Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp312929imm; Fri, 1 Jun 2018 01:04:32 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLEP+yUmCjivfwt4DUSxI/LzyI5hpXFiDuzTYjriRsPq/m745j653oLPHyDE6P3uf0efEiz X-Received: by 2002:a63:6d05:: with SMTP id i5-v6mr8129146pgc.321.1527840272278; Fri, 01 Jun 2018 01:04:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527840272; cv=none; d=google.com; s=arc-20160816; b=jBJCOe74aE8jDSt7qHu5vQADEdFf3XEBhDgv54L0tkAqPpHtgZ+VlPJ2dOwpAoNnA0 G4zbd23L3JjRwCXRhNf7OhW1g3ZTuZcW2BswbVNc07A+ASPQoe8ph4G4/yAmzTQHgMjD 3XZm/7Ssrf6nTffsZP1Cin81zjZB2Uz4o7dMOni10TeiO+nPtm5n8j/d3mMNA1lPEa3T hOdVTmGkjZOwyG7QIpePEnyI4BDTondxecMRpjhTez9QC+GuE7vHeytM8le4GS7U2jv5 uyDayibLvFe7MSxFmbnKeY5gyr07X3gjo/K8R7dYnmEXy4j4VWdsWyTHZxBBZGW3vDSf gx0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=pSJBHZuxi3ca5GGaWIPRaezCeXSyNOv5srTL3SoMlPc=; b=nZURQhyFYKd+1IQOKUPbHzLjgMexT7QJEUmClP6psoIQP+Q5MNfm0aUEbAbwALJHl3 FWGZl39gADumgOaA+zRyNUVSyeOEvd8ZLClQXi0Cz11koN1/iZXNdXLVpy5HSxAdNfYo 2Rm0keMy3XzGJvsUeJvW3q5RoaEnmBiGheeoXphgGDzUS4v8sm4eZUdIctDlc8gDiEpH v3xXJmhaIdi8bl/MSlMyosU/xrKU9/qoJQLvZjhl2ii9BV8RXziUEYzXxv06nr15x9Wh aZoe/b21mJVu73uuOdRfVpfEsokHdmw7cONJJ6cG17ZShgCRmmwuCskEiiCYTL/Q4XJc TdkA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kLjVMFJA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m11-v6si28063308pgv.608.2018.06.01.01.04.17; Fri, 01 Jun 2018 01:04:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kLjVMFJA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751000AbeFAICy (ORCPT + 99 others); Fri, 1 Jun 2018 04:02:54 -0400 Received: from mail-yb0-f193.google.com ([209.85.213.193]:37281 "EHLO mail-yb0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750729AbeFAICu (ORCPT ); Fri, 1 Jun 2018 04:02:50 -0400 Received: by mail-yb0-f193.google.com with SMTP id h141-v6so1264961ybg.4; Fri, 01 Jun 2018 01:02:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pSJBHZuxi3ca5GGaWIPRaezCeXSyNOv5srTL3SoMlPc=; b=kLjVMFJA0J2LEWdW5IWQ1yY2g8tsF3/3cF7TZmrVXa65j4q9EteDc/R3Z3yNnXEonG uIrlIF313DaPb4CVUHcSLoByDcg5JRPkRO+50ePQeYFQQ+czCdRLdyZ8J58W3if4waAX dz3DyxKnI66VN6CINJHcewcI78So7saB9VqBE9RhtlqlWvFtIGRbpAX1xqd8F2uKdgfl Oa8M+NaEEpNU65hMS+STmv8RFTKXqjPW+vpN7Sp3qTf40YdLa2U6ka07HoedpvsmPMuz 8S9MuoIt3nh/epsDHAWVSbf1Hsaiuzgk5FP+GgRvmVfCWm2lumjWPg8Up/6Nm3tlt0J+ Z8XA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pSJBHZuxi3ca5GGaWIPRaezCeXSyNOv5srTL3SoMlPc=; b=V8ke5i5fPUIqdPhHN2O4UJ89z+6PzEgFQ+yqcSS95key+UwSavBtOnOWmlESA25JUe TaI8zghiOR/xiqJm0/Iuvg+2Nku8S3vBPuZ3oYqiO6h3RgKZnjexvTkDblFjD5hnxZHc k7wniaadQNil3UuZFbBmw1Jiv8BgTu64pTO9N8T7WHJzJRKgyc0jjS/bfGgMZO+r4/+Z ULshlP+9SLNRwLmLVl59XmFmhL40R8g7TXqD6CFhe5cbuK5PaHJ32FJeDalM+aBn7d2l 2izjMd8HMMjOEqLgenvFc1Ih4JHg6CH+iHGZcWjJI5DsPF868mAgnnumSu36zJ+jlNws 9Zjg== X-Gm-Message-State: ALKqPwfv4okVC3BfP2I6H0q+Q54RsYp+yLFaCc1aCYcIcKUqUSnY9ML/ rzr2xDoBwj1Su9GmGLDk7xnSZHDymh1sOVrmSEo= X-Received: by 2002:a25:c4c6:: with SMTP id u189-v6mr5543468ybf.138.1527840169540; Fri, 01 Jun 2018 01:02:49 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a0d:efc6:0:0:0:0:0 with HTTP; Fri, 1 Jun 2018 01:02:49 -0700 (PDT) In-Reply-To: <152720691829.9073.10564431140980997005.stgit@warthog.procyon.org.uk> References: <152720672288.9073.9868393448836301272.stgit@warthog.procyon.org.uk> <152720691829.9073.10564431140980997005.stgit@warthog.procyon.org.uk> From: Amir Goldstein Date: Fri, 1 Jun 2018 11:02:49 +0300 Message-ID: Subject: Re: [PATCH 30/32] vfs: Allow cloning of a mount tree with open(O_PATH|O_CLONE_MOUNT) [ver #8] To: David Howells Cc: Al Viro , linux-fsdevel , linux-afs@lists.infradead.org, linux-kernel , linux-api@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [added linux-api] On Fri, May 25, 2018 at 3:08 AM, David Howells wrote: > Make it possible to clone a mount tree with a new pair of open flags that > are used in conjunction with O_PATH: > > (1) O_CLONE_MOUNT - Clone the mount or mount tree at the path. > > (2) O_NON_RECURSIVE - Don't clone recursively. > > Note that it's not a good idea to reuse other flags (such as O_CREAT) > because the open routine for O_PATH does not give an error if any other > flags are used in conjunction with O_PATH, but rather just masks off any it > doesn't use. > > The resultant file struct is marked FMODE_NEED_UNMOUNT to as it pins an > extra reference for the mount. This will be cleared by the upcoming > move_mount() syscall when it successfully moves a cloned mount into the > filesystem tree. > > Note that care needs to be taken with the error handling in do_o_path() in > the case that vfs_open() fails as the path may or may not have been > attached to the file struct and FMODE_NEED_UNMOUNT may or may not be set. > Note that O_DIRECT | O_PATH could be a problem with error handling too. > > Signed-off-by: David Howells > --- > [...] > @@ -977,8 +979,11 @@ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *o > * If we have O_PATH in the open flag. Then we > * cannot have anything other than the below set of flags > */ > - flags &= O_DIRECTORY | O_NOFOLLOW | O_PATH; > + flags &= (O_DIRECTORY | O_NOFOLLOW | O_PATH | > + O_CLONE_MOUNT | O_NON_RECURSIVE); > acc_mode = 0; > + } else if (flags & (O_CLONE_MOUNT | O_NON_RECURSIVE)) { > + return -EINVAL; Reject O_NON_RECURSIVE without O_CLONE_MOUNT? That would free at least one flag combination for future use. Doesn't it make more sense for user API to opt-into O_RECURSIVE_CLONE, rather than opt-out of it? > } > > op->open_flag = flags; > diff --git a/include/linux/fcntl.h b/include/linux/fcntl.h > index 27dc7a60693e..8f60e2244740 100644 > --- a/include/linux/fcntl.h > +++ b/include/linux/fcntl.h > @@ -9,7 +9,8 @@ > (O_RDONLY | O_WRONLY | O_RDWR | O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | \ > O_APPEND | O_NDELAY | O_NONBLOCK | O_NDELAY | __O_SYNC | O_DSYNC | \ > FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW | \ > - O_NOATIME | O_CLOEXEC | O_PATH | __O_TMPFILE) > + O_NOATIME | O_CLOEXEC | O_PATH | __O_TMPFILE | \ > + O_CLONE_MOUNT | O_NON_RECURSIVE) > > #ifndef force_o_largefile > #define force_o_largefile() (BITS_PER_LONG != 32) > diff --git a/include/uapi/asm-generic/fcntl.h b/include/uapi/asm-generic/fcntl.h > index 0b1c7e35090c..f533e35ea19b 100644 > --- a/include/uapi/asm-generic/fcntl.h > +++ b/include/uapi/asm-generic/fcntl.h > @@ -88,6 +88,14 @@ > #define __O_TMPFILE 020000000 > #endif > > +#ifndef O_CLONE_MOUNT > +#define O_CLONE_MOUNT 040000000 /* Used with O_PATH to clone the mount subtree at path */ > +#endif > + > +#ifndef O_NON_RECURSIVE > +#define O_NON_RECURSIVE 0100000000 /* Used with O_CLONE_MOUNT to only clone one mount */ > +#endif > + > /* a horrid kludge trying to make sure that this will fail on old kernels */ > #define O_TMPFILE (__O_TMPFILE | O_DIRECTORY) > #define O_TMPFILE_MASK (__O_TMPFILE | O_DIRECTORY | O_CREAT) > I am not sure what are the consequences of opening O_PATH with old kernel and getting an open file, can't think of anything bad. Can the same be claimed for O_PATH|O_CLONE_MOUNT? Wouldn't it be better to apply the O_TMPFILE kludge to the new open flag, so that apps can check if O_CLONE_MOUNT feature is supported by kernel? Thanks, Amir.