From mboxrd@z Thu Jan  1 00:00:00 1970
From: ebiederm@xmission.com (Eric W. Biederman)
Subject: Re: [RFC][PATCH] vfs: In mntput run deactivate_super on a shallow stack.
Date: Sun, 13 Apr 2014 00:51:56 -0700
Message-ID: <87ppkl1xb7.fsf@x220.int.ebiederm.org>
References: <87wqezl5df.fsf_-_@x220.int.ebiederm.org>
	<20140409023027.GX18016@ZenIV.linux.org.uk>
	<20140409023947.GY18016@ZenIV.linux.org.uk>
	<87sipmbe8x.fsf@x220.int.ebiederm.org>
	<20140409175322.GZ18016@ZenIV.linux.org.uk>
	<20140409182830.GA18016@ZenIV.linux.org.uk>
	<87txa286fu.fsf@x220.int.ebiederm.org>
	<87fvlm860e.fsf_-_@x220.int.ebiederm.org>
	<20140409232423.GB18016@ZenIV.linux.org.uk>
	<87lhva5h4k.fsf@x220.int.ebiederm.org>
	<20140413053956.GM18016@ZenIV.linux.org.uk>
	<87zjjp3e7w.fsf@x220.int.ebiederm.org>
Mime-Version: 1.0
Content-Type: text/plain
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Linux-Fsdevel <linux-fsdevel@vger.kernel.org>,
	Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Andy Lutomirski <luto@amacapital.net>,
	Rob Landley <rob@landley.net>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Christoph Hellwig <hch@infradead.org>,
	Karel Zak <kzak@redhat.com>,
	"J. Bruce Fields" <bfields@fieldses.org>,
	Fengguang Wu <fengguang.wu@intel.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from out03.mta.xmission.com ([166.70.13.233]:56020 "EHLO
	out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752451AbaDMHwT (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Sun, 13 Apr 2014 03:52:19 -0400
In-Reply-To: <87zjjp3e7w.fsf@x220.int.ebiederm.org> (Eric W. Biederman's
	message of "Sun, 13 Apr 2014 00:01:23 -0700")
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

ebiederm@xmission.com (Eric W. Biederman) writes:

> Al Viro <viro@ZenIV.linux.org.uk> writes:
>
>> On Sat, Apr 12, 2014 at 03:15:39PM -0700, Eric W. Biederman wrote:
>>
>>> Can you explain which scenario you are thinking about with respect to a
>>> failed modprobe?
>>
>> Again, it's not impossible to audit (there's not a lot of places where
>> struct file_system_type * is ever stored, there are few instances of
>> struct file_system_type, all statically allocated, etc.), but it's
>> a non-trivial amount of work.  And I honestly don't know if we have
>> any such places right now.  Moreover, unless you feel like repeating
>> that kind of audit every merge window, we'll need a some way of dealing
>> with such situations.  Something like flush_pending_mntput(fs_type), for
>> example, documented as barrier to be used in such places might do, but
>> if you can think of something more fool-proof...
>
> I performed a quick audit and I don't see that case happening in the
> current code.  

Sigh.  I was wrong.  Almost this exact case happens in
btrfs_init_test_fs, and of course I was silly when I thought the module
ref count would be useful for something before init_module succeeds.

Still I suspect I was on the right track.  We do have the get_fs_type,
get_filesystem and put_filesystem.  Which ought to be enough to allow
us to convert unregister_filesystem into an appropriate barrier.

Something to look at after I have slept.

Eric