From: Jeff Layton <jlayton@redhat.com>
To: ebiederm@xmission.com (Eric W. Biederman)
Cc: Jamie Lokier <jamie@shareable.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, adobriyan@gmail.com,
viro@ZenIV.linux.org.uk
Subject: Re: [PATCH] proc: revalidate dentry returned by proc_pid_follow_link
Date: Sun, 8 Nov 2009 20:12:37 -0500 [thread overview]
Message-ID: <20091108201237.79af5cac@tupile.poochiereds.net> (raw)
In-Reply-To: <m17hu1miea.fsf@fess.ebiederm.org>
On Sun, 08 Nov 2009 02:15:57 -0800
ebiederm@xmission.com (Eric W. Biederman) wrote:
> Jeff Layton <jlayton@redhat.com> writes:
>
> > On Fri, 6 Nov 2009 20:36:01 +0000
> > Jamie Lokier <jamie@shareable.org> wrote:
> >
> >> Jeff Layton wrote:
> >> > The problem here is that this makes that code shortcut any lookup or
> >> > revalidation of the dentry. In general, this isn't a problem -- in most
> >> > cases the dentry is known to be good. It is a problem however for NFSv4.
> >> > If this symlink is followed on an open operation no actual open call
> >> > occurs and the open state isn't properly established. This causes
> >> > problems when we later try to use this file descriptor for actual
> >> > operations.
> >>
> >> As NFS uses open() as a kind of fcntl-lock barrier, I can see it's
> >> important to do _something_ on new opens, rather than just cloning
> >> most of the file descriptor.
> >>
> >
> > I guess you mean the close-to-open cache consistency? If so, this
> > problem doesn't actually break that. The actual nfs_file_open call does
> > occur even when you're opening by following one of these symlinks. I
> > believe the cache consistency code occurs there.
> >
> > The problem here is really nfsv4 specific. There the on-the-wire open
> > call and initialization of state actually happens during d_lookup and
> > d_revalidate. Neither of these happens with these LAST_BIND symlinks so
> > we end up with a filp that has no NFSv4 state attached.
> >
> >> > This patch takes a minimalist approach to fixing this by making the
> >> > /proc/pid follow_link routine revalidate the dentry before returning it.
> >>
> >> What happens if the file descriptor you are re-opening is for a file
> >> which has been deleted. Does it still have a revalidatable dentry?
> >>
> >
> > Well, these LAST_BIND symlinks return a real dget'ed dentry today. If
> > we assume that it always returns a valid dentry (which seems to be the
> > case), then I suppose it's OK to do a d_revalidate against it.
> >
> > It's possible though that that revalidate will either fail though or
> > return that it's no good. In that case, this code just returns ESTALE
> > which should make the path walking code revalidate all the way up the
> > chain. That should (hopefully) make whatever syscall we're servicing
> > return an error.
>
> Hmm. Looking at the code I get the impression that a file bind mount
> will have exactly the same problem.
>
> Can you confirm.
>
> If file bind mounts also have this problem a bugfix to to just
> proc seems questionable.
>
I'm not sure I understand what you mean by "file bind mount". Is that
something like mounting with "-o loop" ?
I'm not at all opposed to fixing this in a more broad fashion, but as
best I can tell, the only place that LAST_BIND is used is in procfs.
--
Jeff Layton <jlayton@redhat.com>
WARNING: multiple messages have this Message-ID (diff)
From: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
Cc: Jamie Lokier <jamie-yetKDKU6eevNLxjTenLetw@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
viro-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org
Subject: Re: [PATCH] proc: revalidate dentry returned by proc_pid_follow_link
Date: Sun, 8 Nov 2009 20:12:37 -0500 [thread overview]
Message-ID: <20091108201237.79af5cac@tupile.poochiereds.net> (raw)
In-Reply-To: <m17hu1miea.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
On Sun, 08 Nov 2009 02:15:57 -0800
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) wrote:
> Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> writes:
>
> > On Fri, 6 Nov 2009 20:36:01 +0000
> > Jamie Lokier <jamie-yetKDKU6eevNLxjTenLetw@public.gmane.org> wrote:
> >
> >> Jeff Layton wrote:
> >> > The problem here is that this makes that code shortcut any lookup or
> >> > revalidation of the dentry. In general, this isn't a problem -- in most
> >> > cases the dentry is known to be good. It is a problem however for NFSv4.
> >> > If this symlink is followed on an open operation no actual open call
> >> > occurs and the open state isn't properly established. This causes
> >> > problems when we later try to use this file descriptor for actual
> >> > operations.
> >>
> >> As NFS uses open() as a kind of fcntl-lock barrier, I can see it's
> >> important to do _something_ on new opens, rather than just cloning
> >> most of the file descriptor.
> >>
> >
> > I guess you mean the close-to-open cache consistency? If so, this
> > problem doesn't actually break that. The actual nfs_file_open call does
> > occur even when you're opening by following one of these symlinks. I
> > believe the cache consistency code occurs there.
> >
> > The problem here is really nfsv4 specific. There the on-the-wire open
> > call and initialization of state actually happens during d_lookup and
> > d_revalidate. Neither of these happens with these LAST_BIND symlinks so
> > we end up with a filp that has no NFSv4 state attached.
> >
> >> > This patch takes a minimalist approach to fixing this by making the
> >> > /proc/pid follow_link routine revalidate the dentry before returning it.
> >>
> >> What happens if the file descriptor you are re-opening is for a file
> >> which has been deleted. Does it still have a revalidatable dentry?
> >>
> >
> > Well, these LAST_BIND symlinks return a real dget'ed dentry today. If
> > we assume that it always returns a valid dentry (which seems to be the
> > case), then I suppose it's OK to do a d_revalidate against it.
> >
> > It's possible though that that revalidate will either fail though or
> > return that it's no good. In that case, this code just returns ESTALE
> > which should make the path walking code revalidate all the way up the
> > chain. That should (hopefully) make whatever syscall we're servicing
> > return an error.
>
> Hmm. Looking at the code I get the impression that a file bind mount
> will have exactly the same problem.
>
> Can you confirm.
>
> If file bind mounts also have this problem a bugfix to to just
> proc seems questionable.
>
I'm not sure I understand what you mean by "file bind mount". Is that
something like mounting with "-o loop" ?
I'm not at all opposed to fixing this in a more broad fashion, but as
best I can tell, the only place that LAST_BIND is used is in procfs.
--
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Jeff Layton <jlayton@redhat.com>
To: ebiederm@xmission.com (Eric W. Biederman)
Cc: Jamie Lokier <jamie@shareable.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, adobriyan@gmail.com,
viro@ZenIV.linux.org.uk
Subject: Re: [PATCH] proc: revalidate dentry returned by proc_pid_follow_link
Date: Sun, 8 Nov 2009 20:12:37 -0500 [thread overview]
Message-ID: <20091108201237.79af5cac@tupile.poochiereds.net> (raw)
In-Reply-To: <m17hu1miea.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
On Sun, 08 Nov 2009 02:15:57 -0800
ebiederm@xmission.com (Eric W. Biederman) wrote:
> Jeff Layton <jlayton@redhat.com> writes:
>
> > On Fri, 6 Nov 2009 20:36:01 +0000
> > Jamie Lokier <jamie@shareable.org> wrote:
> >
> >> Jeff Layton wrote:
> >> > The problem here is that this makes that code shortcut any lookup or
> >> > revalidation of the dentry. In general, this isn't a problem -- in most
> >> > cases the dentry is known to be good. It is a problem however for NFSv4.
> >> > If this symlink is followed on an open operation no actual open call
> >> > occurs and the open state isn't properly established. This causes
> >> > problems when we later try to use this file descriptor for actual
> >> > operations.
> >>
> >> As NFS uses open() as a kind of fcntl-lock barrier, I can see it's
> >> important to do _something_ on new opens, rather than just cloning
> >> most of the file descriptor.
> >>
> >
> > I guess you mean the close-to-open cache consistency? If so, this
> > problem doesn't actually break that. The actual nfs_file_open call does
> > occur even when you're opening by following one of these symlinks. I
> > believe the cache consistency code occurs there.
> >
> > The problem here is really nfsv4 specific. There the on-the-wire open
> > call and initialization of state actually happens during d_lookup and
> > d_revalidate. Neither of these happens with these LAST_BIND symlinks so
> > we end up with a filp that has no NFSv4 state attached.
> >
> >> > This patch takes a minimalist approach to fixing this by making the
> >> > /proc/pid follow_link routine revalidate the dentry before returning it.
> >>
> >> What happens if the file descriptor you are re-opening is for a file
> >> which has been deleted. Does it still have a revalidatable dentry?
> >>
> >
> > Well, these LAST_BIND symlinks return a real dget'ed dentry today. If
> > we assume that it always returns a valid dentry (which seems to be the
> > case), then I suppose it's OK to do a d_revalidate against it.
> >
> > It's possible though that that revalidate will either fail though or
> > return that it's no good. In that case, this code just returns ESTALE
> > which should make the path walking code revalidate all the way up the
> > chain. That should (hopefully) make whatever syscall we're servicing
> > return an error.
>
> Hmm. Looking at the code I get the impression that a file bind mount
> will have exactly the same problem.
>
> Can you confirm.
>
> If file bind mounts also have this problem a bugfix to to just
> proc seems questionable.
>
I'm not sure I understand what you mean by "file bind mount". Is that
something like mounting with "-o loop" ?
I'm not at all opposed to fixing this in a more broad fashion, but as
best I can tell, the only place that LAST_BIND is used is in procfs.
--
Jeff Layton <jlayton@redhat.com>
next prev parent reply other threads:[~2009-11-09 1:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-06 13:19 [PATCH] proc: revalidate dentry returned by proc_pid_follow_link Jeff Layton
2009-11-06 13:19 ` Jeff Layton
2009-11-06 20:36 ` Jamie Lokier
2009-11-06 21:06 ` Jeff Layton
2009-11-06 21:06 ` Jeff Layton
2009-11-08 10:15 ` Eric W. Biederman
2009-11-09 1:12 ` Jeff Layton [this message]
2009-11-09 1:12 ` Jeff Layton
2009-11-09 1:12 ` Jeff Layton
2009-11-09 3:30 ` Eric W. Biederman
2009-11-09 3:30 ` Eric W. Biederman
2009-11-09 3:30 ` Eric W. Biederman
2009-11-09 13:11 ` Jeff Layton
2009-11-09 13:11 ` Jeff Layton
2009-11-09 13:11 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091108201237.79af5cac@tupile.poochiereds.net \
--to=jlayton@redhat.com \
--cc=adobriyan@gmail.com \
--cc=ebiederm@xmission.com \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.