Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754062AbbKXRQR (ORCPT ); Tue, 24 Nov 2015 12:16:17 -0500 Received: from mail-yk0-f176.google.com ([209.85.160.176]:33765 "EHLO mail-yk0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752006AbbKXRQO (ORCPT ); Tue, 24 Nov 2015 12:16:14 -0500 Date: Tue, 24 Nov 2015 12:16:10 -0500 From: Tejun Heo To: serge@hallyn.com Cc: linux-kernel@vger.kernel.org, adityakali@google.com, linux-api@vger.kernel.org, containers@lists.linux-foundation.org, cgroups@vger.kernel.org, lxc-devel@lists.linuxcontainers.org, akpm@linux-foundation.org, ebiederm@xmission.com Subject: Re: [PATCH 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns Message-ID: <20151124171610.GS17033@mtj.duckdns.org> References: <1447703505-29672-1-git-send-email-serge@hallyn.com> <1447703505-29672-8-git-send-email-serge@hallyn.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1447703505-29672-8-git-send-email-serge@hallyn.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2731 Lines: 103 Hello, On Mon, Nov 16, 2015 at 01:51:44PM -0600, serge@hallyn.com wrote: > +struct dentry *kernfs_obtain_root(struct super_block *sb, > + struct kernfs_node *kn) > +{ > + struct dentry *dentry; > + struct inode *inode; > + > + BUG_ON(sb->s_op != &kernfs_sops); > + > + /* inode for the given kernfs_node should already exist. */ > + inode = ilookup(sb, kn->ino); > + if (!inode) { > + pr_debug("kernfs: could not get inode for '"); > + pr_cont_kernfs_path(kn); > + pr_cont("'.\n"); > + return ERR_PTR(-EINVAL); > + } Hmmm... but inode might not have been instantiated yet. Why not use kernfs_get_inode()? > + /* instantiate and link root dentry */ > + dentry = d_obtain_root(inode); > + if (!dentry) { > + pr_debug("kernfs: could not get dentry for '"); > + pr_cont_kernfs_path(kn); > + pr_cont("'.\n"); > + return ERR_PTR(-ENOMEM); > + } > + > + /* If this is a new dentry, set it up. We need kernfs_mutex because this > + * may be called by callers other than kernfs_fill_super. */ Formatting. > + mutex_lock(&kernfs_mutex); > + if (!dentry->d_fsdata) { > + kernfs_get(kn); > + dentry->d_fsdata = kn; > + } else { > + WARN_ON(dentry->d_fsdata != kn); > + } > + mutex_unlock(&kernfs_mutex); > + > + return dentry; > +} Wouldn't it be simpler to walk dentry from kernfs root than duplicating dentry instantiation? > diff --git a/kernel/cgroup.c b/kernel/cgroup.c > index 1d696de..0a3e893 100644 > --- a/kernel/cgroup.c > +++ b/kernel/cgroup.c > @@ -2112,11 +2120,31 @@ out_free: > kfree(opts.release_agent); > kfree(opts.name); > > - if (ret) > + if (ret) { > + put_cgroup_ns(ns); > return ERR_PTR(ret); > + } > > dentry = kernfs_mount(fs_type, flags, root->kf_root, > CGROUP_SUPER_MAGIC, &new_sb); > + > + if (!IS_ERR(dentry)) { > + /* In non-init cgroup namespace, instead of root cgroup's > + * dentry, we return the dentry corresponding to the > + * cgroupns->root_cgrp. > + */ Formatting. > + if (ns != &init_cgroup_ns) { > + struct dentry *nsdentry; > + struct cgroup *cgrp; > + > + cgrp = cset_cgroup_from_root(ns->root_cgrps, root); > + nsdentry = kernfs_obtain_root(dentry->d_sb, > + cgrp->kn); > + dput(dentry); > + dentry = nsdentry; > + } > + } So, this would effectively allow namespace mounts to claim controllers which aren't configured otherwise which doesn't seem like a good idea. I think the right thing to do for namespace mounts is to always require an existing superblock. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/