From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E974C3A5A9 for ; Wed, 4 Sep 2019 21:42:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 496E5208E4 for ; Wed, 4 Sep 2019 21:42:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567633335; bh=tgy971/fztqpwi8qOFwtwVHTIiYHicIXvVYLFwGHYnc=; h=References:In-Reply-To:From:Date:Subject:To:Cc:List-ID:From; b=v/EFThAGEyOFnhR0jaUqb/nBMduvU2Tgh7n7HtcHsPcR8zP3ZD537bfpfqINLyTJw 7FGrg+Jb3NqsnQInDAeg/NFnTf5HDCXxKyRM4HX5gpov5PJ90SryINSQntIFsAIcqS PtZP1z4MMePAgOCugXL9oFGe2UDgkNVRNlvxrJE0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727156AbfIDVmP (ORCPT ); Wed, 4 Sep 2019 17:42:15 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:33012 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729999AbfIDVmO (ORCPT ); Wed, 4 Sep 2019 17:42:14 -0400 Received: by mail-lj1-f195.google.com with SMTP id a22so260442ljd.0 for ; Wed, 04 Sep 2019 14:42:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uwuNMQc72pWyQK8TRg0HstY3l1Ai6DJhnuFaRewpYp4=; b=UP6KagylPWKv8Byd7UP6AZwOW79kEJrWCRQxdYQs3r+rkYYHaRtzINkvSv7M05KzA6 ZrkfCbIxdXLJg806nwevShkWeJseq5zYukSmtR6H1DU8VX49HoqAiZNvCj+iW0/x6oAZ eynsh3dcmA1ab+qwfUmxb81iuiDdfGEMPS8+s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uwuNMQc72pWyQK8TRg0HstY3l1Ai6DJhnuFaRewpYp4=; b=tY7vXUNGD9fyDZXzarTnKuxXpHqa4FnxYR++SW9abJ9BuAwegf+LhzaGBSGAIrOrO2 dfVfpJPaJv+tcQFzD/RlKs9fxPtf0Bl9I91VrOjIod12OepOiCNwYcXxWFSnXKUQUmtc wlwHOAOhwluXYa/2Ts2+De4TBnb6vdCwMugqcXBlYvW4ZpIHXkvD2Xbk4L5/2X+XI5AO Ad0lIjr0MsgIo/bToVjlIrg8YFfWpLm7TKroXPSF+JBpZdTKOdG2jp6a3+1YxBJAgGsR WYOdO2HYr9YcbFi0+7iLuO743gN+sKkIJkUCCVcxZWi9ChmWfEHDOleFfFPdY6Evc+Ln yzaQ== X-Gm-Message-State: APjAAAUhObW1wlBJl9PF2rahuPEAqprQxwMPfQRaqOryiLB3bq+cNKyY LxAjNzKbLO/0Mflb+LJbL5QDtxYmW1I= X-Google-Smtp-Source: APXvYqwefUyOSUB7ajUEJ/DwuLm6aT388UH112kQIFi09Fduw6ft+GgRgme2dvVm8sVY4bs01F3qKA== X-Received: by 2002:a2e:1b56:: with SMTP id b83mr13628311ljb.107.1567633332309; Wed, 04 Sep 2019 14:42:12 -0700 (PDT) Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com. [209.85.208.181]) by smtp.gmail.com with ESMTPSA id d12sm14872lfn.93.2019.09.04.14.42.11 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Sep 2019 14:42:12 -0700 (PDT) Received: by mail-lj1-f181.google.com with SMTP id x18so258637ljh.1 for ; Wed, 04 Sep 2019 14:42:11 -0700 (PDT) X-Received: by 2002:a2e:3c14:: with SMTP id j20mr10927110lja.84.1567632938615; Wed, 04 Sep 2019 14:35:38 -0700 (PDT) MIME-Version: 1.0 References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-11-cyphar@cyphar.com> In-Reply-To: From: Linus Torvalds Date: Wed, 4 Sep 2019 14:35:22 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v12 10/12] namei: aggressively check for nd->root escape on ".." resolution To: Aleksa Sarai Cc: Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Shuah Khan , Shuah Khan , Ingo Molnar , Peter Zijlstra , Christian Brauner , Jann Horn , Kees Cook , Eric Biederman , Andy Lutomirski , Andrew Morton , Alexei Starovoitov , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Rasmus Villemoes , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Aleksa Sarai , Linux Containers , alpha , Linux API , linux-arch , Linux ARM , linux-fsdevel , linux-ia64@vger.kernel.org, Linux List Kernel Mailing , "open list:KERNEL SELFTEST FRAMEWORK" , linux-m68k , linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390 , Linux-sh list , linux-xtensa@linux-xtensa.org, sparclinux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org On Wed, Sep 4, 2019 at 2:09 PM Linus Torvalds wrote: > > So you'd have three stages: > > 1) ".." always returns -EXDEV > > 2) ".." returns -EXDEV if there was a concurrent rename/mount > > 3) ".." returns -EXDEV if there was a concurrent rename/mount and we > reset the sequence numbers and check if you escaped. In fact, I wonder if this should return -EAGAIN instead - to say that "retrying may work". Because then: > Also, I'm not 100% convinced that (3) is needed at all. I think the > retry could be done in user space instead, which needs to have a > fallback anyway. Yes? No? Any user mode fallback would want to know whether it's a final error or whether simply re-trying might make it work again. I think that re-try case is valid for any of the possible "races happened, we can't guarantee that it's safe", and retrying inside the kernel (or doing that re-validation) could have latency issues. Maybe ".." is the only such case. I can't think of any other ones in your series, but at least conceptually they could happen. For example, we've had people who wanted pathname lookup without any IO happening, because if you have to wait for IO you could want to use another thread etc if you're doing some server in user space.. Linus