Re: [RFC][CFT][PATCH] Rewrite of propagate_umount() (was Re: [BUG] propagate_umount() breakage)

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	linux-fsdevel@vger.kernel.org,
	 Christian Brauner <brauner@kernel.org>
Subject: Re: [RFC][CFT][PATCH] Rewrite of propagate_umount() (was Re: [BUG] propagate_umount() breakage)
Date: Tue, 20 May 2025 17:27:55 -0500	[thread overview]
Message-ID: <87wmaancic.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <20250519213508.GA2023217@ZenIV> (Al Viro's message of "Mon, 19 May 2025 22:35:08 +0100")

Al Viro <viro@zeniv.linux.org.uk> writes:

> On Mon, May 19, 2025 at 11:11:10AM -0700, Linus Torvalds wrote:
>> Another thing that is either purely syntactic, or shows that I
>> *really* don't understand your patch. Why do you do this odd thing:
>> 
>>         // reduce the set until it's non-shifting
>>         for (m = first_candidate(); m; m = trim_one(m))
>>                 ;
>> 
>> which seems to just walk the candidates list in a very non-obvious
>> manner (this is one of those "I had to go back and forth to see what
>> first_candidate() did and what lists it used" cases).
>> 
>> It *seems* to be the same as
>> 
>>         list_for_each_entry_safe(m, tmp, &candidates, mnt_umounting)
>>                 trim_one(m);
>> 
>> because if I read that code right, 'trim_one()' will just always
>> return the next entry in that candidate list.
>
>
> 	Another variant would be to steal one more bit from mnt_flags,
> set it for all candidates when collecting them, have is_candidate() check
> that instead of list_empty(&m->mnt_umounting) and clean it where this
> variant removes from the list; trim_one() would immediately return if
> bit is not set.  Then we could really do list_for_each_entry_safe(),
> with another loop doing list removals afterwards.  Extra work that way,
> though, and I still think it's more confusing...

I have only skimmed this so far, and I am a bit confused what we
are using MNT_MARK for.   I would think we should be able to use
MNT_MARK instead of stealing another bit.

Regardless I believe you said the goal is to make the code as readable
as possible, so next time it needs to be audited a decade from now
it won't be hard to figure out what is going on.

To that end I think leaving everything on the candidate list, and
flipping a bit when we decide that that the mount should be kept
will be easier to understand.

That way we can have all of the mostly naive algorithms examine
a mount and see what we should do with it, in all of the various
cases, and we don't have to be clever.

The only way I can see to avoid difficult audits is to remove as
much cleverness from the code as the problem domain allows.

Eric

next prev parent reply	other threads:[~2025-05-20 22:28 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-05-11 23:27 [BUG] propagate_umount() breakage Al Viro
2025-05-12  4:50 ` Eric W. Biederman
2025-05-13  3:56   ` Al Viro
2025-05-15 11:41     ` Al Viro
2025-05-15 11:47       ` Al Viro
2025-05-16  5:21         ` [RFC][CFT][PATCH] Rewrite of propagate_umount() (was Re: [BUG] propagate_umount() breakage) Al Viro
2025-05-19 18:11           ` Linus Torvalds
2025-05-19 21:35             ` Al Viro
2025-05-19 22:08               ` Linus Torvalds
2025-05-19 22:26                 ` Linus Torvalds
2025-05-20 22:27               ` Eric W. Biederman [this message]
2025-05-20 23:08                 ` Al Viro
2025-05-23  2:10                   ` [RFC][CFT][PATCH v2] Rewrite of propagate_umount() Al Viro
     [not found]               ` <20250520075317.GB2023217@ZenIV>
     [not found]                 ` <87y0uqlvxs.fsf@email.froward.int.ebiederm.org>
     [not found]                   ` <20250520231854.GF2023217@ZenIV>
     [not found]                     ` <20250521023219.GA1309405@ZenIV>
     [not found]                       ` <20250617041754.GA1591763@ZenIV>
2025-06-17 21:18                         ` [PATCH][RFC] replace collect_mounts()/drop_collected_mounts() with safer variant Al Viro
2025-05-20 11:10           ` [RFC][CFT][PATCH] Rewrite of propagate_umount() (was Re: [BUG] propagate_umount() breakage) Christian Brauner
2025-05-21  2:11             ` Al Viro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87wmaancic.fsf@email.froward.int.ebiederm.org \
    --to=ebiederm@xmission.com \
    --cc=brauner@kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).