From: Al Viro <viro@ZenIV.linux.org.uk>
To: Miklos Szeredi <mszeredi@redhat.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: vfs / overlayfs conflict resolution for linux-next
Date: Wed, 18 Jul 2018 13:43:40 +0100 [thread overview]
Message-ID: <20180718124340.GS30522@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CAOssrKdqnsPSipweUCers6d2AgJX2aVGQUs1pd7cB79GoSJH1Q@mail.gmail.com>
On Wed, Jul 18, 2018 at 02:10:32PM +0200, Miklos Szeredi wrote:
> On Wed, Jul 18, 2018 at 9:25 AM, Miklos Szeredi <mszeredi@redhat.com> wrote:
> > On Wed, Jul 18, 2018 at 5:29 AM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> >> Hi Al,
> >>
> >> On Wed, 18 Jul 2018 03:56:37 +0100 Al Viro <viro@ZenIV.linux.org.uk> wrote:
> >>>
> >>> ... and now it even builds. Said that, I would really like to hear something
> >>> from you - I can duplicate the entire overlayfs-next and merge it into
> >>> my #for-next and ask Steven to use that instead of your tree, but I very
> >>> much dislike going over your head like that.
> >>>
> >>> I realize that you'd been away for a while and probably are digging yourself
> >>> from under the piles of mail, but it's getting late in the cycle and I want
> >>> to get #for-next into reasonably sane shape. Please, look through that
> >>> thing and respond.
>
> In "ovl: stack file ops" this:
>
> AV: make it use open_with_fake_path(), don't mess with override_creds
>
> Maybe it's the way to go, but looks broken as is; e.g. NFS does call
> current_creds() from its open method to get the credentials to work
> with.
It *is* broken. For now leave override_creds() as in your variant, but
we really want to deal with that crap eventually.
> Okay, so ->open() is a file op, and file ops should use file->f_cred,
> but how are we going to enforce this?
I'd say we cut down on the use of current_cred() when deep in call chain...
next prev parent reply other threads:[~2018-07-18 13:21 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20180710101736.32d6cc6c@canb.auug.org.au>
[not found] ` <20180710150455.GK30522@ZenIV.linux.org.uk>
2018-07-11 2:11 ` linux-next: manual merge of the vfs tree with the overlayfs tree Al Viro
2018-07-11 2:21 ` [RFC][PATCH 01/42] drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 02/42] cxl_getfile(): fix double-iput() on alloc_file() failures Al Viro
2018-07-11 2:21 ` [RFC][PATCH 03/42] ocxlflash_getfile(): " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 04/42] make get_empty_filp() to call file_free_rcu() directly Al Viro
2018-07-11 2:35 ` Linus Torvalds
2018-07-11 2:43 ` Al Viro
2018-07-11 2:21 ` [RFC][PATCH 05/42] fold security_file_free() into file_free() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 06/42] turn filp_clone_open() into inline wrapper for dentry_open() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 07/42] create_pipe_files(): use fput() if allocation of the second file fails Al Viro
2018-07-11 2:21 ` [RFC][PATCH 08/42] make sure do_dentry_open() won't return positive as an error Al Viro
2018-07-11 2:39 ` Linus Torvalds
2018-07-11 2:41 ` Al Viro
2018-07-11 2:21 ` [RFC][PATCH 09/42] pass creds to get_empty_filp(), make sure dentry_open() passes the right creds Al Viro
2018-07-11 2:21 ` [RFC][PATCH 10/42] get rid of cred argument of vfs_open() and do_dentry_open() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 11/42] security_file_open(): lose cred argument Al Viro
2018-07-11 2:21 ` [RFC][PATCH 12/42] ->file_open(): " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 13/42] introduce FMODE_OPENED Al Viro
2018-07-11 2:21 ` [RFC][PATCH 14/42] fold put_filp() into fput() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 15/42] lift fput() on late failures into path_openat() Al Viro
2018-07-11 5:43 ` Amir Goldstein
2018-07-11 2:21 ` [RFC][PATCH 16/42] now we can fold open_check_o_direct() into do_dentry_open() Al Viro
2018-07-11 2:44 ` Linus Torvalds
2018-07-11 2:59 ` Al Viro
2018-07-11 3:13 ` Linus Torvalds
2018-07-11 2:21 ` [RFC][PATCH 17/42] switch all remaining checks for FILE_OPENED to FMODE_OPENED Al Viro
2018-07-11 2:21 ` [RFC][PATCH 18/42] introduce FMODE_CREATED and switch to it Al Viro
2018-07-11 2:21 ` [RFC][PATCH 19/42] IMA: don't propagate opened through the entire thing Al Viro
2018-07-11 2:21 ` [RFC][PATCH 20/42] getting rid of 'opened' argument of ->atomic_open() - step 1 Al Viro
2018-07-11 2:21 ` [RFC][PATCH 21/42] getting rid of 'opened' argument of ->atomic_open() - part 2 Al Viro
2018-07-11 2:21 ` [RFC][PATCH 22/42] get rid of 'opened' argument of ->atomic_open() - part 3 Al Viro
2018-07-11 2:21 ` [RFC][PATCH 23/42] get rid of 'opened' in path_openat() and the helpers downstream Al Viro
2018-07-11 2:21 ` [RFC][PATCH 24/42] ->atomic_open(): return 0 in all success cases Al Viro
2018-07-11 2:21 ` [RFC][PATCH 25/42] document ->atomic_open() changes Al Viro
2018-07-11 2:21 ` [RFC][PATCH 26/42] switch atomic_open() and lookup_open() to returning 0 in all success cases Al Viro
2018-07-11 2:21 ` [RFC][PATCH 27/42] kill FILE_{CREATED,OPENED} Al Viro
2018-07-11 2:21 ` [RFC][PATCH 28/42] new wrapper: alloc_file_pseudo() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 29/42] __shmem_file_setup(): reorder allocations Al Viro
2018-07-11 2:21 ` [RFC][PATCH 30/42] ... and switch shmem_file_setup() to alloc_file_pseudo() Al Viro
2018-07-11 2:21 ` [RFC][PATCH 31/42] cxl_getfile(): switch " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 32/42] ocxlflash_getfile(): " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 33/42] hugetlb_file_setup(): " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 34/42] anon_inode_getfile(): " Al Viro
2018-07-11 2:21 ` [RFC][PATCH 35/42] create_pipe_files(): switch the first allocation " Al Viro
2018-07-11 2:22 ` [RFC][PATCH 36/42] new helper: alloc_file_clone() Al Viro
2018-07-11 2:22 ` [RFC][PATCH 37/42] do_shmat(): grab shp->shm_file earlier, switch to alloc_file_clone() Al Viro
2018-07-11 2:22 ` [RFC][PATCH 38/42] make alloc_file() static Al Viro
2018-07-11 2:22 ` [RFC][PATCH 39/42] document alloc_file() changes Al Viro
2018-07-11 2:22 ` [RFC][PATCH 40/42] make path_init() unconditionally paired with terminate_walk() Al Viro
2018-07-11 2:22 ` [RFC][PATCH 41/42] allow link_path_walk() to take ERR_PTR() Al Viro
2018-07-11 2:22 ` [RFC][PATCH 42/42] few more cleanups of link_path_walk() callers Al Viro
2018-07-11 2:56 ` [RFC][PATCH 01/42] drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open() Linus Torvalds
2018-07-11 15:25 ` Al Viro
2018-07-11 16:15 ` Al Viro
2018-07-12 12:43 ` Al Viro
2018-07-12 15:05 ` Linus Torvalds
2018-07-12 15:53 ` vfs / overlayfs conflict resolution for linux-next Al Viro
2018-07-18 2:56 ` Al Viro
2018-07-18 3:29 ` Stephen Rothwell
2018-07-18 7:25 ` Miklos Szeredi
2018-07-18 12:10 ` Miklos Szeredi
2018-07-18 12:43 ` Al Viro [this message]
2018-07-18 13:46 ` Al Viro
2018-07-18 15:46 ` Miklos Szeredi
2018-07-18 18:12 ` [RFC] call_with_creds() Al Viro
2018-07-18 18:19 ` Linus Torvalds
2018-07-18 19:46 ` Al Viro
2018-07-18 19:53 ` Linus Torvalds
2018-07-18 20:04 ` Al Viro
2018-07-18 20:15 ` Al Viro
2018-07-18 20:43 ` Linus Torvalds
2018-07-18 21:22 ` Al Viro
2018-07-18 23:06 ` Linus Torvalds
2018-07-18 21:27 ` David Howells
2018-07-18 23:16 ` Linus Torvalds
2018-07-18 21:28 ` David Howells
2018-07-18 23:13 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180718124340.GS30522@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=sfr@canb.auug.org.au \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).