From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Date: Wed, 11 May 2016 01:53:40 +0100
From: Al Viro <viro@ZenIV.linux.org.uk>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Djalal Harouni <tixxdz@gmail.com>, Chris Mason <clm@fb.com>,
	tytso@mit.edu, Serge Hallyn <serge.hallyn@canonical.com>,
	Josh Triplett <josh@joshtriplett.org>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Andy Lutomirski <luto@kernel.org>,
	Seth Forshee <seth.forshee@canonical.com>,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	Dongsu Park <dongsu@endocode.com>,
	David Herrmann <dh.herrmann@googlemail.com>,
	Miklos Szeredi <mszeredi@redhat.com>,
	Alban Crequy <alban.crequy@gmail.com>
Subject: Re: [RFC v2 PATCH 0/8] VFS:userns: support portable root filesystems
Message-ID: <20160511005340.GN2694@ZenIV.linux.org.uk>
References: <1462372014-3786-1-git-send-email-tixxdz@gmail.com>
 <1462395979.14310.133.camel@HansenPartnership.com>
 <20160505073636.GA3357@dztty>
 <1462449388.2419.27.camel@HansenPartnership.com>
 <20160505214957.GA3071@dztty>
 <1462486085.2289.23.camel@HansenPartnership.com>
 <1462923416.14896.10.camel@HansenPartnership.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1462923416.14896.10.camel@HansenPartnership.com>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Tue, May 10, 2016 at 04:36:56PM -0700, James Bottomley wrote:
> +static int shiftfs_rename2(struct inode *olddir, struct dentry *old,
> +			   struct inode *newdir, struct dentry *new,
> +			   unsigned int flags)
> +{
> +	struct dentry *rodd = olddir->i_private, *rndd = newdir->i_private,
> +		*realold = old->d_inode->i_private,
> +		*realnew = new->d_inode->i_private;
> +	struct inode *realolddir = rodd->d_inode, *realnewdir = rndd->d_inode;
> +	const struct inode_operations *iop = realolddir->i_op;
> +	int err;
> +	const struct cred *oldcred, *newcred;
> +
> +	oldcred = shiftfs_new_creds(&newcred, old->d_sb);
> +	err = iop->rename2(realolddir, realold, realnewdir, realnew, flags);
> +	shiftfs_old_creds(oldcred, &newcred);

... and you've just violated all locking rules for ->rename2().

> +static struct dentry *shiftfs_lookup(struct inode *dir, struct dentry *dentry,
> +				     unsigned int flags)
> +{
> +	struct dentry *real = dir->i_private, *new;
> +	struct inode *reali = real->d_inode, *newi;
> +	const struct cred *oldcred, *newcred;
> +
> +	/* note: violation of usual fs rules here: dentries are never
> +	 * added with d_add.  This is because we want no dentry cache
> +	 * for shiftfs.  All lookups proceed through the dentry cache
> +	 * of the underlying filesystem, meaning we always see any
> +	 * changes in the underlying */

Bloody wonderful.  So
	* we lose caching the negative lookups
	* we've got buggered hardlinks (different inodes for those)
	* it has never, ever been tried on -next (would do rather nasty
things on that d_instantiate())

> +
> +	kfree(sfc);
> +
> +	return err;
> +}

> +	file->f_op = &sfc->fop;

Lovely - now try that with underlying fs something built modular.

Or try to use it on top of something with non-trivial dentry_operations
(hell, on top of itself, for starters).