Received: by 10.213.65.68 with SMTP id h4csp94816imn; Sat, 24 Mar 2018 14:49:57 -0700 (PDT) X-Google-Smtp-Source: AG47ELvMoeP0xaouYxp4JT/+/DzQl7tAHpgWYGaBdECt7QNQZ3PeoUDya/BWWl2EOLMDZOKYQKCb X-Received: by 10.99.7.138 with SMTP id 132mr21128675pgh.45.1521928197011; Sat, 24 Mar 2018 14:49:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521928196; cv=none; d=google.com; s=arc-20160816; b=gBPiBhLfvdkhu6o1KkjSHXnzBlxxGcfe43hKFnrWdQ0+x/HdM6WO3CH6WKQkLrT5qB 3m7FYk0AOHByjFikoZ0FbAuTUC+RPK1kgT+CyrAC0Cg7p+LKKmpChP23LFvuGZQIHrMK XBjQDbkyr+KES0AlHNqglVmKNp0y936mmmxXax3UOV8K6J2RG4iDbkRC3bwHW1F5NMri SjhP7LTZ/MzKjyHFdQtEu27yyw6lITCkBdPc8pDojNaYh/DUEM6HkRCl07c4bJHKhUGQ mdijYBs0oAQzGNWPp/DfDhqic5tUCAvotYqHKrWTF9EafY6h1CjcapqZLlkZQ0aED0L0 YMTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=qfQNwgB0Lp5o8veJPbURkjeHpvC17v91f4SJ5UN3DmI=; b=e9HdSvJEfHxH2fME9PkG3nBVEn981JJWXOKfBBs30B0fZbczvZZ/brjb2dEyFthHW2 YQFNsgQvn2//fUNUeBMU6MGqs8eYT9AHvE9K/x29mG7Yqp+Sp1LZ8T7A0pPUIxbObC9t ifsqO/dyv0vn6bm/jVfobxSjYwhdb+gogbrXmcmxsAlTNZxj5OZNESgYnjqLpl4+0ufK EKWlbylC+B2keeSCTYbRGpWGy9Cim8g8GJz5U5848Gv67g5S+voTA9627AxfMUySbmic LCZXxFbr5QWKlZlwkDQ8/nFgvptScJHeC64dQTZ/1Fo/XvFK5p7an14QtQLMNMmGWe+T dViQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q12-v6si12617340pll.419.2018.03.24.14.49.42; Sat, 24 Mar 2018 14:49:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753120AbeCXVsu (ORCPT + 99 others); Sat, 24 Mar 2018 17:48:50 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:43008 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752900AbeCXVst (ORCPT ); Sat, 24 Mar 2018 17:48:49 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux)) id 1ezr1p-0006Wg-JV; Sat, 24 Mar 2018 21:48:45 +0000 Date: Sat, 24 Mar 2018 21:48:45 +0000 From: Al Viro To: "Eric W. Biederman" Cc: Aleksa Sarai , linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org Subject: Re: [PATCH 1/2] fs: Extend mount_ns with support for a fast namespace to vfsmount function Message-ID: <20180324214845.GM30522@ZenIV.linux.org.uk> References: <20180323060457.sxgsd3j2obi33fyw@gordon> <87k1u3ti9e.fsf@xmission.com> <87fu4qo4ff.fsf_-_@xmission.com> <20180323231511.GK30522@ZenIV.linux.org.uk> <87in9ljvvx.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87in9ljvvx.fsf@xmission.com> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 24, 2018 at 11:12:02AM -0500, Eric W. Biederman wrote: > > This is completely wrong. Look: > > * SB_KERNMOUNT and !SB_KERNMOUNT cases are almost entirely isolated; > > completely so once that ns_to_mnt becomes unconditionally non-NULL. > > * in !SB_KERNMOUNT passing ns_to_mnt() is pointless - you might as > > well pass existing vfsmount (or ERR_PTR()) and use _that_. fill_super() > > is not used at all in that case. > > * is SB_KERNMOUNT ns_to_mnt serves only as a flag, eventually > > constant true. > > > > So let's split it in two helpers and give them sane arguments. > > Everything I look at with multiple helpers feels even worse to me. > The above has the advantage it is the minimal change to fix the > regression. So I am not worried about code correctness. > I keep wondering is the intention long term to fix sget so it has an > efficient data structure for finding super blocks (like an rbtree) or if > the intention is to deprecate sget entirely and just have everything > call alloc_super, and be responsible for their own data structures for > finding existing superblocks. > > At this point since we are not in agreement on a proper fix I am going > to plan on just queueing up a revert. So that we don't ship 4.16 with > a regression in a permission check. Permission check is trivial to put back in; I'll do that. FWIW, I don't believe that sget_userns() is a good place for any kind of universal permission checks. It's a library helper, not a place everything must come through when mounting something. So's mount_ns(), etc. BTW, will you be at LSF? I would suggest discussing the architectural issues there - they are directly related to fsmount() proposals...