From mboxrd@z Thu Jan 1 00:00:00 1970 From: Linus Torvalds Date: Wed, 04 Sep 2019 23:44:54 +0000 Subject: Re: [PATCH v12 10/12] namei: aggressively check for nd->root escape on ".." resolution Message-Id: List-Id: References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-11-cyphar@cyphar.com> <20190904214856.vnvom7h5xontvngq@yavin.dot.cyphar.com> <20592.1567636276@warthog.procyon.org.uk> <20190904232911.GN1131@ZenIV.linux.org.uk> In-Reply-To: <20190904232911.GN1131@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Al Viro Cc: linux-ia64@vger.kernel.org, Linux-sh list , Peter Zijlstra , Rasmus Villemoes , Alexei Starovoitov , Linux List Kernel Mailing , "J. Bruce Fields" , "open list:KERNEL SELFTEST FRAMEWORK" , sparclinux@vger.kernel.org, Shuah Khan , linux-arch , linux-s390 , Tycho Andersen , Aleksa Sarai , Jiri Olsa , Alexander Shishkin , Ingo Molnar , Linux ARM , linux-mips@vger.kernel.org, linux-xtensa@linux-xtensa.org, Kees Cook , Arnd Bergmann , Jann Horn On Wed, Sep 4, 2019 at 4:29 PM Al Viro wrote: > > On Wed, Sep 04, 2019 at 03:38:20PM -0700, Linus Torvalds wrote: > > On Wed, Sep 4, 2019 at 3:31 PM David Howells wrote: > > > > > > It ought to be reasonably easy to make them per-sb at least, I think. We > > > don't allow cross-super rename, right? > > > > Right now the sequence count handling very much depends on it being a > > global entity on the reader side, at least. > > > > And while the rename sequence count could (and probably should) be > > per-sb, the same is very much not true of the mount one. > > Huh? That will cost us having to have a per-superblock dentry > hash table; recall that lockless lockup can give false negatives > if something gets moved from chain to chain, and rename_lock is > first and foremost used to catch those and retry. If we split > it on per-superblock basis, we can't have dentries from different > superblocks in the same chain anymore... That's exactly the "very much depends on it being a global entity on the reader side" thing. I'm not convinced that's the _only_ way to handle things. Maybe a combination of (wild handwaving) per-hashqueue sequence count and some clever scheme for pathname handling could work. I've not personally seen a load where the global rename lock has been a problem (very few things really do a lot of renames), but system-wide locks do make me nervous. We have other (and worse) ones. tasklist_lock comes to mind. Linus From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C91D2C3A59E for ; Wed, 4 Sep 2019 23:52:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 888632168B for ; Wed, 4 Sep 2019 23:52:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567641123; bh=sLD7TWCuuTDypkRVtGgzbHmac5Y57V+ojUVVL0XIqu8=; h=References:In-Reply-To:From:Date:Subject:To:Cc:List-ID:From; b=Ah2K6r3Z9mDblj1HzmCp0RCUfQjO0vFcCp3Mg6MMMNPvFsQIxLrvEYGbQJgYQklNh bUuy4LlRoFAme0dqa5eTRhmy8ZiPGznJMCliVH6AWlBPlLOhdym2zcA2pABOBbqTJB eI7ZOaJz7+Bl5QDG4WS1syT7g8/YeEwFsX6Iv2N0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730129AbfIDXwD (ORCPT ); Wed, 4 Sep 2019 19:52:03 -0400 Received: from mail-lj1-f196.google.com ([209.85.208.196]:44963 "EHLO mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729919AbfIDXwD (ORCPT ); Wed, 4 Sep 2019 19:52:03 -0400 Received: by mail-lj1-f196.google.com with SMTP id u14so427268ljj.11 for ; Wed, 04 Sep 2019 