From: Al Viro <viro@ZenIV.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: James Morris <jmorris@namei.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
LSM List <linux-security-module@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: security: lockless stat() issues
Date: Fri, 4 Oct 2013 22:15:26 +0100 [thread overview]
Message-ID: <20131004211526.GR13318@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CA+55aFzt1LN77WgFbdEak0f-JssQH64pSL=1zYAfB7=B8pxwvQ@mail.gmail.com>
On Fri, Oct 04, 2013 at 01:49:13PM -0700, Linus Torvalds wrote:
> That would get ugly.
>
> However, I don't think we actually really need to do that. We had a
> similar situation with d_revalidate() passing inode pointers etc
> totally unnecessarily. Yes, the filesystem needs to use ACCESS_ONCE()
> and care about NULL, but it doesn't need anything more than that. And
> we really do have that already.
Not for ->getattr()... BTW, ->permission() for btrfs in that series
relies on not getting a MAY_WRITE | MAY_NOT_BLOCK combination, and
if you are serious about access(2), we'll need to lazy-delay freeing
struct btrfs_root. Besides, we'll need to audit all ->permission()
instances for places that do not check for MAY_NOT_BLOCK on such
branches...
> And we already have dentry->d_sb - which is supposed to be valid.
> Again, we already use it under RCU for d_revalidate() and for name
> hashing. So the super-block had better already be ok with RCU.
Umm... Right you are, so we really need to make freeing these suckers
delayed. Fixed and pushed. BTW, I wonder how much does removal of
s_files (next-to-last commit in #experimental) affect scalability on
open/close... Anybody with perf setup and reasonable amount of
previous data?
BTW^2: what's the FM2R for perf testing of that kind? E.g. how much
is testable under KVM, etc.?
prev parent reply other threads:[~2013-10-04 21:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-04 19:33 security: lockless stat() issues Linus Torvalds
2013-10-04 20:15 ` Al Viro
2013-10-04 20:49 ` Linus Torvalds
2013-10-04 21:15 ` Al Viro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131004211526.GR13318@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.