From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
To: David Howells <dhowells@redhat.com>, viro@zeniv.linux.org.uk
Cc: linux-fsdevel@vger.kernel.org, torvalds@linux-foundation.org,
ebiederm@xmission.com, linux-security-module@vger.kernel.org
Subject: Re: [PATCH 03/10] teach move_mount(2) to work with OPEN_TREE_CLONE
Date: Tue, 26 Feb 2019 17:45:59 +0000 [thread overview]
Message-ID: <df9dd587-8d13-50d4-37ba-e7db47b1229c@gmail.com> (raw)
In-Reply-To: <155059612649.17079.7287713053194562461.stgit@warthog.procyon.org.uk>
On 19/02/2019 17:08, David Howells wrote:
> Allow a detached tree created by open_tree(..., OPEN_TREE_CLONE) to be
> attached by move_mount(2).
>
> If by the time of final fput() of OPEN_TREE_CLONE-opened file its tree is
> not detached anymore, it won't be dissolved. move_mount(2) is adjusted
> to handle detached source.
>
> That gives us equivalents of mount --bind and mount --rbind.
This is a bit ambiguous. The two cases can be understood by analogy to
bind / rbind. But it is also seems natural, to think it could be used
to implement the exact same thing as current `mount --bind` /
`--rbind`. I think it *does* now provide a full equivalence, right?
I was thinking about the case where mount propagation is enabled on the
source tree, i.e. it is not a private mount. Suppose a new mount is
added inside the source tree, between open_tree() and move_mount().
In the previous version of the patch series, Eric suggested there was a
NULL dereference in this scenario.[1] This version should be safe. I
think the new mount will be propagated to the cloned tree. Furthermore -
due to the way this version uses a temporary mount namespace - the
propagated version of the mount will not be locked by
attach_recursive_mnt().
[1] https://lore.kernel.org/lkml/87bm7n5k1r.fsf@xmission.com/
It looks very neat now, with the use of the temporary namespaces.
Congratulations :-). I have finished looking through these patches 1-3 now.
> Thanks also to Alan Jenkins<alan.christopher.jenkins@gmail.com> for
> providing a whole bunch of ways to break things using this interface.
>
> Signed-off-by: Al Viro<viro@zeniv.linux.org.uk>
> Signed-off-by: David Howells<dhowells@redhat.com>
> Signed-off-by: Al Viro<viro@zeniv.linux.org.uk>
>
P.S. I guess Al does not need two Signed-off-by lines here.
Thanks
Alan
next prev parent reply other threads:[~2019-02-26 17:46 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-19 17:08 [PATCH 00/10] VFS: Provide new mount UAPI David Howells
2019-02-19 17:08 ` [PATCH 01/10] vfs: syscall: Add open_tree(2) to reference or clone a mount David Howells
2019-02-19 17:08 ` [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around David Howells
2019-02-20 12:32 ` Alan Jenkins
2019-02-20 12:41 ` Alan Jenkins
2019-02-20 16:23 ` Jann Horn
2019-07-08 12:02 ` Tetsuo Handa
2019-07-08 13:18 ` Al Viro
2019-07-08 17:12 ` Eric W. Biederman
2019-07-08 18:01 ` Al Viro
2019-07-08 18:13 ` Al Viro
2019-07-08 20:21 ` Al Viro
2019-07-09 0:13 ` Eric W. Biederman
2019-07-09 10:51 ` Tetsuo Handa
2019-07-22 10:12 ` Tetsuo Handa
2019-07-23 4:16 ` John Johansen
2019-07-23 13:45 ` Tetsuo Handa
2019-08-06 10:43 ` Tetsuo Handa
2019-08-09 15:44 ` [PATCH] LSM: Disable move_mount() syscall when TOMOYO or AppArmor is enabled Tetsuo Handa
2019-08-22 3:51 ` [RFC][PATCH] fix d_absolute_path() interplay with fsmount() Al Viro
2019-08-30 10:11 ` Tetsuo Handa
2019-07-23 21:45 ` [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around James Morris
2019-07-23 23:30 ` Al Viro
2019-02-19 17:08 ` [PATCH 03/10] teach move_mount(2) to work with OPEN_TREE_CLONE David Howells
2019-02-20 18:59 ` Alan Jenkins
2019-02-26 17:45 ` Alan Jenkins [this message]
2019-02-19 17:08 ` [PATCH 04/10] Make anon_inodes unconditional David Howells
2019-02-19 17:09 ` [PATCH 05/10] vfs: syscall: Add fsopen() to prepare for superblock creation David Howells
2019-02-19 17:09 ` [PATCH 06/10] vfs: Implement logging through fs_context David Howells
2019-02-19 17:09 ` [PATCH 07/10] vfs: syscall: Add fsconfig() for configuring and managing a context David Howells
2019-02-19 17:09 ` [PATCH 08/10] vfs: syscall: Add fsmount() to create a mount for a superblock David Howells
2019-02-19 17:09 ` [PATCH 09/10] vfs: syscall: Add fspick() to select a superblock for reconfiguration David Howells
2019-02-19 17:09 ` [PATCH 10/10] vfs: Add a sample program for the new mount API David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=df9dd587-8d13-50d4-37ba-e7db47b1229c@gmail.com \
--to=alan.christopher.jenkins@gmail.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).