From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754033AbdBVHlI (ORCPT ); Wed, 22 Feb 2017 02:41:08 -0500 Received: from mail-eopbgr30112.outbound.protection.outlook.com ([40.107.3.112]:63008 "EHLO EUR03-AM5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751192AbdBVHk7 (ORCPT ); Wed, 22 Feb 2017 02:40:59 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=xemul@virtuozzo.com; Subject: Re: [PATCH] Add pidfs filesystem To: Oleg Nesterov , Alexey Gladkov References: <20170218225307.GA10345@comp-core-i7-2640m-0182e6.fortress> <20170221145746.GA31914@redhat.com> CC: Linux Kernel Mailing List , "Kirill A. Shutemov" , Vasiliy Kulikov , Al Viro , "Eric W. Biederman" From: Pavel Emelyanov Message-ID: <58AD4081.9050609@virtuozzo.com> Date: Wed, 22 Feb 2017 10:40:49 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.8.0 MIME-Version: 1.0 In-Reply-To: <20170221145746.GA31914@redhat.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [109.252.45.10] X-ClientProxiedBy: DB6PR1001CA0007.EURPRD10.PROD.OUTLOOK.COM (10.171.79.17) To HE1PR0802MB2137.eurprd08.prod.outlook.com (10.172.126.9) X-MS-Office365-Filtering-Correlation-Id: bd4d2725-a043-4ee2-6dea-08d45af622a5 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:HE1PR0802MB2137; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0802MB2137;3:P8jZadMYnOew8qCaTpnRAsIO6Bi7ddxYXJWOTDNJnKE064q0BR0Ut5df8MSZTM8wZ2xfYFq8xBSxphR+//NVc5ZZtv+QlgLm+reEh0C7VKKv7grPnwviSDrpwjZLoIjDoiG9f+GjUemCy6PsGiR0XGU58jCteUt/A/kp12cSkjSIniPPtMgu/Fm0LoHNxvJyZjdHKpVdVEMK3Qhz+kMtB+dZnyXvKOac1jlwcB5UNBlENReL02xNAXqI0nRkFEyZitTeGQqEzvNj/lEibJu15Q==;25:94CcFc6UoVUqj4RTggGFOOzVsl4HT/NMF0Gxg7E2snQsZpO1a62pnd6ly1mchtWIF7WeifkA6P3Jb2qHQs8v5jvsGeFwVUXWkzmKbc33LqsYb7j/ph+BUyjW0jxX+YnsrNRscbp5wcYlG8Tj79p4PJQcSWXprXw07aa33L8ecy06Xyl1Tko4IS3XXv1UmtDg3mg96XBHGoGOK0po2STBEUmAHem8/6xYchZxPKxisj9fPqSvQWhxUg0R7z+BVUfsolq58Iemhr1r2E5hNcTFtVaGu8iB9cLOc8n/lcsukMF2ZKbERABsjrbD4aRaJQMz3B7P2ldukupwXXanc4YyegSOxZ/NJJ2KRREzZfYd/lJv9cyzGDF2QGNt962+jbSCYvrI8qaGw3z6z6s1wLWlL+gd8I7Zu+lJ/y2Nd33AVstzteAgPZmTS8jx+2I74rwxg0SG7xT4l23FrWp6cV4AOQ== X-Microsoft-Exchange-Diagnostics: 