From: Al Viro <viro@zeniv.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alexander Potapenko <glider@google.com>,
Alexei Starovoitov <ast@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Andrey Konovalov <andreyknvl@google.com>,
Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Borislav Petkov <bp@alien8.de>, Christoph Hellwig <hch@lst.de>,
Christoph Lameter <cl@linux.com>,
David Rientjes <rientjes@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Eric Dumazet <edumazet@google.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Ilya Leoshkevich <iii@linux.ibm.com>,
Ingo Molnar <mingo@redhat.com>, Jens Axboe <axboe@kernel.dk>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Kees Cook <keescook@chromium.org>, Marco Elver <elver@google.com>,
Mark Rutland <mark.rutland@arm.com>,
Matthew Wilcox <willy@infradead.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Pekka Enberg <penberg@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Petr Mladek <pmladek@suse.com>,
Steven Rostedt <rostedt@goodmis.org>,
Thomas Gleixner <tglx@linutronix.de>,
Vasily Gorbik <gor@linux.ibm.com>,
Vegard Nossum <vegard.nossum@oracle.com>,
Vlastimil Babka <vbabka@suse.cz>,
kasan-dev <kasan-dev@googlegroups.com>,
Linux-MM <linux-mm@kvack.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Evgenii Stepanov <eugenis@google.com>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Segher Boessenkool <segher@kernel.crashing.org>,
Vitaly Buka <vitalybuka@google.com>,
linux-toolchains <linux-toolchains@vger.kernel.org>
Subject: Re: [PATCH v4 43/45] namei: initialize parameters passed to step_into()
Date: Mon, 4 Jul 2022 20:55:12 +0100 [thread overview]
Message-ID: <YsNFoH0+N+KCt5kg@ZenIV> (raw)
In-Reply-To: <CAHk-=wjeEre7eeWSwCRy2+ZFH8js4u22+3JTm6n+pY-QHdhbYw@mail.gmail.com>
On Mon, Jul 04, 2022 at 12:16:24PM -0700, Linus Torvalds wrote:
> On Mon, Jul 4, 2022 at 12:03 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
> >
> > Anyway, I've thrown a mount_lock check in there, running xfstests to
> > see how it goes...
>
> So my reaction had been that it would be good to just do something like this:
>
> diff --git a/fs/namei.c b/fs/namei.c
> index 1f28d3f463c3..25c4bcc91142 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -1493,11 +1493,18 @@ static bool __follow_mount_rcu(struct n...
> if (flags & DCACHE_MOUNTED) {
> struct mount *mounted = __lookup_mnt(path->mnt, dentry);
> if (mounted) {
> + struct dentry *old_dentry = dentry;
> + unsigned old_seq = *seqp;
> +
> path->mnt = &mounted->mnt;
> dentry = path->dentry = mounted->mnt.mnt_root;
> nd->state |= ND_JUMPED;
> *seqp = read_seqcount_begin(&dentry->d_seq);
> *inode = dentry->d_inode;
> +
> + if (read_seqcount_retry(&old_dentry->d_seq, old_seq))
> + return false;
> +
> /*
> * We don't need to re-check ->d_seq after this
> * ->d_inode read - there will be an RCU delay
>
> but the above is just whitespace-damaged random monkey-scribbling by
> yours truly.
>
> More like a "shouldn't we do something like this" than a serious
> patch, in other words.
>
> IOW, it has *NOT* had a lot of real thought behind it. Purely a
> "shouldn't we always clearly check the old sequence number after we've
> picked up the new one?"
You are checking the wrong thing here. It's really about mount_lock -
->d_seq is *not* bumped when we or attach in some namespace. If there's
a mismatch, RCU pathwalk is doomed anyway (it'll fail any form of unlazy)
and we might as well bugger off. If it *does* match, we know that both
mountpoint and root had been pinned since before the pathwalk, remain
pinned as of that check and had a mount connecting them all along.
IOW, if we could have arrived to this dentry at any point, we would have
gotten that dentry as the next step.
We sample into nd->m_seq in path_init() and we want it to stay unchanged
all along. If it does, all mountpoints and roots we observe are pinned
and their association with each other is stable.
