From: Al Viro <viro@ZenIV.linux.org.uk>
To: linux-fsdevel@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org, Aleksa Sarai <cyphar@cyphar.com>,
David Howells <dhowells@redhat.com>,
Eric Biederman <ebiederm@xmission.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
Al Viro <viro@zeniv.linux.org.uk>
Subject: [PATCH 9/9] new helper: traverse_mounts()
Date: Sun, 19 Jan 2020 03:17:38 +0000 [thread overview]
Message-ID: <20200119031738.2681033-26-viro@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20200119031738.2681033-1-viro@ZenIV.linux.org.uk>
From: Al Viro <viro@zeniv.linux.org.uk>
common guts of follow_down() and follow_managed() taken to a new
helper - traverse_mounts(). The remnants of follow_managed()
are folded into its sole remaining caller (handle_mounts()).
Calling conventions of handle_mounts() slightly sanitized -
instead of the weird "1 for success, -E... for failure" that used
to be imposed by the calling conventions of walk_component() et.al.
we can use the normal "0 for success, -E... for failure".
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/namei.c | 177 ++++++++++++++++++++++-------------------------------
1 file changed, 72 insertions(+), 105 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 310c5ccddf42..d3172e2c7f7f 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1167,91 +1167,79 @@ static int follow_automount(struct path *path, int *count, unsigned lookup_flags
}
/*
- * Handle a dentry that is managed in some way.
- * - Flagged for transit management (autofs)
- * - Flagged as mountpoint
- * - Flagged as automount point
- *
- * This may only be called in refwalk mode.
- * On success path->dentry is known positive.
- *
- * Serialization is taken care of in namespace.c
+ * mount traversal - out-of-line part. One note on ->d_flags accesses -
+ * dentries are pinned but not locked here, so negative dentry can go
+ * positive right under us. Use of smp_load_acquire() provides a barrier
+ * sufficient for ->d_inode and ->d_flags consistency.
*/
-static int follow_managed(struct path *path, struct nameidata *nd)
+static int __traverse_mounts(struct path *path, unsigned flags, bool *jumped,
+ int *count, unsigned lookup_flags)
{
- struct vfsmount *mnt = path->mnt; /* held by caller, must be left alone */
- unsigned flags;
+ struct vfsmount *mnt = path->mnt;
bool need_mntput = false;
int ret = 0;
- /* Given that we're not holding a lock here, we retain the value in a
- * local variable for each dentry as we look at it so that we don't see
- * the components of that value change under us */
- while (flags = smp_load_acquire(&path->dentry->d_flags),
- unlikely(flags & DCACHE_MANAGED_DENTRY)) {
+ while (flags & DCACHE_MANAGED_DENTRY) {
/* Allow the filesystem to manage the transit without i_mutex
* being held. */
if (flags & DCACHE_MANAGE_TRANSIT) {
- BUG_ON(!path->dentry->d_op);
- BUG_ON(!path->dentry->d_op->d_manage);
ret = path->dentry->d_op->d_manage(path, false);
flags = smp_load_acquire(&path->dentry->d_flags);
if (ret < 0)
break;
}
- /* Transit to a mounted filesystem. */
- if (flags & DCACHE_MOUNTED) {
+ if (flags & DCACHE_MOUNTED) { // something's mounted on it..