1;HE1PR0802MB2137;31:wrt/SMOnDmTTSPjlzCz9rggP4DST15X7VgZfT0V3mHUHp9p5zb7PaxggGAfr3ZZHV3Nf6PLYz5MWg3nClfQQwxCoN89n7RvmYaYJyRbI4mZWe0Im3zoJAZIieK0qJ0VuWM6HJweYDzVjXwPY2t5w9wrgMbULneCsLd8rtYtadDrEOn5tg2MoXmfhlRRMeIAJ2Bsgut8+7uSt9x/CVRGHMsURX+8FvAMsjlMMLwHf4RpP3VtlEVhKgI4qLWWXRfz8GmYFC4ZONRoWplKZ0m56BYGnUbLx39JrHK//Txpv5ps=;20:vpWVnYsfjaPC4L1hBHtITNyXR+0IBxvfHANUegjFQFy9OJ/x+lmLtfRXkMWC3iZgEIHPktRz0ztQ/+/SN0bZ5inMe3oL5gBG0OZchDbIdYFEIEHFkw0yAzfYbl0IfqxZagh2mnDHdNVxhZjtCqV+laIkS3Rlbnkk5ILOfkor2a+7vSh5YMYOMYDRme8Vg50tLrL7Sag6B+5wz/V5IrztZ0ND87KyHo8dwmAMQuREog0gtQmI0ZW3tdVktMPXPtX1mVd3QoOT548trMzRB2YUVVR4omPGwauzno63kGJ0Rn4aiVj9TA2Epz8GGCGFevrzI+qHcehEKf2y85RL/dckWUtALOeAsq4oeSsiT1vDVkI8vJTzMsICqF932qi5PyiE0nxasa5RHXMdPBqR2Oc7BA+mk8QSVzOtFNcqZ7A0wBQ= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(278428928389397)(17755550239193); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6041248)(20161123562025)(20161123555025)(20161123564025)(20161123560025)(20161123558025)(6072148);SRVR:HE1PR0802MB2137;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0802MB2137; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0802MB2137;4:H3CRbNEQGJnDuE8L0sZELuA4H+Sdn3bir73Wyi7Oj5oe5I2IiX1w3kjqyKhR0HyqqlgZKXiTiBqbQwX9Avjz6vRE5kVd0RYNmv+OXy+iqQ4Zp7w3DPPXx++zVUdFztCWUADFvBnNYcbPKaLA7ePt7z9ZxzzFpcbdN2L9MT1CcvBFfjp4C+Evtmw4R99zdNYSm7x+c5TjyC9XPTRSB4oFPFyiXG7onLi/brGzdUJsci6EtdytXELEeDVbgTI9cd5pBkuldDwzKrU3uN7z0ec87fNz4bivSDvLsEPbX4NUylP9VeHP6GXYYm+xFIzCkVD4z8LLvdJLRIJr4lnzvcDeK+jVrW+dXdxLa4bJe9GNKgd/Ro4TixqXvIjTJkqXMAfCQEHK4vXbtDE3ve/wrmAYGPM1SipzPRg6LJAyx00DTX9yN++Nc6WeOb4zyYjnxHtpyhC9JytbvbxbB7Wxujz4VlJ3/TBiRh/VCtjvVs5arcfuTwtG2CVZCG6Yo4MjzCJvRjEWoTzczb752QzxoLrmyWQroBTTqBWVAJ9DmrX/PM2hyKotZxtFKbOgW9mXO+dQKxIjrJsf7zDUHHMC+aigueFaHmTEwagA4H9U9j5v17EopjhtOwEp4u4OnHpgM3y1P2uMCtnWLWr20sHMOX0xkXbNsnBn2xpEqarqrL8Kx/cHCblxh04RIROwZCJU0rAg X-Forefront-PRVS: 022649CC2C X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6049001)(6009001)(7916002)(39830400002)(39450400003)(39410400002)(24454002)(377454003)(199003)(189002)(4326007)(105586002)(90366009)(68736007)(97736004)(230700001)(6486002)(50986999)(54356999)(4001350100001)(2950100002)(76176999)(87266999)(2906002)(77096006)(6246003)(92566002)(59896002)(83506001)(65816999)(38730400002)(64126003)(86362001)(6666003)(117156001)(229853002)(305945005)(7736002)(36756003)(189998001)(53546006)(53936002)(106356001)(50466002)(23676002)(33656002)(54906002)(101416001)(3846002)(6116002)(66066001)(47776003)(42186005)(25786008)(8676002)(81156014)(81166006)(5660300001)(80316001)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:HE1PR0802MB2137;H:[192.168.1.67];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtIRTFQUjA4MDJNQjIxMzc7MjM6b003Yy82MkpDd2hOcDU2TXV2TE8vdlV6?