From: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Alexey Gladkov <gladkov.alexey-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Linux Kernel Mailing List
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"Kirill A. Shutemov"
<kirill-oKw7cIdHH8eLwutG50LtGA@public.gmane.org>,
Vasiliy Kulikov <segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>,
Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Pavel Emelyanov <xemul-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>,
James Bottomley
<James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>,
"Dmitry V. Levin" <ldv-u2l5PoMzF/Vg9hUCZPvPmw@public.gmane.org>
Subject: Re: [RFC] Add option to mount only a pids subset
Date: Thu, 23 Mar 2017 17:05:07 +0100 [thread overview]
Message-ID: <20170323160507.GA23135@redhat.com> (raw)
In-Reply-To: <20170320125855.GG4554@comp-core-i7-2640m-0182e6>
Again, I can't really review this, I know nothing about vfs, but since
nobody else replied...
On 03/20, Alexey Gladkov wrote:
>
> @@ -97,7 +169,23 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
> ns = task_active_pid_ns(current);
> }
>
> - return mount_ns(fs_type, flags, data, ns, ns->user_ns, proc_fill_super);
> + root = mount_ns(fs_type, flags, data, ns, ns->user_ns, proc_fill_super);
> +
> + if (!IS_ERR(root)) {
> + if (!proc_fill_options(data, &opts))
> + return ERR_PTR(-EINVAL);
So we have to call proc_fill_options() twice, not good... Yes, I understand
why, but perhaps we factor it out somehow, we can pack options + pid_ns into
sb->s_fs_info. Nevermind, this is minor.
> + if (opts.pid_only) {
> + int ret;
> +
> + if (!ns->pidfs && (ret = fill_pidfs_root(root->d_sb)))
> + return ERR_PTR(ret);
> +
> + root = ns->pidfs;
Afaics this lacks dget(ns->pidfs) which should pair with dput(mnt.mnt_root)
in cleanup_mnt(). IIUC otherwise ns->pidfs can go away after umount, OTOH,
if we return ns->pidfs then dget(sb->s_root) in mount_ns() is not balanced.
But this all is fixeable.
So with this change "mount -opidonly" creates another IS_ROOT() dentry which
is not equal to sb->s_root. I simply do not know if this is technically
correct or not... but, say, the "Only bind mounts can have disconnected paths"
comment in path_connected() makes me worry ;)
And this obviously means that /path-to-pidonly-mnt/ won't share dentries with
the normal /proc mount. Not really good imo even if not really wrong... Lets
look at proc_flush_task(). The exiting task will flush its $pid dentries in
/proc/ but not in /path-to-pidonly-mnt/ iiuc. Again, not really a bug, but
still...
Oleg.
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: Alexey Gladkov <gladkov.alexey@gmail.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Vasiliy Kulikov <segoon@openwall.com>,
Al Viro <viro@zeniv.linux.org.uk>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Pavel Emelyanov <xemul@parallels.com>,
James Bottomley <James.Bottomley@HansenPartnership.com>,
"Dmitry V. Levin" <ldv@altlinux.org>
Subject: Re: [RFC] Add option to mount only a pids subset
Date: Thu, 23 Mar 2017 17:05:07 +0100 [thread overview]
Message-ID: <20170323160507.GA23135@redhat.com> (raw)
In-Reply-To: <20170320125855.GG4554@comp-core-i7-2640m-0182e6>
Again, I can't really review this, I know nothing about vfs, but since
nobody else replied...
On 03/20, Alexey Gladkov wrote:
>
> @@ -97,7 +169,23 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
> ns = task_active_pid_ns(current);
> }
>
> - return mount_ns(fs_type, flags, data, ns, ns->user_ns, proc_fill_super);
> + root = mount_ns(fs_type, flags, data, ns, ns->user_ns, proc_fill_super);
> +
> + if (!IS_ERR(root)) {
> + if (!proc_fill_options(data, &opts))
> + return ERR_PTR(-EINVAL);
So we have to call proc_fill_options() twice, not good... Yes, I understand
why, but perhaps we factor it out somehow, we can pack options + pid_ns into
sb->s_fs_info. Nevermind, this is minor.
> + if (opts.pid_only) {
> + int ret;
> +
> + if (!ns->pidfs && (ret = fill_pidfs_root(root->d_sb)))
> + return ERR_PTR(ret);
> +
> + root = ns->pidfs;
Afaics this lacks dget(ns->pidfs) which should pair with dput(mnt.mnt_root)
in cleanup_mnt(). IIUC otherwise ns->pidfs can go away after umount, OTOH,
if we return ns->pidfs then dget(sb->s_root) in mount_ns() is not balanced.
But this all is fixeable.
