Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965536AbdCWQHQ (ORCPT ); Thu, 23 Mar 2017 12:07:16 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45110 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965368AbdCWQHM (ORCPT ); Thu, 23 Mar 2017 12:07:12 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 7A48FC04BD3E Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=oleg@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 7A48FC04BD3E Date: Thu, 23 Mar 2017 17:05:07 +0100 From: Oleg Nesterov To: Alexey Gladkov Cc: Linux Kernel Mailing List , Linux API , "Kirill A. Shutemov" , Vasiliy Kulikov , Al Viro , "Eric W. Biederman" , Pavel Emelyanov , James Bottomley , "Dmitry V. Levin" Subject: Re: [RFC] Add option to mount only a pids subset Message-ID: <20170323160507.GA23135@redhat.com> References: <20170312021257.GP29622@ZenIV.linux.org.uk> <20170320125855.GG4554@comp-core-i7-2640m-0182e6> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170320125855.GG4554@comp-core-i7-2640m-0182e6> User-Agent: Mutt/1.5.18 (2008-05-17) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Thu, 23 Mar 2017 16:07:12 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1731 Lines: 45 Again, I can't really review this, I know nothing about vfs, but since nobody else replied... On 03/20, Alexey Gladkov wrote: > > @@ -97,7 +169,23 @@ static struct dentry *proc_mount(struct file_system_type *fs_type, > ns = task_active_pid_ns(current); > } > > - return mount_ns(fs_type, flags, data, ns, ns->user_ns, proc_fill_super); > + root = mount_ns(fs_type, flags, data, ns, ns->user_ns, proc_fill_super); > + > + if (!IS_ERR(root)) { > + if (!proc_fill_options(data, &opts)) > + return ERR_PTR(-EINVAL); So we have to call proc_fill_options() twice, not good... Yes, I understand why, but perhaps we factor it out somehow, we can pack options + pid_ns into sb->s_fs_info. Nevermind, this is minor. > + if (opts.pid_only) { > + int ret; > + > + if (!ns->pidfs && (ret = fill_pidfs_root(root->d_sb))) > + return ERR_PTR(ret); > + > + root = ns->pidfs; Afaics this lacks dget(ns->pidfs) which should pair with dput(mnt.mnt_root) in cleanup_mnt(). IIUC otherwise ns->pidfs can go away after umount, OTOH, if we return ns->pidfs then dget(sb->s_root) in mount_ns() is not balanced. But this all is fixeable. So with this change "mount -opidonly" creates another IS_ROOT() dentry which is not equal to sb->s_root. I simply do not know if this is technically correct or not... but, say, the "Only bind mounts can have disconnected paths" comment in path_connected() makes me worry ;) And this obviously means that /path-to-pidonly-mnt/ won't share dentries with the normal /proc mount. Not really good imo even if not really wrong... Lets look at proc_flush_task(). The exiting task will flush its $pid dentries in /proc/ but not in /path-to-pidonly-mnt/ iiuc. Again, not really a bug, but still... Oleg.