= =?utf-8?B?QnR5a3dEdGFDeFBjeHF4STNhMlB1Y0N5NDFWRm9qRmhkb01pTERHVURCcXhG?= =?utf-8?B?T2N1ckNPa2o5MFNSNUpPeGtqYkExZGZoTUQ5WlAvUmZIaEVGbWJGb05LK0dC?= =?utf-8?B?MnZ2UUwrSHI5azlFWUx6SEp0YWozdWVpbnpTTWhJQkJ4Mjh0YU9jTEVlVGNh?= =?utf-8?B?QnBWbDFOdTdQY0ZDMXBhZ3BoS1JaRHB3STZlNG5GRktLUHppUmNNMXdIOXdh?= =?utf-8?B?dDVwR1NSSHU3MVBpQ1ZtTS9HVUFSb0RSejZNTDRsMEdXdkhCMnRMNWJNa3J6?= =?utf-8?B?d0ZQM24xZmU4eG8yN3JhSGhiTUlQUXdOa2xaNjNZakgvMmtTbGw3NnUwazNp?= =?utf-8?B?aENOVVNRSTFPcExMK0hqS2RySy8wbzM2KzFHREdwMUpjc2RQRHM4bVBRL0FB?= =?utf-8?B?dnA5KzE3YUg5UWM3REZpbktDdnE3SmlTeS81TzU5RnE5RE1NR1N5N05VaUhs?= =?utf-8?B?SzlQbmhSeGFPd2pVYmRSeGVDOUo2enZ1TFZHMzl1TDk1YWZJd2lzbGM4eEFw?= =?utf-8?B?QUdqWDZNYnpxQXliL2dCRytrRWdxTEtQSmRrZzhhNXVOSEN1QktCWU4reHM0?= =?utf-8?B?MFpQSi9BdERyT0J6Sm9qSWVIMm1uamlLTE83T1pGMkdsZUJ5b3kzVkJRMmNI?= =?utf-8?B?TlFlaWQ2MkU3N2FqdzBObFI3MlZrWXVFUUEyVTVSYkhraEhXL1JnRGdzNVBU?= =?utf-8?B?bFFKWnp6OVJTOHhjMTRVNS9uSHQ5ZVBsV1MwRW1rQTJVdzFOKzBhUnAzUzZK?= =?utf-8?B?UDBERWVwRTlQZWI4Vk1pdFQ2ejRuR1VPb1k5NS8yZStCbUIzN3JlbTcyVkto?= =?utf-8?B?ZTRsU3J6cmlSY09TSnY2QWJHMFMwNGJSNytaQTRFSXlGaFp6VTBTR1p5UHR0?= =?utf-8?B?bUFUVUJiTC9yTjVQYXBLellYaTVsSjZhNjBwM1JKM2hoSHVYQVBqMUVjWVM2?= =?utf-8?B?cEFOSHFYYmlKcVV6RFZBUWVySG9qQXhJQjhrb25qU3RsTFBYSVh3NXF0czIw?= =?utf-8?B?TjBpT1lIcXZOVmltVVV1dVY5ZXBGMDRUL3dWUndXdGJONFhsQlFsY2tmOGF4?= =?utf-8?B?RkV5SVA0UGlZK1FFWU4rSCtsMVRFNTdscGRGUCtzZmFMOWRFUUU0Z2YzN2Yw?= =?utf-8?B?TmVPSXpYTUV3cUtRWDJOYkR1dU5YY25sMXVRVnRVTVNBRnp6aEFiYnZZZ2xh?= =?utf-8?B?a0FoYzlaOTJkNGFBaUEzaENQUktaN0R1aFBFUFBlTEVKbGUrZ3VSU0ZMb2I0?= =?utf-8?B?cXkzNnB0aVlqd1J0U3N2MGhOZVJzSVhLcGV4ZmY4OVRnRVhITlBURVNBeCs0?= =?utf-8?B?TjhmcmcrTEJuaWNiVk1kOUg0ejFTdElpSlpUSS9LOGNMT3ZQemdDVWxNVUJw?= =?utf-8?B?MmlJMnZCdEExa2NUczhJcXZxT2licDZRWWRlWGMxcnpMWUFRODJXQmFESlEy?= =?utf-8?B?UzJWQm93cWh4ZXFlTU9FVHRxcmMyK3ExZWp6WG1Wd0RYNWxhS1NaTGFRTGVC?= =?utf-8?B?V0FkRkRJWmNLT1ZaV1lWYjlJSmZaYlo3Mlkwa1grRlQ1Y1Z0S2hLQXdUSGVs?= =?utf-8?B?c2RsREVOUDhxSHdFS3M2a09xVlFBbTlmWlRzbGtKTEZsakpyR0tkN3RtRENY?= =?utf-8?B?czd3d1c4endMRTFITFVWMGJpWGxpWFlDN2tDa2hoUjVGYWppcytZTHU3UlVs?= =?utf-8?B?QWo2cmJBT2pySkRqaklXSUswYlNSbGdyTkllRytNS1ZyQVZyeTdxK2NDQ2tk?= =?utf-8?B?OGtydXpKcXRBbU1jem9pUmMyNGpUcTl1Zi8yRVREcGxwbGJwOGdzbjVrcDlI?= =?utf-8?B?RW00dHhTNWthNklXT1A4UEtaUk12MER4ZlQ3VDJQQlJIM2tWTkdqUVQxdkQ2?