struct vfsmount *mounted = lookup_mnt(path);
- if (mounted) {
+ if (mounted) { // ... in our namespace
dput(path->dentry);
if (need_mntput)
mntput(path->mnt);
path->mnt = mounted;
path->dentry = dget(mounted->mnt_root);
+ // here we know it's positive
+ flags = path->dentry->d_flags;
need_mntput = true;
continue;
}
-
- /* Something is mounted on this dentry in another
- * namespace and/or whatever was mounted there in this
- * namespace got unmounted before lookup_mnt() could
- * get it */
}
- /* Handle an automount point */
- if (flags & DCACHE_NEED_AUTOMOUNT) {
- ret = follow_automount(path, &nd->total_link_count,
- nd->flags);
- if (ret < 0)
- break;
- continue;
- }
+ if (!(flags & DCACHE_NEED_AUTOMOUNT))
+ break;
- /* We didn't change the current path point */
- break;
+ // uncovered automount point
+ ret = follow_automount(path, count, lookup_flags);
+ flags = smp_load_acquire(&path->dentry->d_flags);
+ if (ret < 0)
+ break;
}
- if (need_mntput) {
- if (path->mnt == mnt)
- mntput(path->mnt);
- if (unlikely(nd->flags & LOOKUP_NO_XDEV))
- ret = -EXDEV;
- else
- nd->flags |= LOOKUP_JUMPED;
- }
- if (ret == -EISDIR || !ret)
- ret = 1;
- if (ret > 0 && unlikely(d_flags_negative(flags)))
+ if (ret == -EISDIR)
+ ret = 0;
+ // possible if you race with several mount --move
+ if (need_mntput && path->mnt == mnt)
+ mntput(path->mnt);
+ if (!ret && unlikely(d_flags_negative(flags)))
ret = -ENOENT;
- if (unlikely(ret < 0)) {
- dput(path->dentry);
- if (path->mnt != nd->path.mnt)
- mntput(path->mnt);
- }
+ *jumped = need_mntput;
return ret;
}
+static inline int traverse_mounts(struct path *path, bool *jumped,
+ int *count, unsigned lookup_flags)
+{
+ unsigned flags = smp_load_acquire(&path->dentry->d_flags);
+
+ /* fastpath */
+ if (likely(!(flags & DCACHE_MANAGED_DENTRY))) {
+ *jumped = false;
+ if (unlikely(d_flags_negative(flags)))
+ return -ENOENT;
+ return 0;
+ }
+ return __traverse_mounts(path, flags, jumped, count, lookup_flags);
+}
+
int follow_down_one(struct path *path)
{
struct vfsmount *mounted;
@@ -1268,6 +1256,23 @@ int follow_down_one(struct path *path)
}
EXPORT_SYMBOL(follow_down_one);
+/*
+ * Follow down to the covering mount currently visible to userspace. At each
+ * point, the filesystem owning that dentry may be queried as to whether the
+ * caller is permitted to proceed or not.
+ */
+int follow_down(struct path *path)
+{
+ struct vfsmount *mnt = path->mnt;
+ bool jumped;
+ int ret = traverse_mounts(path, &jumped, NULL, 0);
+
+ if (path->mnt != mnt)
+ mntput(mnt);
+ return ret;
+}
+EXPORT_SYMBOL(follow_down);
+
/*
* Try to skip to top of mountpoint pile in rcuwalk mode. Fail if
* we meet a managed dentry that would need blocking.
@@ -1324,6 +1329,7 @@ static inline int handle_mounts(struct nameidata *nd, struct dentry *dentry,
struct path *path, struct inode **inode,
unsigned int *seqp)
{
+ bool jumped;
int ret;
path->mnt = nd->path.mnt;
@@ -1333,15 +1339,25 @@ static inline int handle_mounts(struct nameidata *nd, struct dentry *dentry,
if (unlikely(!*inode))
return -ENOENT;
if (likely(__follow_mount_rcu(nd, path, inode, seqp)))
- return 1;
+ return 0;
if (unlazy_child(nd, dentry, seq))
return -ECHILD;
// *path might've been clobbered by __follow_mount_rcu()
path->mnt = nd->path.mnt;
path->dentry = dentry;
}
- ret = follow_managed(path, nd);
- if (likely(ret >= 0)) {
+ ret = traverse_mounts(path, &jumped, &nd->total_link_count, nd->flags);
+ if (jumped) {
+ if (unlikely(nd->flags & LOOKUP_NO_XDEV))
+ ret = -EXDEV;
+ else
+ nd->flags |= LOOKUP_JUMPED;
+ }
+ if (unlikely(ret)) {
+ dput(path->dentry);
+ if (path->mnt != nd->path.mnt)
+ mntput(path->mnt);
+ } else {
*inode = d_backing_inode(path->dentry);
*seqp = 0; /* out of RCU mode, so the value doesn't matter */
}
@@ -1409,55 +1425,6 @@ static int follow_dotdot_rcu(struct nameidata *nd)
return 0;
}
-/*
- * Follow down to the covering mount currently visible to userspace. At each
- * point, the filesystem owning that dentry may be queried as to whether the
- * caller is permitted to proceed or not.
- */
-int follow_down(struct path *path)
-{
- unsigned managed;
- int ret;
-
- while (managed = READ_ONCE(path->dentry->d_flags),
- unlikely(managed & DCACHE_MANAGED_DENTRY)) {
- /* Allow the filesystem to manage the transit without i_mutex
- * being held.
