From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dave Hansen Subject: Re: [PATCH 09/26] make access() use mnt check Date: Mon, 25 Jun 2007 11:27:25 -0700 Message-ID: <1182796045.1387.7.camel@localhost> References: <20070622200303.82D9CC3A@kernel> <20070622200314.1310BD44@kernel> <20070623074519.GI27954@infradead.org> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: akpm@osdl.org, linux-fsdevel@vger.kernel.org, viro@ftp.linux.org.uk To: Christoph Hellwig Return-path: Received: from e1.ny.us.ibm.com ([32.97.182.141]:48278 "EHLO e1.ny.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751582AbXFYS12 (ORCPT ); Mon, 25 Jun 2007 14:27:28 -0400 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e1.ny.us.ibm.com (8.13.8/8.13.8) with ESMTP id l5PIRSFh024107 for ; Mon, 25 Jun 2007 14:27:28 -0400 Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v8.3) with ESMTP id l5PIRShr471172 for ; Mon, 25 Jun 2007 14:27:28 -0400 Received: from d01av02.pok.ibm.com (loopback [127.0.0.1]) by d01av02.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id l5PIRRc2021390 for ; Mon, 25 Jun 2007 14:27:27 -0400 In-Reply-To: <20070623074519.GI27954@infradead.org> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Sat, 2007-06-23 at 08:45 +0100, Christoph Hellwig wrote: > On Fri, Jun 22, 2007 at 01:03:14PM -0700, Dave Hansen wrote: > > > > It is OK to let access() go without using a mnt_want/drop_write() > > pair because it doesn't actually do writes to the filesystem, > > and it is inherently racy anyway. This is a rare case when it is > > OK to use __mnt_is_readonly() directly. > > You probably want to add a big comment explaining why it's fine here. I've got this in the next set: - - if(IS_RDONLY(nd.dentry->d_inode)) + /* + * This is a rare case where using __mnt_is_readonly() + * is OK without a mnt_want/drop_write() pair. Since + * not actual write to the fs is performed here, we do + * not need to telegraph to that to anyone. Also, we + * accept that access is inherently racy, and know that + * the fs might be remounted between this syscall, and + * any action taken because of its result. + */ + if (__mnt_is_readonly(nd.mnt)) res = -EROFS; > That reminds me of something else I had in mind to debug that the > writer counts are okay: > > we should probably add a check in permission that we have an elevated > writercount on the vfsmount/sb. Of course we'll need some way to > overrid it for access(), which means passing down a flag to it or > something. This was already in the second to last patch in the series. Good enough? diff -puN fs/namei.c~numa_mnt_want_write fs/namei.c --- lxc/fs/namei.c~numa_mnt_want_write 2007-06-25 11:05:50.000000000 -0700 +++ lxc-dave/fs/namei.c 2007-06-25 11:05:50.000000000 -0700 @@ -230,10 +230,12 @@ int permission(struct inode *inode, int int retval, submask; if (mask & MAY_WRITE) { - /* - * Nobody gets write access to a read-only fs. + * If this WARN_ON() is hit, it likely means that + * there was a missed mnt_want_write() on the path + * leading here. */ + WARN_ON(__mnt_is_readonly(nd->mnt)); if (IS_RDONLY(inode) && -- Dave