It's not dentry -> dentry, it's dentry -> mount -> dentry. The following
would've been safe:
find mountpoint
sample ->d_seq
verify whatever had lead us to mountpoint
sample mount_lock
find mount
verify mountpoint's ->d_seq
find root of mounted
sample its ->d_seq
verify mount_lock
Correct? Now, note that the last step done against the value we'd sampled
in path_init() guarantees that mount hash had not changed through all of
that. Which is to say, we can pretend that we'd found mount before ->d_seq
of mountpoint might've changed, leaving us with
find mountpoint
sample ->d_seq
verify whatever had lead us to mountpoint
find mount
find root of mounted
sample its ->d_seq
verify mount_lock
next prev parent reply other threads:[~2022-07-04 19:56 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220701142310.2188015-1-glider@google.com>
2022-07-01 14:23 ` [PATCH v4 43/45] namei: initialize parameters passed to step_into() Alexander Potapenko
2022-07-02 17:23 ` Linus Torvalds
2022-07-03 3:59 ` Al Viro
2022-07-04 2:52 ` Al Viro
2022-07-04 8:20 ` Alexander Potapenko
2022-07-04 13:44 ` Al Viro
2022-07-04 13:55 ` Al Viro
2022-07-04 15:49 ` Alexander Potapenko
2022-07-04 16:03 ` Greg Kroah-Hartman
2022-07-04 16:33 ` Alexander Potapenko
2022-07-04 18:23 ` Segher Boessenkool
2022-07-04 16:00 ` Al Viro
2022-07-04 16:47 ` Alexander Potapenko
2022-07-04 17:36 ` Linus Torvalds
2022-07-04 19:02 ` Al Viro
2022-07-04 19:16 ` Linus Torvalds
2022-07-04 19:55 ` Al Viro [this message]
2022-07-04 20:24 ` Linus Torvalds
2022-07-04 20:46 ` Al Viro
2022-07-04 20:51 ` Linus Torvalds
2022-07-04 21:04 ` Al Viro
2022-07-04 23:13 ` [PATCH 1/7] __follow_mount_rcu(): verify that mount_lock remains unchanged Al Viro
2022-07-04 23:14 ` [PATCH 2/7] follow_dotdot{,_rcu}(): change calling conventions Al Viro
2022-07-04 23:14 ` [PATCH 3/7] namei: stash the sampled ->d_seq into nameidata Al Viro
2022-07-04 23:15 ` [PATCH 4/7] step_into(): lose inode argument Al Viro
2022-07-04 23:15 ` [PATCH 5/7] follow_dotdot{,_rcu}(): don't bother with inode Al Viro
2022-07-04 23:16 ` [PATCH 6/7] lookup_fast(): " Al Viro
2022-07-04 23:17 ` [PATCH 7/7] step_into(): move fetching ->d_inode past handle_mounts() Al Viro
2022-07-04 23:19 ` [PATCH 1/7] __follow_mount_rcu(): verify that mount_lock remains unchanged Al Viro
2022-07-05 0:06 ` Linus Torvalds
2022-07-05 3:48 ` Al Viro
2022-07-04 20:47 ` [PATCH v4 43/45] namei: initialize parameters passed to step_into() Linus Torvalds
2022-08-08 16:37 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YsNFoH0+N+KCt5kg@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=arnd@arndb.de \
--cc=ast@kernel.org \
--cc=axboe@kernel.dk \
--cc=bp@alien8.de \
--cc=cl@linux.com \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=elver@google.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=gor@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=herbert@gondor.apana.org.au \
--cc=iamjoonsoo.kim@lge.com \
--cc=iii@linux.ibm.com \
--cc=kasan-dev@googlegroups.com \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-toolchains@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=mst@redhat.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=penberg@kernel.org \
--cc=peterz@infradead.org \
--cc=pmladek@suse.com \
--cc=rientjes@google.com \
--cc=rostedt@goodmis.org \
--cc=segher@kernel.crashing.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
--cc=vegard.nossum@oracle.com \
--cc=vitalybuka@google.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox