From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B4C1C433E2 for ; Sat, 29 Aug 2020 18:22:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ED4D520757 for ; Sat, 29 Aug 2020 18:22:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=crudebyte.com header.i=@crudebyte.com header.b="C7Fekp7A" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728461AbgH2SW3 (ORCPT ); Sat, 29 Aug 2020 14:22:29 -0400 Received: from lizzy.crudebyte.com ([91.194.90.13]:60337 "EHLO lizzy.crudebyte.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728265AbgH2SWW (ORCPT ); Sat, 29 Aug 2020 14:22:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=lizzy; h=Content-Type:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Content-ID:Content-Description; bh=RBT0jy45C4CxuJ7VmhILa98UnWCiZPik8JEnoIEEsgo=; b=C7Fekp7AnpK49B/XSKUPK9lQMn TalJ2kBqXqtGh9uAhv1iyaQkp6BM0WV5p545nJZDLqxfBZY5eFUWYkrW88jCJMtu2knjeZ+h5K6oN XREH9zh1Ux15+lmRLsFzxOuO0f9EkfSi3GUut3eRlg39h81/FGf5fTAoD3++rbjjz1cMoN8BfMWNw GYrmdVpTTAYmB4L1/IjxSwh87Fr8DZqFh6iZ3nXxqFi4KP06ksqC+OIEix/nlUlStIxlT4WcHJB9f jcgrX8A24q8ut6PQa4u6dx3mHfCsag0jQVoO1coHpiOKibpjcu1vkLwMyqP9/x7mjfSr3DHyL0Fyy lYZfGWhQ==; From: Christian Schoenebeck To: Al Viro , Dave Chinner Cc: Miklos Szeredi , "Dr. David Alan Gilbert" , Greg Kurz , linux-fsdevel@vger.kernel.org, Stefan Hajnoczi , Miklos Szeredi , Vivek Goyal , Giuseppe Scrivano , Daniel J Walsh , Chirantan Ekbote Subject: Re: xattr names for unprivileged stacking? Date: Sat, 29 Aug 2020 20:22:09 +0200 Message-ID: <2468509.22xg9qcgnq@silver> In-Reply-To: <20200829180448.GQ1236603@ZenIV.linux.org.uk> References: <20200812143323.GF2810@work-vm> <20200829180448.GQ1236603@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Samstag, 29. August 2020 20:04:48 CEST Al Viro wrote: > On Sat, Aug 29, 2020 at 07:51:47PM +0200, Miklos Szeredi wrote: > > On Sat, Aug 29, 2020 at 6:14 PM Al Viro wrote: > > > On Sat, Aug 29, 2020 at 05:07:17PM +0100, Matthew Wilcox wrote: > > > > > The fact that ADS inodes would not be in the dentry cache and hence > > > > > not visible to pathwalks at all then means that all of the issues > > > > > such as mounting over them, chroot, etc don't exist in the first > > > > > place... > > > > > > > > Wait, you've now switched from "this is dentry cache infrastructure" > > > > to "it should not be in the dentry cache". So I don't understand what > > > > you're arguing for. > > > > > > Bloody wonderful, that. So now we have struct file instances with no > > > dentry associated with them? Which would have to be taken into account > > > all over the place... > > > > It could have a temporary dentry allocated for the lifetime of the > > file and dropped on last dput. I.e. there's a dentry, but no cache. > > Yeah, yeah, d_path() issues, however that one will have to be special > > cased anyway. > > d_path() is the least of the problems, actually. Directory tree structure > on those, OTOH, is a serious problem. If you want to have getdents(2) on > that shite, you want an opened descriptor that looks like a directory. And > _that_ opens a large can of worms. Because now you have fchdir(2) to cope > with, lookups going through /proc/self/fd//..., etc., etc. > > Al, fully expecting "we'll special-case our way out of everything - how hard > could that be?" in response... Independent of what and how all this is presented to user space, I think all this will only ever land if it does not deviate too much from the existing unified VFS model. The most relevant change that I see is that (probably similar to Miklos) that a user visible file(/dir) kernel internally links a dedicated directory which contains the streams, but as far as the kernel is concerned, that's a directory, streams are files, they are still inodes, and they are still part of the dentry cache, etc. Starting to handle ADS streams as some completely separate new thing in the model will most certainly just end up with much more code and problems than adding filters here and there for making certain things inaccessible from user space (e.g. prohibiting chdir() into that special directory, prevent mounting things onto ADS files, ot whatever other presentation measures might be desired for security reasons). And no: stat(mainfile) must still return the block count of the main stream only, not any aggregated data, otherwise it will break user space. Thinks like 'du' must explicitly be made ADS aware instead. Best regards, Christian Schoenebeck