16:52:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lkW/YWLZKFkaRlur1cRxiMMOTA0gNhHwo+TbpZCC63g=; b=Cnu5WYs/aAthmsXfnwtWzL5CNjpaY23sMnhFtcX1zve3r2rc/Ho+dRzPF32HPRMBnj gveXLtTDU7YHSGctyOcfke7l1YNaudqputmw6AJ3ZcUOsNYmqHCIu9DY9WHGlywCQ4Su iCCcCFmwH9f6fkeMSqS83pY7B6dx4aSlHZljU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lkW/YWLZKFkaRlur1cRxiMMOTA0gNhHwo+TbpZCC63g=; b=iI7xPIfAMmhWEU1LyD3gQmiGEx2uYYzp4/GMlrYJDhyd1dii2oFVlCA45L8cWUnZAK OoZKEjs/1N4XThSASu56rxggCrDl/zLCU1pLIWGszZNSGPdZ6uNA8hpqqH7Oel+xchXW ukVw1hZWOmHFcqV25Rwcjyc4mb1XSVdhRb57/r3hk+OWZ/bcRNflRMaMWrAmj/xUg00c KQAzD2VRdjyVRuAKF1ys5iW4VfO74LpGpDPsQBAJajQv8sDCj4QlXK/AYcszFtRwPN4D Yoc0pAbXUAnqXAQJEHiF8JGP9aE/2yI4rO0L4D4v96TMHd5jxqg0eKepLW1E185LOJmu /Ruw== X-Gm-Message-State: APjAAAXiKuNJyIbMh696F96BiyNu2KeRabWjw+mVV0wWC7VU3RPtRgVp Zx7JIAJQPdeDs3SiYOOg9dhpw+hstyU= X-Google-Smtp-Source: APXvYqwMOJyIgvbeqZ56IE3j62lrm9Ku2iDBt9lzzrjpuneAzwHwUsr0nUAX2so8TLmkUFaFDYX4DA== X-Received: by 2002:a2e:1b56:: with SMTP id b83mr127663ljb.107.1567641120539; Wed, 04 Sep 2019 16:52:00 -0700 (PDT) Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com. [209.85.208.180]) by smtp.gmail.com with ESMTPSA id q10sm72534lfm.11.2019.09.04.16.52.00 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Sep 2019 16:52:00 -0700 (PDT) Received: by mail-lj1-f180.google.com with SMTP id a4so449714ljk.8 for ; Wed, 04 Sep 2019 16:52:00 -0700 (PDT) X-Received: by 2002:a2e:3a0e:: with SMTP id h14mr127121lja.180.1567640710863; Wed, 04 Sep 2019 16:45:10 -0700 (PDT) MIME-Version: 1.0 References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-11-cyphar@cyphar.com> <20190904214856.vnvom7h5xontvngq@yavin.dot.cyphar.com> <20592.1567636276@warthog.procyon.org.uk> <20190904232911.GN1131@ZenIV.linux.org.uk> In-Reply-To: <20190904232911.GN1131@ZenIV.linux.org.uk> From: Linus Torvalds Date: Wed, 4 Sep 2019 16:44:54 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v12 10/12] namei: aggressively check for nd->root escape on ".." resolution To: Al Viro Cc: David Howells , Aleksa Sarai , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , Shuah Khan , Shuah Khan , Ingo Molnar , Peter Zijlstra , Christian Brauner , Jann Horn , Kees Cook , Eric Biederman , Andy Lutomirski , Andrew Morton , Alexei Starovoitov , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Rasmus Villemoes , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Aleksa Sarai , Linux Containers , alpha , Linux API , linux-arch , Linux ARM , linux-fsdevel , linux-ia64@vger.kernel.org, Linux List Kernel Mailing , "open list:KERNEL SELFTEST FRAMEWORK" , linux-m68k , linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390 , Linux-sh list , linux-xtensa@linux-xtensa.org, sparclinux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org On Wed, Sep 4, 2019 at 4:29 PM Al Viro wrote: > > On Wed, Sep 04, 2019 at 03:38:20PM -0700, Linus Torvalds wrote: > > On Wed, Sep 4, 2019 at 3:31 PM David Howells wrote: > > > > > > It ought to be reasonably easy to make them per-sb at least, I think. We > > > don't allow cross-super rename, right? > > > > Right now the sequence count handling very much depends on it being a > > global entity on the reader side, at least. > > > > And while the rename sequence count could (and probably should) be > > per-sb, the same is very much not true of the mount one. > > Huh? That will cost us having to have a per-superblock dentry > hash table; recall that lockless lockup can give false negatives > if something gets moved from chain to