= =?utf-8?B?cWNla1ZBV1JnQlNIa3ZXajJhOVFrV2pucmFOUWlXOXord053TEk1bXorbStD?= =?utf-8?Q?TfUd9k3R?= X-Microsoft-Exchange-Diagnostics: 1;HE1PR0802MB2137;6:gd+H7FhDq+bHjCMVMO08nqRDk8a310qTJAdlnmN+ZYihW6x2F4qNva5EliMWeVDwYpgIQbuPD5MsIY9O1iDkSX6IrFrFeHI2pFHh1s+eo366NT1nQOypmPskH3kty7GEuGSn2DzGuYoEUK8wOIxvRc8pVO1E9OflW6osYk+bFfUB7l9Dr49JZJNhrjZRO1KZSycHbBjh4XQgJpLCtua+khoyMDBcsVsPFECBCwqhopBhjGLh/jwpQwHxF71CFMEk8uEnlNfx6fyB7jNNhWhnOZhb+0HBbg0BKvv2uV3fWXsJvq5jYlOnW1UZ2lp8vMF3WxPR9dvDfgVpOh3D4OlmvIqwPuNSsuMPnpTMBaWV1hFSfRI/hW/QmAvhNYVAG54pfvZeod44JkNelVIuboZHbQ==;5:8ih0n0raHH42NHk47brus6lPzlvcSpsZgfCz+qBQSNrbzjxq0L9jl+3AQyX9AKKv8rJ6UPJvQyWiy5/9cVb4rSL9o/HpCSj+VCNj8xki/tRmpl+UKgFIGaheMl4Lm1v/FDjkQWqV7fFI9MCqqyvIfg==;24:Fco7XDz6xu574Lxd9LJrRaZLzdf++4PtS+FYyC/vEpZhuJMsmaS/n+OzfKFNL9s6plgxx3tQgWk0Br9yjdmvv/0R/lZfy3nhzdw5OxA4FZY= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;HE1PR0802MB2137;7:tIjqXfkCfAzGRMK9kugaQwreN212W9IdKSY/ZIuRQY1pGkUHLKvlucL4dN7zckMgqEvnWqZWO3/yHCoqDITnvYaU24ESHEPyStF2S22//Zu9fkQ6h3rxbmW6rBWNu/mM9T+VF+XQy3BZ3qezsm3pmXX9Oyow98LDYpUFM8yHKp7Luc0dAflHAU9c91QbOciLR0/HduEhxwWBi2Qutgyn2jX74bvGTi2adxK2r/763hvPNMKNLG27LLIHW7KtYAFUgou7/NoGDU5XRte0KvIRp0+YTh1B8F64lngT1Kq0uDxHRZiA/R+fL+5dRdB+a52WGLLlXPzP5qW07EgIe92fcg==;20:by7mlfgKWw/8IsiN1zQosEDgRFzOqkSuFfqumEa56Zzlo9Z0TNMHS4QRKJ8BdRyNWL4hVTnkI5fI7gttxX0WJPPhxEA1t8X2XP5F0aYcjNeIQ5TsX16eMzQzX8KKrN9Jq0WX12nkPEoLS3FwmLTUdpzoVmk+JGkFD7CByhaPp+I= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2017 07:40:53.7969 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0802MB2137 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/21/2017 05:57 PM, Oleg Nesterov wrote: > On 02/18, Alexey Gladkov wrote: >> >> This patch allows to mount only the part of /proc related to pids >> without rest objects. Since this is an addon to /proc, flags applied to >> /proc have an effect on this pidfs filesystem. > > I leave this to you and Eric, but imo it would be nice to avoid another > filesystem. > >> Why not implement it as another flag to /proc ? >> >> The /proc flags is stored in the pid_namespace and are global for >> namespace. It means that if you add a flag to hide all except the pids, >> then it will act on all mounted instances of /proc. > > But perhaps we can use mnt_flags? For example, lets abuse MNT_NODEV, see > the simple patch below. Not sure it is correct/complete, just to illustrate > the