- *
- * We indicate to the filesystem if someone is trying to mount
- * something here. This gives autofs the chance to deny anyone
- * other than its daemon the right to mount on its
- * superstructure.
- *
- * The filesystem may sleep at this point.
- */
- if (managed & DCACHE_MANAGE_TRANSIT) {
- BUG_ON(!path->dentry->d_op);
- BUG_ON(!path->dentry->d_op->d_manage);
- ret = path->dentry->d_op->d_manage(path, false);
- if (ret < 0)
- return ret == -EISDIR ? 0 : ret;
- }
-
- /* Transit to a mounted filesystem. */
- if (managed & DCACHE_MOUNTED) {
- struct vfsmount *mounted = lookup_mnt(path);
- if (!mounted)
- break;
- dput(path->dentry);
- mntput(path->mnt);
- path->mnt = mounted;
- path->dentry = dget(mounted->mnt_root);
- continue;
- }
-
- /* Don't handle automount points here */
- break;
- }
- return 0;
-}
-EXPORT_SYMBOL(follow_down);
-
/*
* Skip to top of mountpoint pile in refwalk mode for follow_dotdot()
*/
--
2.20.1
next prev parent reply other threads:[~2020-01-19 3:26 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-30 5:20 [PATCH RFC 0/1] mount: universally disallow mounting over symlinks Aleksa Sarai
2019-12-30 5:20 ` [PATCH RFC 1/1] " Aleksa Sarai
2019-12-30 7:34 ` Linus Torvalds
2019-12-30 8:28 ` Aleksa Sarai
2020-01-08 4:39 ` Andy Lutomirski
2019-12-30 5:44 ` [PATCH RFC 0/1] " Al Viro
2019-12-30 5:49 ` Aleksa Sarai
[not found] ` <20191230072959.62kcojxpthhdwmfa@yavin.dot.cyphar.com>
2019-12-30 7:53 ` Linus Torvalds
2019-12-30 8:32 ` Aleksa Sarai
2020-01-02 8:58 ` David Laight
2020-01-02 9:09 ` Aleksa Sarai
2020-01-01 0:43 ` Al Viro
2020-01-01 0:54 ` Al Viro
2020-01-01 3:08 ` Al Viro
2020-01-01 14:44 ` Aleksa Sarai
2020-01-01 23:40 ` Al Viro
2020-01-02 3:59 ` Aleksa Sarai
2020-01-03 1:49 ` Al Viro
2020-01-04 4:46 ` Ian Kent
2020-01-08 3:13 ` Al Viro
2020-01-08 3:54 ` Linus Torvalds
2020-01-08 21:34 ` Al Viro
2020-01-10 0:08 ` Linus Torvalds
2020-01-10 4:15 ` Al Viro
2020-01-10 5:03 ` Linus Torvalds
2020-01-10 6:20 ` Ian Kent
2020-01-12 21:33 ` Al Viro
2020-01-13 2:59 ` Ian Kent
2020-01-14 0:25 ` Ian Kent
2020-01-14 4:39 ` Al Viro
2020-01-14 5:01 ` Ian Kent
2020-01-14 5:59 ` Ian Kent
2020-01-10 21:07 ` Aleksa Sarai
2020-01-14 4:57 ` Al Viro
2020-01-14 5:12 ` Al Viro
2020-01-14 20:01 ` Aleksa Sarai
2020-01-15 14:25 ` Al Viro
2020-01-15 14:29 ` Aleksa Sarai
2020-01-15 14:34 ` Aleksa Sarai
2020-01-15 14:48 ` Al Viro
2020-01-18 12:07 ` [PATCH v3 0/2] openat2: minor uapi cleanups Aleksa Sarai
2020-01-18 12:07 ` [PATCH v3 1/2] open: introduce openat2(2) syscall Aleksa Sarai
2020-01-18 12:08 ` [PATCH v3 2/2] selftests: add openat2(2) selftests Aleksa Sarai
2020-01-18 15:28 ` [PATCH v3 0/2] openat2: minor uapi cleanups Al Viro
2020-01-18 18:09 ` Al Viro
2020-01-18 23:03 ` Aleksa Sarai
2020-01-19 1:12 ` Al Viro
2020-01-15 13:57 ` [PATCH RFC 0/1] mount: universally disallow mounting over symlinks Aleksa Sarai
2020-01-19 3:14 ` [RFC][PATCHSET][CFT] pathwalk cleanups and fixes Al Viro
2020-01-19 3:17 ` [PATCH 01/17] do_add_mount(): lift lock_mount/unlock_mount into callers Al Viro