chain, and rename_lock is > first and foremost used to catch those and retry. If we split > it on per-superblock basis, we can't have dentries from different > superblocks in the same chain anymore... That's exactly the "very much depends on it being a global entity on the reader side" thing. I'm not convinced that's the _only_ way to handle things. Maybe a combination of (wild handwaving) per-hashqueue sequence count and some clever scheme for pathname handling could work. I've not personally seen a load where the global rename lock has been a problem (very few things really do a lot of renames), but system-wide locks do make me nervous. We have other (and worse) ones. tasklist_lock comes to mind. Linus From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: MIME-Version: 1.0 References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-11-cyphar@cyphar.com> <20190904214856.vnvom7h5xontvngq@yavin.dot.cyphar.com> <20592.1567636276@warthog.procyon.org.uk> <20190904232911.GN1131@ZenIV.linux.org.uk> In-Reply-To: <20190904232911.GN1131@ZenIV.linux.org.uk> From: Linus Torvalds Date: Wed, 4 Sep 2019 16:44:54 -0700 Message-ID: Subject: Re: [PATCH v12 10/12] namei: aggressively check for nd->root escape on ".." resolution Content-Type: text/plain; charset="UTF-8" Sender: linux-kselftest-owner@vger.kernel.org List-ID: To: Al Viro Cc: David Howells , Aleksa Sarai , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , Shuah Khan , Shuah Khan , Ingo Molnar , Peter Zijlstra , Christian Brauner , Jann Horn , Kees Cook , Eric Biederman , Andy Lutomirski , Andrew Morton , Alexei Starovoitov , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Rasmus Villemoes , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Aleksa Sarai , Linux Containers , alpha , Linux API , linux-arch , Linux ARM , linux-fsdevel , linux-ia64@vger.kernel.org, Linux List Kernel Mailing , "open list:KERNEL SELFTEST FRAMEWORK" , linux-m68k , linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390 , Linux-sh list , linux-xtensa@linux-xtensa.org, sparclinux@vger.kernel.org On Wed, Sep 4, 2019 at 4:29 PM Al Viro wrote: > > On Wed, Sep 04, 2019 at 03:38:20PM -0700, Linus Torvalds wrote: > > On Wed, Sep 4, 2019 at 3:31 PM David Howells wrote: > > > > > > It ought to be reasonably easy to make them per-sb at least, I think. We > > > don't allow cross-super rename, right? > > > > Right now the sequence count handling very much depends on it being a > > global entity on the reader side, at least. > > > > And while the rename sequence count could (and probably should) be > > per-sb, the same is very much not true of the mount one. > > Huh? That will cost us having to have a per-superblock dentry > hash table; recall that lockless lockup can give false negatives > if something gets moved from chain to chain, and rename_lock is > first and foremost used to catch those and retry. If we split > it on per-superblock basis, we can't have dentries from different > superblocks in the same chain anymore... That's exactly the "very much depends on it being a global entity on the reader side" thing. I'm not convinced that's the _only_ way to handle things. Maybe a combination of (wild handwaving) per-hashqueue sequence count and some clever scheme for pathname handling could work. I've not personally seen a load where the global rename lock has been a problem (very few things really do a lot of renames), but system-wide locks do make me nervous. We have other (and worse) ones. tasklist_lock comes to mind. Linus From mboxrd@z Thu Jan 1 00:00:00 1970 From: Linus Torvalds Subject: Re: [PATCH v12 10/12] namei: aggressively check for nd->root escape on ".." resolution Date: Wed, 4 Sep 2019 16:44:54 -0700 Message-ID: References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-11-cyphar@cyphar.com> <20190904214856.vnvom7h5xontvngq@yavin.dot.cyphar.com> <20592.1567636276@warthog.procyon.org.uk> <20190904232911.GN1131@ZenIV.linux.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20190904232911.GN1131@ZenIV.linux.org.uk> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=m.gmane.org@lists.infradead.org To: Al Viro Cc: linux-ia64@vger.kernel.org, Linux-sh list , Peter Zijlstra , Rasmus Villemoes , Alexei Starovoitov , Linux List Kernel Mailing , "J. Bruce Fields" , "open list:KERNEL SELFTEST FRAMEWORK" , sparclinux@vger.kernel.org, Shuah Khan , linux-arch , linux-s390 , Tycho Andersen , Aleksa Sarai , Jiri Olsa , Alexander Shishkin , Ingo Molnar , Linux ARM , linux-mips@vger.kernel.org, linux-xtensa@linux-xtensa.org, Kees Cook , Arnd Bergmann , Jann Horn List-Id: linux-api@vger.kernel.org On Wed, Sep 4, 2019 at 4:29 PM Al Viro wrote: > > On Wed, Sep 04, 2019 at 03:38:20PM -0700, Linus Torvalds wrote: > > On Wed, Sep 4, 2019 at 3:31 PM David Howells wrote: > > > > > > It ought to be reasonably easy to make them per-sb at least, I think. We > > > don't allow cross-super rename, right? > > > > Right now the sequence count handling very much depends on it being a > > global entity on the reader side, at least. > > > > And while the rename sequence count could (and probably should) be > > per-sb, the same is very much not true of the mount one. > > Huh? That will cost us having to have a per-superblock dentry > hash table; recall that lockless lockup can give false negatives > if something gets moved from chain to chain, and rename_lock is > first and foremost used to catch those and retry. If we split > it on per-superblock basis, we can't have dentries from different > superblocks in the same chain anymore... That's exactly the "very much depends on it being a global entity on the reader side" thing. I'm not convinced that's the _only_ way to handle things. Maybe a combination of (wild handwaving) per-hashqueue sequence count and some clever scheme for pathname handling could work. I've not personally seen a load where the global rename lock has been a problem (very few things really do a lot of renames), but system-wide locks do make me nervous. We have other (and worse) ones. tasklist_lock comes to mind. Linus From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC3BCC3A59E for ; Wed, 4 Sep 2019 23:55:06 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2DA5B21726 for ; Wed, 4 Sep 2019 23:55:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="Cnu5WYs/" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2DA5B21726 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46P1075FYszDqvV for ; Thu, 5 Sep 2019 09:55:03 +1000 (AEST) Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=linuxfoundation.org (client-ip=2a00:1450:4864:20::144; helo=mail-lf1-x144.google.com; envelope-from=torvalds@linuxfoundation.org; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="Cnu5WYs/"; dkim-atps=neutral Received: from mail-lf1-x144.google.com (mail-lf1-x144.google.com [IPv6:2a00:1450:4864:20::144]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46P0xS333xzDqsb for ; Thu, 5 Sep 2019 09:52:44 +1000 (AEST) Received: by mail-lf1-x144.google.com with SMTP id c12so415153lfh.5 for ; Wed, 04 Sep 2019 16:52:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lkW/YWLZKFkaRlur1cRxiMMOTA0gNhHwo+TbpZCC63g=; b=Cnu5WYs/aAthmsXfnwtWzL5CNjpaY23sMnhFtcX1zve3r2rc/Ho+dRzPF32HPRMBnj gveXLtTDU7YHSGctyOcfke7l1YNaudqputmw6AJ3ZcUOsNYmqHCIu9DY9WHGlywCQ4Su iCCcCFmwH9f6fkeMSqS83pY7B6dx4aSlHZljU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lkW/YWLZKFkaRlur1cRxiMMOTA0gNhHwo+TbpZCC63g=; b=pgaqV3vTkm9VNO7hyT1OYuAFGRIlKKb+7G5jWxVq1Tj3lXXsQwRKMiPsASQW4P2gw1 Q4Mc3q9U18CLvl25OZgace8hEIhkGdnr2RBvIA7nZPyJD6ZWWHthmRP1TyKIl28m2W+t WPUxx8odwpxcmXU5rt5GH58KpzJdyAFzqswcYpjFrZO+VtAOI5aRj+o9tupdZkOsEwVv ackkLxArEHmpJzTLLOX8dgtrvzFzdNwcS++bg4VTiJtWgEnqAgZ+o4Fbk5Cq6ItogEKp rFJ4IEH4B8HbUhNvML1njIwvmNVUDWR+TyYv7QfARdnQwtdRkteuVlP4YuYnZe/4lO8A +iPA== X-Gm-Message-State: APjAAAVTnKqsOV7ZuHYos6GdB1aatD7QQFAB6IEvM92mqPkMwTA9+dqt BUrs8iQ2kZqoxmb6TYeUnGhP9DRC6x4= X-Google-Smtp-Source: APXvYqykGbhgfSBXBLBH1o8i7IlE1E+8po07OnsWYKZFZOrlWA8cjXqI6ItGf9Br0dZB8bomYkgE0g== X-Received: by 2002:ac2:4853:: with SMTP id 19mr377402lfy.69.1567641160581; Wed, 04 Sep 2019 16:52:40 -0700 (PDT) Received: from mail-lj1-f173.google.com (mail-lj1-f173.google.com. [209.85.208.173]) by smtp.gmail.com with ESMTPSA id i17sm72484lfj.35.2019.09.04.16.52.40 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Sep 2019 16:52:40 -0700 (PDT) Received: by mail-lj1-f173.google.com with SMTP id e17so416411ljf.13 for ; Wed, 04 Sep 2019 16:52:40 -0700 (PDT) X-Received: by 2002:a2e:3a0e:: with SMTP id h14mr127121lja.180.1567640710863; Wed, 04 Sep 2019 16:45:10 -0700 (PDT) MIME-Version: 1.0 References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-11-cyphar@cyphar.com> <20190904214856.vnvom7h5xontvngq@yavin.dot.cyphar.com> <20592.1567636276@warthog.procyon.org.uk> <20190904232911.GN1131@ZenIV.linux.org.uk> In-Reply-To: <20190904232911.GN1131@ZenIV.linux.org.uk> From: Linus Torvalds Date: Wed, 4 Sep 2019 16:44:54 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v12 10/12] namei: aggressively check for nd->root escape on ".." resolution To: Al Viro Content-Type: text/plain; charset="UTF-8" X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-ia64@vger.kernel.org, Linux-sh list , Peter Zijlstra , Rasmus Villemoes , Alexei Starovoitov , Linux List Kernel Mailing , "J. Bruce Fields" , "open list:KERNEL SELFTEST FRAMEWORK" , sparclinux@vger.kernel.org, Shuah Khan , linux-arch , linux-s390 , Tycho Andersen , Aleksa Sarai , Jiri Olsa , Alexander Shishkin , Ingo Molnar , Linux ARM , linux-mips@vger.kernel.org, linux-xtensa@linux-xtensa.org, Kees Cook , Arnd Bergmann , Jann Horn , Aleksa Sarai , Andy Lutomirski , Shuah Khan , Namhyung Kim , David Drysdale , Christian Brauner , David Howells , linux-parisc@vger.kernel.org, linux-m68k , Linux API , Chanho Min , Jeff Layton , Oleg Nesterov , Eric Biederman , alpha , linux-fsdevel , Andrew Morton , linuxppc-dev@lists.ozlabs.org, Linux Containers Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Wed, Sep 4, 2019 at 4:29 PM Al Viro wrote: > > On Wed, Sep 04, 2019 at 03:38:20PM -0700, Linus Torvalds wrote: > > On Wed, Sep 4, 2019 at 3:31 PM David Howells wrote: > > > > > > It ought to be reasonably easy to make them per-sb at least, I think. We > > > don't allow cross-super rename, right? > > > > Right now