From: Steven Whitehouse <swhiteho@redhat.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Christoph Hellwig <hch@infradead.org>,
Ilya Dryomov <ilya.dryomov@inktank.com>,
Sage Weil <sage@inktank.com>, Dave Jones <davej@redhat.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
ceph-devel@vger.kernel.org,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Guangliang Zhao <lucienchao@gmail.com>,
Li Wang <li.wang@ubuntykylin.com>,
zheng.z.yan@intel.com
Subject: Re: [PATCH v2] ceph: fix posix ACL hooks
Date: Tue, 04 Feb 2014 11:33:35 +0000 [thread overview]
Message-ID: <1391513615.2766.18.camel@menhir> (raw)
In-Reply-To: <20140203224034.GF10323@ZenIV.linux.org.uk>
On Mon, 2014-02-03 at 22:40 +0000, Al Viro wrote:
> > >> +static int gfs2_vfs_permission(struct dentry *dentry, struct inode *inode, int mask)
> > >> +{
> > >> + return gfs2_permission(inode, mask);
> > >> +}
> > >
> > > Er... You do realize that callers of gfs2_permission() tend to have
> > > the dentry in question, either directly or as ->d_parent of something
> > > they have?
> >
> > Not true. Look closer.
> >
> > Look at gfs2_lookupi() in particular, and check how it is called.
>
> Yeowch... gfs2_ok_to_move() is particulary nasty... WTF do we need
> it for and why is it not racy as hell?
Well, the original intent was to prevent us from moving a directory into
one of its subdirectories, and thus creating a loop. It is only called
when the rename is moving a directory, and when the parent directories
(source and destination) are different.
I know there is a problem there, recently reported by Bruce Fields which
he came across when looking at the d_splice_alias issue. The bug that
Bruce found only shows up in the clustered case, and not in the single
node case though.
Which particular race are you worried about? This check is covered by
the rename glock, which is basically a cluster wide version of the vfs
level ->s_vfs_rename_mutex.
To diverge from that topic for a moment, this thread has also brought
together some discussion on another issue which I've been pondering
recently.... that of whether the inode operations for get/set_xattr
should take a dentry or not. I had thought that we'd come to the
conclusion that 9p made it impossible to swap the current dentry
argument for an inode, and I was about to send a patch for selinux
support on clustered fs on that basis. However the discussion in this
thread has made me wonder whether that really is the case or not.... Al,
can you confirm whether your xattr-experimental patches are still under
active consideration?
The other question that I have relating to that side of things, is why
security_inode_permission() is called from __inode_permission() rather
than from generic_permission() ? Maybe there is a good reason, but I
can't immediately see what it is at the moment.
In response to the question elsewhere about GFS2 calling
gfs2_permission() after the vfs has already done its checks, that is
indeed down to needing to ensure that we have the cluster locks when
this check is called. More importantly to know that things haven't
changed since the VFS called the same function in case we've raced with
another node changing the permissions, for example. There are a number
of cases where we redo vfs level checks for this reason,
Steve.
next prev parent reply other threads:[~2014-02-04 11:34 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-28 18:40 [GIT PULL] Ceph updates for -rc1 Sage Weil
2014-01-28 21:10 ` Dave Jones
2014-01-28 21:48 ` Linus Torvalds
2014-01-29 6:08 ` Sage Weil
2014-01-29 14:30 ` Sage Weil
2014-01-29 16:36 ` Ilya Dryomov
2014-01-29 16:37 ` [PATCH v2] ceph: fix posix ACL hooks Ilya Dryomov
2014-01-29 19:09 ` Linus Torvalds
2014-01-30 7:54 ` Christoph Hellwig
2014-01-30 22:01 ` Linus Torvalds
2014-01-31 0:14 ` Sage Weil
2014-02-03 10:29 ` Christoph Hellwig
2014-02-03 11:13 ` Al Viro
2014-02-03 21:03 ` Linus Torvalds
2014-02-03 21:19 ` Al Viro
2014-02-03 21:24 ` Christoph Hellwig
2014-02-03 21:31 ` Al Viro
2014-02-03 21:36 ` Christoph Hellwig
2014-02-03 21:37 ` Linus Torvalds
2014-02-03 21:42 ` Al Viro
2014-02-03 21:31 ` Linus Torvalds
2014-02-03 21:39 ` Al Viro
2014-02-03 21:43 ` Al Viro
2014-02-03 21:44 ` Linus Torvalds
2014-02-03 22:31 ` Al Viro
2014-02-06 20:51 ` Jeremy Allison
2014-02-03 21:23 ` Christoph Hellwig
2014-02-03 21:59 ` Al Viro
2014-02-03 22:12 ` Linus Torvalds
2014-02-03 22:40 ` Al Viro
2014-02-03 22:55 ` Linus Torvalds
2014-02-04 11:33 ` Steven Whitehouse [this message]
2014-02-04 15:57 ` Christoph Hellwig
2014-02-04 16:17 ` Linus Torvalds
2014-02-03 21:59 ` Linus Torvalds
2014-01-29 20:43 ` Ilya Dryomov
2014-01-30 10:46 ` [GIT PULL] Ceph updates for -rc1 Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1391513615.2766.18.camel@menhir \
--to=swhiteho@redhat.com \
--cc=ceph-devel@vger.kernel.org \
--cc=davej@redhat.com \
--cc=hch@infradead.org \
--cc=ilya.dryomov@inktank.com \
--cc=li.wang@ubuntykylin.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lucienchao@gmail.com \
--cc=sage@inktank.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
--cc=zheng.z.yan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).