idea. > > With this patch you can mount proc with -onodev and it will only show > pids/self/thread_self: > > # mkdir /tmp/D > # mount -t proc -o nodev none /tmp/D > # ls /tmp/D > 1 11 13 15 17 19 20 22 24 28 3 31 33 4 56 7 9 thread-self > 10 12 14 16 18 2 21 23 27 29 30 32 34 5 6 8 self > # cat /tmp/D/meminfo > cat: /tmp/D/meminfo: No such file or directory > # ls /tmp/D/irq > ls: cannot open directory /tmp/D/irq: No such file or directory > > No? Yes!!! If this whole effort with pidfs and overlayfs will move forward, I would prefer seeing the nodev procfs version, rather than another fs. As far as the overlayfs part is concerned, having an overlayfs mounted on /proc inside container may result in problems as applications sometimes check for /proc containing procfs (by checking statfs.f_type == PROC_SUPER_MAGIC or by reading the /proc/mounts). -- Pavel > Oleg. > > > --- a/fs/proc/generic.c > +++ b/fs/proc/generic.c > @@ -305,11 +305,22 @@ int proc_readdir_de(struct proc_dir_entry *de, struct file *file, > > int proc_readdir(struct file *file, struct dir_context *ctx) > { > + int mnt_flags = file->f_path.mnt->mnt_flags; > struct inode *inode = file_inode(file); > > + if (mnt_flags & MNT_NODEV) > + return 1; > + > return proc_readdir_de(PDE(inode), file, ctx); > } > > +static int proc_dir_open(struct inode *inode, struct file *file) > +{ > + if (file->f_path.mnt->mnt_flags & MNT_NODEV) > + return -ENOENT; > + return 0; > +} > + > /* > * These are the generic /proc directory operations. They > * use the in-memory "struct proc_dir_entry" tree to parse > @@ -319,6 +330,7 @@ static const struct file_operations proc_dir_operations = { > .llseek = generic_file_llseek, > .read = generic_read_dir, > .iterate_shared = proc_readdir, > + .open = proc_dir_open, > }; > > /* > --- a/fs/proc/inode.c > +++ b/fs/proc/inode.c > @@ -318,12 +318,16 @@ proc_reg_get_unmapped_area(struct file *file, unsigned long orig_addr, > > static int proc_reg_open(struct inode *inode, struct file *file) > { > + int mnt_flags = file->f_path.mnt->mnt_flags; > struct proc_dir_entry *pde = PDE(inode); > int rv = 0; > int (*open)(struct inode *, struct file *); > int (*release)(struct inode *, struct file *); > struct pde_opener *pdeo; > > + if (mnt_flags & MNT_NODEV) > + return -ENOENT; > + > /* > * Ensure that > * 1) PDE's ->release hook will be called no matter what > > . >