the sequence count handling very much depends on it being a > > global entity on the reader side, at least. > > > > And while the rename sequence count could (and probably should) be > > per-sb, the same is very much not true of the mount one. > > Huh? That will cost us having to have a per-superblock dentry > hash table; recall that lockless lockup can give false negatives > if something gets moved from chain to chain, and rename_lock is > first and foremost used to catch those and retry. If we split > it on per-superblock basis, we can't have dentries from different > superblocks in the same chain anymore... That's exactly the "very much depends on it being a global entity on the reader side" thing. I'm not convinced that's the _only_ way to handle things. Maybe a combination of (wild handwaving) per-hashqueue sequence count and some clever scheme for pathname handling could work. I've not personally seen a load where the global rename lock has been a problem (very few things really do a lot of renames), but system-wide locks do make me nervous. We have other (and worse) ones. tasklist_lock comes to mind. Linus From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 927A7C3A59E for ; Wed, 4 Sep 2019 23:45:24 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 635FF2168B for ; Wed, 4 Sep 2019 23:45:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="SGCAV8yt"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="Cnu5WYs/" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 635FF2168B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=qi4H8Pxuz60Wd52zjkUl/ESwyVsWpjfb/A3mcf1Mt7c=; b=SGCAV8ytsHxkin SwefwdAjQHdd9NMb6cixuUQBVh6blpXFCQceIa/aEZOFNZMV1hE67r+vSGu6gbzh8hXWP237kqhAD Wqxn24VPhn2QCSbQKARm/uF9TMgky22Qsek+m3BW1MRERY7RkZbYg95iACgs7VyKoAas6F0E2AJAA 6fc9wTI9/Hx7rzb/O8XYuYtrwylOoGK7mKcVSwgCc0k+Pzuh/nPqCWzvGEhEvtg/0pd6dngQoLJJ5 WRuhIxezl62qf3arHvBJyOAFid6z3QM9IdiVweAkUVXn0mowPIZvH6Fpz3Sy2jpVbKJqxxZAT/kVe ilBpTe06Vk05jsY5BshA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1i5exk-0000Yv-8G; Wed, 04 Sep 2019 23:45:20 +0000 Received: from mail-lj1-x242.google.com ([2a00:1450:4864:20::242]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1i5exh-0000YY-V7 for linux-arm-kernel@lists.infradead.org; Wed, 04 Sep 2019 23:45:19 +0000 Received: by mail-lj1-x242.google.com with SMTP id x18so477532ljh.1 for ; Wed, 04 Sep 2019 16:45:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lkW/YWLZKFkaRlur1cRxiMMOTA0gNhHwo+TbpZCC63g=; b=Cnu5WYs/aAthmsXfnwtWzL5CNjpaY23sMnhFtcX1zve3r2rc/Ho+dRzPF32HPRMBnj gveXLtTDU7YHSGctyOcfke7l1YNaudqputmw6AJ3ZcUOsNYmqHCIu9DY9WHGlywCQ4Su iCCcCFmwH9f6fkeMSqS83pY7B6dx4aSlHZljU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lkW/YWLZKFkaRlur1cRxiMMOTA0gNhHwo+TbpZCC63g=; b=IwdmXG/ds0R7MWD1UL3XVBg8fC9zcMhaXfZmjcNDRXdEXOaYH8IUctqEdM6spKrXBs DlDIK2GJHRXiFJMe8IpWYH4aKSjvX/cwXGNYzuyZwmbmaCZNgwUwj6Hk9yX760fR2VuM lTdiusBC/dxxQ6pQzc5W1wifuGZw6bTjmrbDZ72k8iKOOrlwMjIY+LGX5S9YUwAyzfFq iWC7z+xjfe0YrxfByaAsE6xeh1/E0onI2sYe0Ab/7l+rXzxsgXBp3Sn07PGnM7PuVj9C MM37V0xi00jxRNIUaguVL6jVMkbOTinfNIxdlHvCgQUYptTpgQwEyLXpvR0FxiB3Cs+3 4E2Q== X-Gm-Message-State: APjAAAUbp7XbL6B6VOUwaaLUj9A5au3FP3lU9k4iAMSQvcSfxJ93JaDc eaWO/V2s3YnxBOMmGWl/UmlF1lHaWz8= X-Google-Smtp-Source: APXvYqwkBN/ZuKO4euHHtWVw237FEe67JWtP0s9JYTKm6yzmg8LK8a7nFVZetBo2NELrhD0aEjDtbw== X-Received: by 2002:a2e:1614:: with SMTP id w20mr110582ljd.159.1567640714956; Wed, 04 Sep 2019 16:45:14 -0700 (PDT) Received: from mail-lj1-f172.google.com (mail-lj1-f172.google.com. [209.85.208.172]) by smtp.gmail.com with ESMTPSA id t24sm70564lfq.13.2019.09.04.16.45.12 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Sep 2019 16:45:14 -0700 (PDT) Received: by mail-lj1-f172.google.com with SMTP id e17so404678ljf.13 for ; Wed, 04 Sep 2019 16:45:12 -0700 (PDT) X-Received: by 2002:a2e:3a0e:: with SMTP id h14mr127121lja.180.1567640710863; Wed, 04 Sep 2019 16:45:10 -0700 (PDT) MIME-Version: 1.0 References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-11-cyphar@cyphar.com> <20190904214856.vnvom7h5xontvngq@yavin.dot.cyphar.com> <20592.1567636276@warthog.procyon.org.uk> <20190904232911.GN1131@ZenIV.linux.org.uk> In-Reply-To: <20190904232911.GN1131@ZenIV.linux.org.uk> From: Linus Torvalds Date: Wed, 4 Sep 2019 16:44:54 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v12 10/12] namei: aggressively check for nd->root escape on ".." resolution To: Al Viro X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190904_164518_027130_83518200 X-CRM114-Status: GOOD ( 15.94 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-ia64@vger.kernel.org, Linux-sh list , Peter Zijlstra , Rasmus Villemoes , Alexei Starovoitov , Linux List Kernel Mailing , "J. Bruce Fields" , "open list:KERNEL SELFTEST FRAMEWORK" , sparclinux@vger.kernel.org, Shuah Khan , linux-arch , linux-s390 , Tycho Andersen , Aleksa Sarai , Jiri Olsa , Alexander Shishkin , Ingo Molnar , Linux ARM , linux-mips@vger.kernel.org, linux-xtensa@linux-xtensa.org, Kees Cook , Arnd Bergmann , Jann Horn , Aleksa Sarai , Andy Lutomirski , Shuah Khan , Namhyung Kim , David Drysdale , Christian Brauner , David Howells , linux-parisc@vger.kernel.org, linux-m68k , Linux API , Chanho Min , Jeff Layton , Oleg Nesterov , Eric Biederman , alpha , linux-fsdevel , Andrew Morton , linuxppc-dev@lists.ozlabs.org, Linux Containers Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, Sep 4, 2019 at 4:29 PM Al Viro wrote: > > On Wed, Sep 04, 2019 at 03:38:20PM -0700, Linus Torvalds wrote: > > On Wed, Sep 4, 2019 at 3:31 PM David Howells wrote: > > > > > > It ought to be reasonably easy to make them per-sb at least, I think. We > > > don't allow cross-super rename, right? > > > > Right now the sequence count handling very much depends on it being a > > global entity on the reader side, at least. > > > > And while the rename sequence count could (and probably should) be > > per-sb, the same is very much not true of the mount one. > > Huh? That will cost us having to have a per-superblock dentry > hash table; recall that lockless lockup can give false negatives > if something gets moved from chain to chain, and rename_lock is > first and foremost used to catch those and retry. If we split > it on per-superblock basis, we can't have dentries from different > superblocks in the same chain anymore... That's exactly the "very much depends on it being a global entity on the reader side" thing. I'm not convinced that's the _only_ way to handle things. Maybe a combination of (wild handwaving) per-hashqueue sequence count and some clever scheme for pathname handling could work. I've not personally seen a load where the global rename lock has been a problem (very few things really do a lot of renames), but system-wide locks do make me nervous. We have other (and worse) ones. tasklist_lock comes to mind. Linus _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel