From: Gao Xiang <hsiangkao@linux.alibaba.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: linux-erofs@lists.ozlabs.org, Chao Yu <chao@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
oliver.yang@linux.alibaba.com,
Carlos Llamas <cmllamas@google.com>,
Sandeep Dhavale <dhavale@google.com>,
Christian Brauner <brauner@kernel.org>,
linux-fsdevel@vger.kernel.org,
Tatsuyuki Ishi <ishitatsuyuki@google.com>,
Matthew Wilcox <willy@infradead.org>
Subject: Re: [PATCH] erofs: use the opener's credential when verifing metadata accesses
Date: Mon, 11 May 2026 14:52:51 +0800 [thread overview]
Message-ID: <507ddec5-3a13-4df6-a6b5-732cc6b62d22@linux.alibaba.com> (raw)
In-Reply-To: <agF0wJSFRAEcRP8M@infradead.org>
On 2026/5/11 14:18, Christoph Hellwig wrote:
> On Fri, May 08, 2026 at 05:10:21PM +0800, Gao Xiang wrote:
>> On the one side, I hope if there could be some interface for
>> such temporary usage rather than just one vfs_iter_read model.
>
> As in a in-kernel mmap? While not entirely impossible, the locking
> model for that sounds horrible.
I don't think it needs a full in-kernel mmap, it just works on
some uptodate folios.
Which locking model? For page cache, it's expected that all folios
shouldn't clear uptodate randomly at any time.
At least for erofs use cases, we only care uptodate folios, no
matter if it's being invalidated/truncated or not (mapping == NULL).
Maybe it's not suitable for other stricter cases, but for immutable
fs models, that is enough and efficient.
>
>>> Now for reads it mostly works on the most common disk-based file systems,
>>> but it does create lots of problem for slightly more complex ones like
>>> network/clustered or synthetic file systems. It also really breaks
>>
>> Just out of curiousity, could you point out one specific path
>> so I can look into that.
>
> file system might require their own locking, e.g. cluster locks for
> cluster file systems, and at least in the path direct page cache access
> also caused problems with NFS data invalidation semantics. Last but not
> least ->read_folio has a file paramater that isn't really a file but a
> file system specific cookie. So calling this with something not managed
> by the file system can cause problems as has caused crashes in the past,
> although the offender at that time (the old smbfs) is now gone.
file is indeed a cookie, but I did some research on the codebase,
and I've seen no odd cases other than a real "struct file *" anymore.
I agree such usage is kind of gray area, but I've seen no risk in
practice as long as the underlay fs supports proper ->read_folio
callback (and erofs restricts that.)
>
>> But could we just fix this issue first for previous linux versions?
>
> I just pointed out another issue. You'll have to fix the credentials
> either way.
I really hope Matthew could give some opinion on this too, because
this way, the underlay cache can be directly used for temporary use,
and it should be a RO access and won't impact any fs-owned state.
Anyway, I could work out an alternative, but that makes the metadata
access less efficient.
Thanks,
Gao Xiang
next prev parent reply other threads:[~2026-05-11 6:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-05 15:56 [PATCH] erofs: use the opener's credential when verifing metadata accesses Gao Xiang
2026-05-05 20:15 ` Carlos Llamas
2026-05-07 4:28 ` [PATCH v2] erofs: use the opener's credential when verifying " Gao Xiang
2026-05-08 8:20 ` [PATCH] erofs: use the opener's credential when verifing " Christoph Hellwig
2026-05-08 8:25 ` Tatsuyuki Ishi
[not found] ` <CABqzrSOaCMPD_QrSq_y_6bXLC3ecm3FZsE_ACrdNbTHG8baMCw@mail.gmail.com>
2026-05-08 8:39 ` Gao Xiang
2026-05-08 8:51 ` Christoph Hellwig
2026-05-08 9:10 ` Gao Xiang
2026-05-11 6:18 ` Christoph Hellwig
2026-05-11 6:52 ` Gao Xiang [this message]
2026-05-11 13:51 ` Christian Brauner
2026-05-11 14:42 ` Gao Xiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=507ddec5-3a13-4df6-a6b5-732cc6b62d22@linux.alibaba.com \
--to=hsiangkao@linux.alibaba.com \
--cc=brauner@kernel.org \
--cc=chao@kernel.org \
--cc=cmllamas@google.com \
--cc=dhavale@google.com \
--cc=hch@infradead.org \
--cc=ishitatsuyuki@google.com \
--cc=linux-erofs@lists.ozlabs.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oliver.yang@linux.alibaba.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox