Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4548685imu; Mon, 12 Nov 2018 12:55:26 -0800 (PST) X-Google-Smtp-Source: AJdET5clwxg0opK8CzBZiMRM94xYI2fSeZumsDm4DWmB2TISNmkAe2XJWI0tmRqVhTCTTAlOJrDf X-Received: by 2002:a65:6645:: with SMTP id z5mr2175420pgv.351.1542056126317; Mon, 12 Nov 2018 12:55:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542056126; cv=none; d=google.com; s=arc-20160816; b=SAFdAPkylasz/3rwkl+CxatZHUMt270pFz/lwxibpL4lpU0v4MCUn6leFWoWKBvrMt WYNp7DY5TW70NQUFyn5JqzmNIZ+onGTLhukXmpUk9LM4lOJz54qJDA5//I++5nZZKlJ1 3mJhSrqMsu78U3PisuUzzFBKNSEnf6avqRZrbVBzMx87awu+0BldF39ShyPEY8RfaQQh dqAMy+VGByiT8QKyD4FIospugeN5Gk9R16iI3hphE202S0CprseXqhKIE+ncTBKuhPbu r5UjyxBlM44FMAYK1mZrgmq6Pa9BiGibsMTv4ixQ+V7p41WvzIySY8thN/jQNdhE1f0h GmzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=42m2k6xFYrpCz1qm9mLB+xp//LkEkS6nKXhvQgqIxrg=; b=E8vVw5bt2QJzMWkahvcTn6Mx09Eecfmu08yA0lxVeLY4WgAzeJjNezjQhLr0cvPvux PbI298mW8xsqjx2p1zl+cCXwKI9aD1vsCk8kwwIYDili/JVQawaoBaLoOVVSohZJgEeW JjYwa2vgq2OaISLDDOcUUxfhDhgK4WMgjA1KMPFzFfu6BPm9hZLE50Ps6Wt9z4YIbvKc FIesVclcuUe+WqdMGj8raLjyTAmWI18ue8bHoPXhbfdLBqSfqJijTozMypakC7SGmb1i gn6FGsCwxSBupduqL7WF9TNr+xWWTIdEPSZohmdr8mndDwzY8FDgBkvy4D3hugJ7bmgh qL7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x33-v6si18791499plb.49.2018.11.12.12.55.10; Mon, 12 Nov 2018 12:55:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730386AbeKMGtm (ORCPT + 99 others); Tue, 13 Nov 2018 01:49:42 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:58100 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725817AbeKMGtm (ORCPT ); Tue, 13 Nov 2018 01:49:42 -0500 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.90_1 #2 (Red Hat Linux)) id 1gMJEF-0003vR-UF; Mon, 12 Nov 2018 20:54:40 +0000 Date: Mon, 12 Nov 2018 20:54:39 +0000 From: Al Viro To: "Eric W. Biederman" Cc: Steven Whitehouse , Linus Torvalds , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [git pull] mount API series Message-ID: <20181112205439.GF32577@ZenIV.linux.org.uk> References: <20181031053355.GQ32577@ZenIV.linux.org.uk> <87a7mut9cm.fsf@xmission.com> <2f4a2d58-dc7b-3a8f-65aa-9db432ce0a1e@redhat.com> <877ehjkq07.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <877ehjkq07.fsf@xmission.com> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Nov 11, 2018 at 08:07:20PM -0600, Eric W. Biederman wrote: > Steven Whitehouse writes: > > Can you share some details of what this NULL dereference is? David and > > Al have been working on the changes as requested by Linus later in > > this thread, and they'd like to tidy up this issue too at the same > > time if possible. We are not asking you to actually provide a fix, in > > case you are too busy to do so, however it would be good to know what > > the issue is so that we can make sure that it is resolved in the next > > round of patches, > > https://lore.kernel.org/lkml/87bm7n5k1r.fsf@xmission.com/ Thought it had been dealt with, but you are right - oops is still there and obviously needs fixing. However, looking at that place in mainline... How does that thing manage to work? Look: /* Notice when we are propagating across user namespaces */ if (m->mnt_ns->user_ns != user_ns) type |= CL_UNPRIVILEGED; child = copy_tree(last_source, last_source->mnt.mnt_root, type); if (IS_ERR(child)) return PTR_ERR(child); child->mnt.mnt_flags &= ~MNT_LOCKED; mnt_set_mountpoint(m, mp, child); last_dest = m; last_source = child; OK, we'd created the copy to be attached to the next candidate mountpoint. If we have e.g. a 4-element peer group, we'll start with what we'd been asked to mount, then call that sucker three times, getting a copy for each of those mountpoints. Right? Now, what happens if the 1st, 3rd and 4th members live in your namespace, with the second one being elsewhere? We have source_mnt: that'll go on top of the 1st mountpoint copy of source_mnt: that'll go on top of the 2nd mountpoint copy of copy of source_mnt: that'll go on top of the 3rd mountpoint copy of copy of copy of source_mnt: that'll go on top of the 4th one And AFAICS your logics there has just made sure that everything except the source_mnt will have MNT_LOCK_... all over the place. IOW, the effect of CL_UNPRIVELEGED is cumulative. How the hell does that code avoid this randomness? Note had the members of that peer group been in a different order, you would've gotten a different result. What am I missing here? Oops is a separate story, and a regression in its own right; it needs to be fixed. But I would really like to sort out the semantics of the existing code in that area, so that we don't end up with patch conflicts.