Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp312929imm;
        Fri, 1 Jun 2018 01:04:32 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKLEP+yUmCjivfwt4DUSxI/LzyI5hpXFiDuzTYjriRsPq/m745j653oLPHyDE6P3uf0efEiz
X-Received: by 2002:a63:6d05:: with SMTP id i5-v6mr8129146pgc.321.1527840272278;
        Fri, 01 Jun 2018 01:04:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527840272; cv=none;
        d=google.com; s=arc-20160816;
        b=jBJCOe74aE8jDSt7qHu5vQADEdFf3XEBhDgv54L0tkAqPpHtgZ+VlPJ2dOwpAoNnA0
         G4zbd23L3JjRwCXRhNf7OhW1g3ZTuZcW2BswbVNc07A+ASPQoe8ph4G4/yAmzTQHgMjD
         3XZm/7Ssrf6nTffsZP1Cin81zjZB2Uz4o7dMOni10TeiO+nPtm5n8j/d3mMNA1lPEa3T
         hOdVTmGkjZOwyG7QIpePEnyI4BDTondxecMRpjhTez9QC+GuE7vHeytM8le4GS7U2jv5
         uyDayibLvFe7MSxFmbnKeY5gyr07X3gjo/K8R7dYnmEXy4j4VWdsWyTHZxBBZGW3vDSf
         gx0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=pSJBHZuxi3ca5GGaWIPRaezCeXSyNOv5srTL3SoMlPc=;
        b=nZURQhyFYKd+1IQOKUPbHzLjgMexT7QJEUmClP6psoIQP+Q5MNfm0aUEbAbwALJHl3
         FWGZl39gADumgOaA+zRyNUVSyeOEvd8ZLClQXi0Cz11koN1/iZXNdXLVpy5HSxAdNfYo
         2Rm0keMy3XzGJvsUeJvW3q5RoaEnmBiGheeoXphgGDzUS4v8sm4eZUdIctDlc8gDiEpH
         v3xXJmhaIdi8bl/MSlMyosU/xrKU9/qoJQLvZjhl2ii9BV8RXziUEYzXxv06nr15x9Wh
         aZoe/b21mJVu73uuOdRfVpfEsokHdmw7cONJJ6cG17ZShgCRmmwuCskEiiCYTL/Q4XJc
         TdkA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=kLjVMFJA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m11-v6si28063308pgv.608.2018.06.01.01.04.17;
        Fri, 01 Jun 2018 01:04:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=kLjVMFJA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751000AbeFAICy (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Fri, 1 Jun 2018 04:02:54 -0400
Received: from mail-yb0-f193.google.com ([209.85.213.193]:37281 "EHLO
        mail-yb0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750729AbeFAICu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 1 Jun 2018 04:02:50 -0400
Received: by mail-yb0-f193.google.com with SMTP id h141-v6so1264961ybg.4;
        Fri, 01 Jun 2018 01:02:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=pSJBHZuxi3ca5GGaWIPRaezCeXSyNOv5srTL3SoMlPc=;
        b=kLjVMFJA0J2LEWdW5IWQ1yY2g8tsF3/3cF7TZmrVXa65j4q9EteDc/R3Z3yNnXEonG
         uIrlIF313DaPb4CVUHcSLoByDcg5JRPkRO+50ePQeYFQQ+czCdRLdyZ8J58W3if4waAX
         dz3DyxKnI66VN6CINJHcewcI78So7saB9VqBE9RhtlqlWvFtIGRbpAX1xqd8F2uKdgfl
         Oa8M+NaEEpNU65hMS+STmv8RFTKXqjPW+vpN7Sp3qTf40YdLa2U6ka07HoedpvsmPMuz
         8S9MuoIt3nh/epsDHAWVSbf1Hsaiuzgk5FP+GgRvmVfCWm2lumjWPg8Up/6Nm3tlt0J+
         Z8XA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=pSJBHZuxi3ca5GGaWIPRaezCeXSyNOv5srTL3SoMlPc=;
        b=V8ke5i5fPUIqdPhHN2O4UJ89z+6PzEgFQ+yqcSS95key+UwSavBtOnOWmlESA25JUe
         TaI8zghiOR/xiqJm0/Iuvg+2Nku8S3vBPuZ3oYqiO6h3RgKZnjexvTkDblFjD5hnxZHc
         k7wniaadQNil3UuZFbBmw1Jiv8BgTu64pTO9N8T7WHJzJRKgyc0jjS/bfGgMZO+r4/+Z
         ULshlP+9SLNRwLmLVl59XmFmhL40R8g7TXqD6CFhe5cbuK5PaHJ32FJeDalM+aBn7d2l
         2izjMd8HMMjOEqLgenvFc1Ih4JHg6CH+iHGZcWjJI5DsPF868mAgnnumSu36zJ+jlNws
         9Zjg==
X-Gm-Message-State: ALKqPwfv4okVC3BfP2I6H0q+Q54RsYp+yLFaCc1aCYcIcKUqUSnY9ML/
        rzr2xDoBwj1Su9GmGLDk7xnSZHDymh1sOVrmSEo=
X-Received: by 2002:a25:c4c6:: with SMTP id u189-v6mr5543468ybf.138.1527840169540;
 Fri, 01 Jun 2018 01:02:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a0d:efc6:0:0:0:0:0 with HTTP; Fri, 1 Jun 2018 01:02:49 -0700 (PDT)
In-Reply-To: <152720691829.9073.10564431140980997005.stgit@warthog.procyon.org.uk>
References: <152720672288.9073.9868393448836301272.stgit@warthog.procyon.org.uk>
 <152720691829.9073.10564431140980997005.stgit@warthog.procyon.org.uk>
From:   Amir Goldstein <amir73il@gmail.com>
Date:   Fri, 1 Jun 2018 11:02:49 +0300
Message-ID: <CAOQ4uxjbZEyqNPwE8m0QmCU7OG831r4Lpg+M1RWCOxDrsgErnA@mail.gmail.com>
Subject: Re: [PATCH 30/32] vfs: Allow cloning of a mount tree with
 open(O_PATH|O_CLONE_MOUNT) [ver #8]
To:     David Howells <dhowells@redhat.com>
Cc:     Al Viro <viro@zeniv.linux.org.uk>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        linux-afs@lists.infradead.org,
        linux-kernel <linux-kernel@vger.kernel.org>,
        linux-api@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