2020-01-19 3:17 ` [PATCH 02/17] fix automount/automount race properly Al Viro
2020-01-30 14:34 ` Christian Brauner
2020-01-19 3:17 ` [PATCH 03/17] follow_automount(): get rid of dead^Wstillborn code Al Viro
2020-01-30 14:38 ` Christian Brauner
2020-01-19 3:17 ` [PATCH 04/17] follow_automount() doesn't need the entire nameidata Al Viro
2020-01-30 14:45 ` Christian Brauner
2020-01-30 15:38 ` Al Viro
2020-01-30 15:55 ` Al Viro
2020-01-19 3:17 ` [PATCH 05/17] make build_open_flags() treat O_CREAT | O_EXCL as implying O_NOFOLLOW Al Viro
2020-01-19 3:17 ` [PATCH 06/17] handle_mounts(): start building a sane wrapper for follow_managed() Al Viro
2020-01-19 3:17 ` [PATCH 07/17] atomic_open(): saner calling conventions (return dentry on success) Al Viro
2020-01-19 3:17 ` [PATCH 08/17] lookup_open(): " Al Viro
2020-01-19 3:17 ` [PATCH 09/17] do_last(): collapse the call of path_to_nameidata() Al Viro
2020-01-19 3:17 ` [PATCH 10/17] handle_mounts(): pass dentry in, turn path into a pure out argument Al Viro
2020-01-19 3:17 ` [PATCH 11/17] lookup_fast(): consolidate the RCU success case Al Viro
2020-01-19 3:17 ` [PATCH 12/17] teach handle_mounts() to handle RCU mode Al Viro
2020-01-19 3:17 ` [PATCH 13/17] lookup_fast(): take mount traversal into callers Al Viro
2020-01-19 3:17 ` [PATCH 14/17] new step_into() flag: WALK_NOFOLLOW Al Viro
2020-01-19 3:17 ` [PATCH 15/17] fold handle_mounts() into step_into() Al Viro
2020-01-19 3:17 ` [PATCH 16/17] LOOKUP_MOUNTPOINT: fold path_mountpointat() into path_lookupat() Al Viro
2020-01-19 3:17 ` [PATCH 17/17] expand the only remaining call of path_lookup_conditional() Al Viro
2020-01-19 3:17 ` [PATCH 1/9] merging pick_link() with get_link(), part 1 Al Viro
2020-01-19 3:17 ` [PATCH 2/9] merging pick_link() with get_link(), part 2 Al Viro
2020-01-19 3:17 ` [PATCH 3/9] merging pick_link() with get_link(), part 3 Al Viro
2020-01-19 3:17 ` [PATCH 4/9] merging pick_link() with get_link(), part 4 Al Viro
2020-01-19 3:17 ` [PATCH 5/9] merging pick_link() with get_link(), part 5 Al Viro
2020-01-19 3:17 ` [PATCH 6/9] merging pick_link() with get_link(), part 6 Al Viro
2020-01-19 3:17 ` [PATCH 7/9] finally fold get_link() into pick_link() Al Viro
2020-01-19 3:17 ` [PATCH 8/9] massage __follow_mount_rcu() a bit Al Viro
2020-01-19 3:17 ` Al Viro [this message]
2020-01-30 14:13 ` [PATCH 01/17] do_add_mount(): lift lock_mount/unlock_mount into callers Christian Brauner
2020-01-19 14:33 ` [RFC][PATCHSET][CFT] pathwalk cleanups and fixes Ian Kent
2020-01-10 23:19 ` [PATCH RFC 0/1] mount: universally disallow mounting over symlinks Al Viro
2020-01-13 1:48 ` Ian Kent
2020-01-13 3:54 ` Al Viro
2020-01-13 6:00 ` Ian Kent
2020-01-13 6:03 ` Ian Kent
2020-01-13 13:30 ` Al Viro
2020-01-14 7:25 ` Ian Kent
2020-01-14 12:17 ` Ian Kent
2020-01-04 5:52 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200119031738.2681033-26-viro@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=christian.brauner@ubuntu.com \
--cc=cyphar@cyphar.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).