andy Lutomirski <luto@kernel.org>,
Seth Forshee <seth.forshee@canonical.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Dongsu Park <dongsu@endocode.com>,
David Herrmann <dh.herrmann@googlemail.com>,
Miklos Szeredi <mszeredi@redhat.com>,
Alban Crequy <alban.crequy@gmail.com>
Subject: Re: [RFC v2 PATCH 0/8] VFS:userns: support portable root filesystems
Date: Tue, 10 May 2016 20:47:40 -0700 [thread overview]
Message-ID: <1462938460.14896.32.camel@HansenPartnership.com> (raw)
In-Reply-To: <20160511005340.GN2694@ZenIV.linux.org.uk>
On Wed, 2016-05-11 at 01:53 +0100, Al Viro wrote:
> On Tue, May 10, 2016 at 04:36:56PM -0700, James Bottomley wrote:
> > +static int shiftfs_rename2(struct inode *olddir, struct dentry
> > *old,
> > + struct inode *newdir, struct dentry
> > *new,
> > + unsigned int flags)
> > +{
> > + struct dentry *rodd = olddir->i_private, *rndd = newdir
> > ->i_private,
> > + *realold = old->d_inode->i_private,
> > + *realnew = new->d_inode->i_private;
> > + struct inode *realolddir = rodd->d_inode, *realnewdir =
> > rndd->d_inode;
> > + const struct inode_operations *iop = realolddir->i_op;
> > + int err;
> > + const struct cred *oldcred, *newcred;
> > +
> > + oldcred = shiftfs_new_creds(&newcred, old->d_sb);
> > + err = iop->rename2(realolddir, realold, realnewdir,
> > realnew, flags);
> > + shiftfs_old_creds(oldcred, &newcred);
>
> ... and you've just violated all locking rules for ->rename2().
Yes, sorry, somehow I missed that when I converted everything else to
the vfs_ functions.
> > +static struct dentry *shiftfs_lookup(struct inode *dir, struct
> > dentry *dentry,
> > + unsigned int flags)
> > +{
> > + struct dentry *real = dir->i_private, *new;
> > + struct inode *reali = real->d_inode, *newi;
> > + const struct cred *oldcred, *newcred;
> > +
> > + /* note: violation of usual fs rules here: dentries are
> > never
> > + * added with d_add. This is because we want no dentry
> > cache
> > + * for shiftfs. All lookups proceed through the dentry
> > cache
> > + * of the underlying filesystem, meaning we always see any
> > + * changes in the underlying */
>
> Bloody wonderful. So
> * we lose caching the negative lookups
We do? They should be cached in the underlying layer's dcache. If
that's not enough, I can hash them, but I was trying to avoid doubling
the dcache size.
> * we've got buggered hardlinks (different inodes for those)
Yes, had a note to do the lookup, but forgot.
> * it has never, ever been tried on -next (would do rather nasty
> things on that d_instantiate())
So this is just a proof of concept; I figured it was best to do it
against current rather than have people who wanted to try it pull in
your tree. I can respin it after the merge window closes.
>
> > +
> > + kfree(sfc);
> > +
> > + return err;
> > +}
>
> > + file->f_op = &sfc->fop;
>
> Lovely - now try that with underlying fs something built modular.
>
> Or try to use it on top of something with non-trivial
> dentry_operations
> (hell, on top of itself, for starters).
So if I add the missing fops_get/put, you're happy with the way this
hijacks f_op and f_inode?
James
next prev parent reply other threads:[~2016-05-11 3:47 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-04 14:26 [RFC v2 PATCH 0/8] VFS:userns: support portable root filesystems Djalal Harouni
2016-05-04 14:26 ` [RFC v2 PATCH 1/8] VFS: add CLONE_MNTNS_SHIFT_UIDGID flag to allow mounts to shift their UIDs/GIDs Djalal Harouni
2016-05-04 14:26 ` [RFC v2 PATCH 2/8] VFS:uidshift: add flags and helpers to shift UIDs and GIDs to virtual view Djalal Harouni
2016-05-04 14:26 ` [RFC v2 PATCH 3/8] fs: Treat foreign mounts as nosuid Djalal Harouni
2016-05-04 23:19 ` Serge Hallyn
2016-05-05 13:05 ` Seth Forshee
2016-05-05 22:40 ` Djalal Harouni
2016-05-04 14:26 ` [RFC v2 PATCH 4/8] VFS:userns: shift UID/GID to virtual view during permission access Djalal Harouni
2016-05-04 14:26 ` [RFC v2 PATCH 5/8] VFS:userns: add helpers to shift UIDs and GIDs into on-disk view Djalal Harouni
2016-05-04 14:26 ` [RFC v2 PATCH 6/8] VFS:userns: shift UID/GID to on-disk view before any write to disk Djalal Harouni
2016-05-04 14:26 ` [RFC v2 PATCH 7/8] ext4: add support for vfs_shift_uids and vfs_shift_gids mount options Djalal Harouni
2016-05-04 14:26 ` [RFC v2 PATCH 8/8] btrfs: " Djalal Harouni
2016-05-04 16:34 ` [RFC v2 PATCH 0/8] VFS:userns: support portable root filesystems Josh Triplett
2016-05-04 21:06 ` James Bottomley
2016-05-05 7:36 ` Djalal Harouni
2016-05-05 11:56 ` James Bottomley
2016-05-05 21:49 ` Djalal Harouni
2016-05-05 22:08 ` James Bottomley
2016-05-10 23:36 ` James Bottomley
2016-05-11 0:38 ` Al Viro
2016-05-11 0:53 ` Al Viro
2016-05-11 3:47 ` James Bottomley [this message]
2016-05-11 16:42 ` Djalal Harouni
2016-05-11 18:33 ` James Bottomley
2016-05-12 19:55 ` Djalal Harouni
2016-05-12 22:24 ` James Bottomley
2016-05-14 9:53 ` Djalal Harouni
2016-05-14 13:46 ` James Bottomley
2016-05-15 2:21 ` Eric W. Biederman
2016-05-15 15:04 ` James Bottomley
2016-05-16 14:12 ` Seth Forshee
2016-05-16 16:42 ` Eric W. Biederman
2016-05-16 18:25 ` Seth Forshee
2016-05-16 19:13 ` James Bottomley
2016-05-17 22:40 ` Eric W. Biederman
2016-05-17 11:42 ` Djalal Harouni
2016-05-17 15:42 ` Djalal Harouni
2016-05-04 23:30 ` Serge Hallyn
2016-05-06 14:38 ` Djalal Harouni
2016-05-09 16:26 ` Serge Hallyn
2016-05-10 10:33 ` Djalal Harouni
2016-05-05 0:23 ` Dave Chinner
2016-05-05 1:44 ` Andy Lutomirski
2016-05-05 2:25 ` Dave Chinner
2016-05-05 3:29 ` Andy Lutomirski
2016-05-05 22:34 ` Djalal Harouni
2016-05-05 22:24 ` Djalal Harouni
2016-05-06 2:50 ` Dave Chinner
2016-05-12 19:47 ` Djalal Harouni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1462938460.14896.32.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=alban.crequy@gmail.com \
--cc=clm@fb.com \
--cc=dh.herrmann@googlemail.com \
--cc=dongsu@endocode.com \
--cc=ebiederm@xmission.com \
--cc=josh@joshtriplett.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mszeredi@redhat.com \
--cc=serge.hallyn@canonical.com \
--cc=seth.forshee@canonical.com \
--cc=tixxdz@gmail.com \
--cc=tytso@mit.edu \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.