From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Amir Goldstein <amir73il@gmail.com>
Cc: linux-fsdevel <linux-fsdevel@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Miklos Szeredi <miklos@szeredi.hu>,
Seth Forshee <seth.forshee@canonical.com>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH 1/2] fs: introduce uid/gid shifting bind mount
Date: Tue, 03 Dec 2019 06:58:36 -0800 [thread overview]
Message-ID: <1575385116.3435.22.camel@HansenPartnership.com> (raw)
In-Reply-To: <CAOQ4uxh8R_GG+LMScoeuY32rx3sOeMuEK5z+rx=KO8QwGEGyXA@mail.gmail.com>
On Tue, 2019-12-03 at 16:33 +0200, Amir Goldstein wrote:
> On Tue, Dec 3, 2019 at 4:10 PM James Bottomley
> <James.Bottomley@hansenpartnership.com> wrote:
> >
> > [splitting topics for ease of threading]
> > On Tue, 2019-12-03 at 08:55 +0200, Amir Goldstein wrote:
> > > On Tue, Dec 3, 2019 at 7:12 AM James Bottomley
> > > <James.Bottomley@hansenpartnership.com> wrote:
> > > >
> > > > On Tue, 2019-12-03 at 06:51 +0200, Amir Goldstein wrote:
> > > > > [cc: ebiederman]
> >
> > [...]
> > > > > 2. Needs serious vetting by Eric (cc'ed)
> > > > > 3. A lot of people have been asking me for filtering of
> > > > > "dirent" fsnotify events (i.e. create/delete) by path, which
> > > > > is not available in those vfs functions, so if the concept of
> > > > > current-mnt flies, fsnotify is going to want to use it as
> > > > > well.
> > > >
> > > > Just a caveat: current->mnt is used in this patch simply as a
> > > > tag, which means it doesn't need to be refcounted. I think I
> > > > can prove that it is absolutely valid if the cred is shifted
> > > > because the reference is held by the code that shifted the
> > > > cred, but it's definitely not valid except for a tag comparison
> > > > outside of that. Thus, if it is useful for fsnotify, more
> > > > thought will have to be given to refcounting it.
> > > >
> > >
> > > Yes. Is there anything preventing us from taking refcount on
> > > current->mnt?
> >
> > We could, but what would it usefully mean? It would just be the
> > last mnt that had its credentials shifted. I think stashing a
> > refcounted mnt in the task structure is reasonably easy: The creds
> > are refcounted, so you simply follow all the task mnt_cred logic I
> > added for releasing the ref in the correct places, so if you want
> > to do that, I can simply rename this tag to something less generic
> > ... unless you have some idea about using the last shift mnt?
> >
>
> Nevermind. Didn't want to derail the thread.
Don't worry, that's why I separated the issues.
> I am still not sure what the semantics of generic current->mnt should
> be.
OK, so that's easy: it's not designed in the current patch set ever to
be used as a mnt. It's simply a tag to tell you if the cached shifted
credentials in mnt_cred are valid for reuse. To the only use I put it
to is in change_userns_cred() where we look at the task cached
mnt+mnt_cred and if mnt matches the mnt change_user_ns_cred was called
for we know that if mnt_cred is not NULL then it's usable as the pre-
prepared credentials.
> operations like copy_file_range() with two path arguments can
> get confusing and handling nesting (e.g. overlayfs can be confusing
> as well).
So I think the concept of using the task struct to carry information
you don't want to thread all the way up and down the stack, like how
I've done for knowledge of the shift being in effect, is potentially a
useful one. It is a bit of a hack though to work around the fact that
our API is missing stuff.
James
next prev parent reply other threads:[~2019-12-03 14:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-03 1:13 [PATCH 0/2] shiftfs reworked as a uid/gid shifting bind mount James Bottomley
2019-12-03 1:15 ` [PATCH 1/2] fs: introduce " James Bottomley
2019-12-03 4:51 ` Amir Goldstein
2019-12-03 5:12 ` James Bottomley
2019-12-03 6:55 ` Amir Goldstein
2019-12-03 14:10 ` James Bottomley
2019-12-03 14:33 ` Amir Goldstein
2019-12-03 14:58 ` James Bottomley [this message]
2019-12-03 14:40 ` James Bottomley
2019-12-13 17:49 ` James Bottomley
2019-12-03 1:15 ` [PATCH 2/2] fs: expose shifting bind mount to userspace James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1575385116.3435.22.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=amir73il@gmail.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=seth.forshee@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.