So with this change "mount -opidonly" creates another IS_ROOT() dentry which
is not equal to sb->s_root. I simply do not know if this is technically
correct or not... but, say, the "Only bind mounts can have disconnected paths"
comment in path_connected() makes me worry ;)
And this obviously means that /path-to-pidonly-mnt/ won't share dentries with
the normal /proc mount. Not really good imo even if not really wrong... Lets
look at proc_flush_task(). The exiting task will flush its $pid dentries in
/proc/ but not in /path-to-pidonly-mnt/ iiuc. Again, not really a bug, but
still...
Oleg.
next prev parent reply other threads:[~2017-03-23 16:05 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-18 22:53 [PATCH] Add pidfs filesystem Alexey Gladkov
2017-02-18 23:34 ` kbuild test robot
2017-02-18 23:34 ` kbuild test robot
2017-02-20 4:05 ` Eric W. Biederman
2017-02-20 10:36 ` Alexey Gladkov
2017-02-22 20:11 ` Richard Weinberger
2017-02-21 14:57 ` Oleg Nesterov
2017-02-22 7:40 ` Pavel Emelyanov
2017-02-22 12:04 ` Alexey Gladkov
2017-02-22 13:08 ` Pavel Emelyanov
2017-02-22 11:53 ` Alexey Gladkov
2017-02-22 15:37 ` Dmitry V. Levin
2017-02-22 17:48 ` Oleg Nesterov
2017-02-22 19:56 ` Alexey Gladkov
[not found] ` <20170221145746.GA31914-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-03-06 23:05 ` [RFC] Add option to mount only a pids subset Alexey Gladkov
2017-03-06 23:05 ` Alexey Gladkov
2017-03-07 16:24 ` Andy Lutomirski
2017-03-07 16:24 ` Andy Lutomirski
2017-03-09 11:26 ` Djalal Harouni
[not found] ` <CAEiveUczqzHZG7jcM72oWXAKYZSPJ0ywYEXGDV1sn_FAhr28pA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-03-09 20:52 ` Eric W. Biederman
2017-03-09 20:52 ` Eric W. Biederman
2017-03-11 21:51 ` Alexey Gladkov
2017-03-11 21:51 ` Alexey Gladkov
[not found] ` <CALCETrVFnSoBP+LvyjN+1qUqrwgZan1nvscq5hV0Ujt_FF2e3g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-03-11 0:05 ` Alexey Gladkov
2017-03-11 0:05 ` Alexey Gladkov
2017-03-07 17:49 ` Oleg Nesterov
[not found] ` <20170307174909.GA24112-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-03-10 23:46 ` Alexey Gladkov
2017-03-10 23:46 ` Alexey Gladkov
2017-03-12 1:54 ` Al Viro
2017-03-12 1:54 ` Al Viro
[not found] ` <20170312015430.GO29622-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-03-12 2:13 ` Al Viro
2017-03-12 2:13 ` Al Viro
[not found] ` <20170312021257.GP29622-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-03-13 3:19 ` Andy Lutomirski
2017-03-13 3:19 ` Andy Lutomirski
[not found] ` <CALCETrVT5sfGhNomLKAephrSGj8fc81ZjGTN-Y6UwgAHngVRCA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-03-13 13:27 ` Al Viro
2017-03-13 13:27 ` Al Viro
[not found] ` <20170313132732.GR29622-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-03-13 15:24 ` Andy Lutomirski
2017-03-13 15:24 ` Andy Lutomirski
[not found] ` <CALCETrXqv8VUeO6MpKWDR6DFYBgmmT0nZVezBJsimtmmQgDksw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-03-23 15:59 ` [PATCH] proc: allow to change proc mount options per mount Djalal Harouni
2017-03-23 15:59 ` Djalal Harouni
2017-03-20 12:58 ` [RFC] Add option to mount only a pids subset Alexey Gladkov
2017-03-23 16:05 ` Oleg Nesterov [this message]
2017-03-23 16:05 ` Oleg Nesterov
[not found] ` <20170323160507.GA23135-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-03-23 22:57 ` Alexey Gladkov
2017-03-23 22:57 ` Alexey Gladkov
2017-03-23 16:06 ` Djalal Harouni
2017-03-23 16:06 ` Djalal Harouni
2017-03-23 22:07 ` Alexey Gladkov
2017-03-26 7:03 ` Djalal Harouni
2017-03-26 7:03 ` Djalal Harouni
[not found] ` <CAEiveUe15YvZ4hMYSPgm586MkJ20PO515r9krXdjPCUmrG1wSA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-03-30 21:45 ` Alexey Gladkov
2017-03-30 21:45 ` Alexey Gladkov
2017-02-27 18:56 ` [PATCH] Add pidfs filesystem Michael Kerrisk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170323160507.GA23135@redhat.com \
--to=oleg-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=gladkov.alexey-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=kirill-oKw7cIdHH8eLwutG50LtGA@public.gmane.org \
--cc=ldv-u2l5PoMzF/Vg9hUCZPvPmw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
--cc=xemul-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.