[added linux-api]

On Fri, May 25, 2018 at 3:08 AM, David Howells <dhowells@redhat.com> wrote:
> Make it possible to clone a mount tree with a new pair of open flags that
> are used in conjunction with O_PATH:
>
>  (1) O_CLONE_MOUNT - Clone the mount or mount tree at the path.
>
>  (2) O_NON_RECURSIVE - Don't clone recursively.
>
> Note that it's not a good idea to reuse other flags (such as O_CREAT)
> because the open routine for O_PATH does not give an error if any other
> flags are used in conjunction with O_PATH, but rather just masks off any it
> doesn't use.
>
> The resultant file struct is marked FMODE_NEED_UNMOUNT to as it pins an
> extra reference for the mount.  This will be cleared by the upcoming
> move_mount() syscall when it successfully moves a cloned mount into the
> filesystem tree.
>
> Note that care needs to be taken with the error handling in do_o_path() in
> the case that vfs_open() fails as the path may or may not have been
> attached to the file struct and FMODE_NEED_UNMOUNT may or may not be set.
> Note that O_DIRECT | O_PATH could be a problem with error handling too.
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
>
[...]

> @@ -977,8 +979,11 @@ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *o
>                  * If we have O_PATH in the open flag. Then we
>                  * cannot have anything other than the below set of flags
>                  */
> -               flags &= O_DIRECTORY | O_NOFOLLOW | O_PATH;
> +               flags &= (O_DIRECTORY | O_NOFOLLOW | O_PATH |
> +                         O_CLONE_MOUNT | O_NON_RECURSIVE);
>                 acc_mode = 0;
> +       } else if (flags & (O_CLONE_MOUNT | O_NON_RECURSIVE)) {
> +               return -EINVAL;

Reject O_NON_RECURSIVE without O_CLONE_MOUNT?
That would free at least one flag combination for future use.

Doesn't it make more sense for user API to opt-into
O_RECURSIVE_CLONE, rather than opt-out of it?


>         }
>
>         op->open_flag = flags;
> diff --git a/include/linux/fcntl.h b/include/linux/fcntl.h
> index 27dc7a60693e..8f60e2244740 100644
> --- a/include/linux/fcntl.h
> +++ b/include/linux/fcntl.h
> @@ -9,7 +9,8 @@
>         (O_RDONLY | O_WRONLY | O_RDWR | O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | \
>          O_APPEND | O_NDELAY | O_NONBLOCK | O_NDELAY | __O_SYNC | O_DSYNC | \
>          FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW | \
> -        O_NOATIME | O_CLOEXEC | O_PATH | __O_TMPFILE)
> +        O_NOATIME | O_CLOEXEC | O_PATH | __O_TMPFILE | \
> +        O_CLONE_MOUNT | O_NON_RECURSIVE)
>
>  #ifndef force_o_largefile
>  #define force_o_largefile() (BITS_PER_LONG != 32)
> diff --git a/include/uapi/asm-generic/fcntl.h b/include/uapi/asm-generic/fcntl.h
> index 0b1c7e35090c..f533e35ea19b 100644
> --- a/include/uapi/asm-generic/fcntl.h
> +++ b/include/uapi/asm-generic/fcntl.h
> @@ -88,6 +88,14 @@
>  #define __O_TMPFILE    020000000
>  #endif
>
> +#ifndef O_CLONE_MOUNT
> +#define O_CLONE_MOUNT  040000000       /* Used with O_PATH to clone the mount subtree at path */
> +#endif
> +
> +#ifndef O_NON_RECURSIVE
> +#define O_NON_RECURSIVE        0100000000      /* Used with O_CLONE_MOUNT to only clone one mount */
> +#endif
> +
>  /* a horrid kludge trying to make sure that this will fail on old kernels */
>  #define O_TMPFILE (__O_TMPFILE | O_DIRECTORY)
>  #define O_TMPFILE_MASK (__O_TMPFILE | O_DIRECTORY | O_CREAT)
>

I am not sure what are the consequences of opening O_PATH with old kernel
and getting an open file, can't think of anything bad.
Can the same be claimed for O_PATH|O_CLONE_MOUNT?

Wouldn't it be better to apply the O_TMPFILE kludge to the new
open flag, so that apps can check if O_CLONE_MOUNT feature is supported
by kernel?

Thanks,
Amir.