From: Al Viro <viro@ZenIV.linux.org.uk>
To: David Howells <dhowells@redhat.com>
Cc: Ian Kent <raven@themaw.net>, Valerie Aurora <vaurora@redhat.com>,
linux-fsdevel@vger.kernel.org, Jan Blunck <jblunck@suse.de>,
autofs@linux.kernel.org, sfrench@samba.org,
Trond.Myklebust@netapp.com
Subject: Re: [PATCH 1/7] autofs4: Save autofs trigger's vfsmount in super block info
Date: Sat, 16 Jan 2010 10:17:14 +0000 [thread overview]
Message-ID: <20100116101714.GN19799@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20100115172633.GM19799@ZenIV.linux.org.uk>
On Fri, Jan 15, 2010 at 05:26:33PM +0000, Al Viro wrote:
> Maybe, maybe not... BTW, even that leaves an unpleasant race with
> mnt_make_readonly() (CIFS and NFS seem to be suffering from one).
> Which flags do we want to be inherited? Grabbing MNT_WRITE_HOLD,
> for example, would obviously be a bad idea...
Oh, man... After doing code review re locking rules for mnt_flags
and related stuff, a bunch of races had shown up. I'll put fixes
into #for-linus tomorrow.
Shit galore:
* may_umount() ought to take namespace_sem (shared). Otherwise
we race with clone_mnt() doing add_list() to ->mnt_share/->mnt_slave.
* attach_recursive_mnt() ought to take vfsmount_lock around
its loop that does set_mnt_shared(); otherwise mount --move can race
with e.g. mount -o remount.
* do_remount() ought to take vfsmount_lock around the assigment
to mnt_flags *and* take care to leave MNT_SHARED and MNT_UNBINDABLE alone,
especially the former.
* CIFS shouldn't step on mnt_flags
* NFS, AFS and CIFS should *not* leave MNT_SHARED and MNT_WRITE_HOLD
in flags passed to do_add_mount(); alternatively, do_add_mount() might
trim those.
* [unsolved, to be dealt along with per-superblock write counts]
do_remount() plays fast and loose with MNT_READONLY for !MS_BIND case.
* [*really* unsolved] it remains to be seen whether we want to
propagate modifications of mount flags via shared subtree stuff. For most
of those it's trivial (and arguably the right thing to do), but ro/rw is
really nasty. Nick's mnt_want_write() implementation will need very careful
analysis.
* [#for-next fodder] pnode.c:get_source() cleanup; right now it is
correct, but PITA to prove the correctness. Incidentally, CL_PROPAGATION
is gone after that one. Not #for-linus stuff, but I'll be really happier
with it for post-.33
* [#for-next, but might go into #for-linus as well] explicit
documentation of invariants added to Documentation/filesystems/sharedsubtree.txt
Part of that can be deduced from what's already there, but I'd rather have
it explicit and one crucial bit is simply missing ("if mnt->mnt_master != NULL,
the entire mnt->mnt_share list consists of adjacent elements of mnt->mnt_slaves,
in the same order") and proving correctness without it is Not Fun(tm). Hell,
I've spent an hour figuring out whether it's broken or not and I'd been
through all that code back when it had been written. In details.
I'll give that another look after I get some sleep, then to public tree it
goes...
next prev parent reply other threads:[~2010-01-16 10:17 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-23 23:36 [PATCH 0/7] VFS prep for union mounts/writable overlays Valerie Aurora
2009-12-23 23:36 ` [PATCH 1/7] autofs4: Save autofs trigger's vfsmount in super block info Valerie Aurora
2009-12-23 23:36 ` [PATCH 2/7] VFS: Make lookup_hash() return a struct path Valerie Aurora
2009-12-23 23:36 ` [PATCH 3/7] VFS: Make real_lookup() " Valerie Aurora
2009-12-23 23:37 ` [PATCH 4/7] VFS: Propagate mnt_flags into do_loopback Valerie Aurora
2009-12-23 23:37 ` [PATCH 5/7] VFS: Add read-only users count to superblock Valerie Aurora
2009-12-23 23:37 ` [PATCH 6/7] VFS: BUG_ON() rehash of an already hashed dentry Valerie Aurora
2009-12-23 23:37 ` [PATCH 7/7] VFS: Remove unnecessary micro-optimization in cached_lookup() Valerie Aurora
2010-01-02 0:44 ` [PATCH 1/7] autofs4: Save autofs trigger's vfsmount in super block info Ian Kent
2010-01-14 5:43 ` Al Viro
2010-01-14 19:18 ` Valerie Aurora
2010-01-15 6:05 ` Ian Kent
2010-01-15 8:03 ` Al Viro
2010-01-15 17:36 ` Steve French
2010-01-18 5:08 ` Ian Kent
2010-01-15 14:55 ` David Howells
2010-01-15 16:58 ` Al Viro
2010-01-15 17:08 ` David Howells
2010-01-15 17:26 ` Al Viro
2010-01-16 10:17 ` Al Viro [this message]
2010-01-17 17:57 ` Al Viro
2010-01-18 4:21 ` Ian Kent
2010-01-18 5:59 ` Al Viro
2010-01-18 9:14 ` Ian Kent
2010-01-18 10:27 ` Al Viro
2010-01-18 19:35 ` Trond Myklebust
2010-01-19 7:05 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100116101714.GN19799@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=Trond.Myklebust@netapp.com \
--cc=autofs@linux.kernel.org \
--cc=dhowells@redhat.com \
--cc=jblunck@suse.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=raven@themaw.net \
--cc=sfrench@samba.org \
--cc=vaurora@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).