Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp35525ybe; Wed, 4 Sep 2019 14:38:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqyP1FYHbIWnTuHeVvGX8qe4OKJMbu3NHxFTS4jeC8zBAqXRewv9qOBubfG0Ww3/W7ykjsrm X-Received: by 2002:a17:902:e407:: with SMTP id ci7mr43477670plb.326.1567633090180; Wed, 04 Sep 2019 14:38:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567633090; cv=none; d=google.com; s=arc-20160816; b=PYlni66uO9/j5tLyyvTupJ4W2wp4RaoUBhmeuKMDGo2nKFWg8vfDZRMJbGUguLNUAP MLatDQ8PVfp5Jwln5r8D70o0Q5lhfwZ1le63tt7MoF0mIem3JqWZB6guCvRwSawHXJGo X/97gk6BYX9wGmTbjfiTXw7yTpzN1GkMSA+s1HPKb3zRKBz/14BG9oWHv5zfdrcREAkI tonM+e/1bWiqXrqnVjy4X/gZY+WsywVAor4BdpO1b27FoW4R4Qe2s6aT75GyEP4gs2He PHhRi6vJuRjmbgApp73LCCPikH8GQyerXIVyUs9GuaxYTPpM3stRq2GBHx7RYmcELblu puSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=uwuNMQc72pWyQK8TRg0HstY3l1Ai6DJhnuFaRewpYp4=; b=PuuHbPm6VNEjY1pW62yzNYJ6OQB/uFZxm8rh3SQ8JhFCkZb+KlBcoB2CmkzJeuYi5h I4ECvdX4us8A29Dv604N1zO/R2x69jC2uWo49sFIfiPgpEVYVBB+I5E1k16rERjlpR/g GUtk4ltnmOqgvTcp2zY1IHSBdFPmGiVVHZVqEU/oGCZgCs6Gu/Ar8xvUyl93g+gLTsbU vY3ota9kf0Iu7z1Q9QB7zk8jpMXjcQxa4YIjzqQXEH3PMgYVDkxWoQ5Ak08BTGEw3Wwn 3AWymHBQVdjpdfgDNIiSeXp0eghIJsgx6DK39bHJFAcDKReCdHgVCejAjEEtsWaCrbbl h8mA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=UP6Kagyl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j9si83171plt.315.2019.09.04.14.37.54; Wed, 04 Sep 2019 14:38:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=UP6Kagyl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730013AbfIDVfp (ORCPT + 99 others); Wed, 4 Sep 2019 17:35:45 -0400 Received: from mail-lj1-f194.google.com ([209.85.208.194]:39556 "EHLO mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727125AbfIDVfo (ORCPT ); Wed, 4 Sep 2019 17:35:44 -0400 Received: by mail-lj1-f194.google.com with SMTP id j16so217387ljg.6 for ; Wed, 04 Sep 2019 14:35:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uwuNMQc72pWyQK8TRg0HstY3l1Ai6DJhnuFaRewpYp4=; b=UP6KagylPWKv8Byd7UP6AZwOW79kEJrWCRQxdYQs3r+rkYYHaRtzINkvSv7M05KzA6 ZrkfCbIxdXLJg806nwevShkWeJseq5zYukSmtR6H1DU8VX49HoqAiZNvCj+iW0/x6oAZ eynsh3dcmA1ab+qwfUmxb81iuiDdfGEMPS8+s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uwuNMQc72pWyQK8TRg0HstY3l1Ai6DJhnuFaRewpYp4=; b=OUHKKnYlJchfxiRAe4Vk0KnHPK+iMMfPKlfDHJo9i0OSJZuitIAnQ1P/97zHGBlY6W INRv130U4jWGziDohC4lbJ0/OWdpQxt7gSKaehyMYtXVvc3VBhz4ZbIBYEVy390B7AKN Ot2Dpe1dBG0aQCID6L2VVT4wl4CgTlhx5FVfiqbhLEvy/6+fCigCxdLCDcppOy6IO01u dMZEqRxzmr+F43GkXZjSQ9wjkWBW1X+NeHxhJ0QZqHE+hq1pIynpZ3Q6YWTOqn5GqgMB LqRFye13LudhbJGbr8A/0yVKEmYTLafkoBNtNDtNf3HIVE4GxAPp6rt1Jzhzdaweug2M hAZA== X-Gm-Message-State: APjAAAUwTg4vFfh7ZHghrnOT4XfuTbDTSKe4Ts2FUIZyXC5HyVepu0P2 D+nFzeXiK/6aEUj/9iJLGppIKwrNCU8= X-Received: by 2002:a2e:9086:: with SMTP id l6mr10467710ljg.120.1567632942733; Wed, 04 Sep 2019 14:35:42 -0700 (PDT) Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com. [209.85.208.169]) by smtp.gmail.com with ESMTPSA id q26sm11380lfd.53.2019.09.04.14.35.40 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Sep 2019 14:35:41 -0700 (PDT) Received: by mail-lj1-f169.google.com with SMTP id 7so209361ljw.7 for ; Wed, 04 Sep 2019 14:35:40 -0700 (PDT) X-Received: by 2002:a2e:3c14:: with SMTP id j20mr10927110lja.84.1567632938615; Wed, 04 Sep 2019 14:35:38 -0700 (PDT) MIME-Version: 1.0 References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-11-cyphar@cyphar.com> In-Reply-To: From: Linus Torvalds Date: Wed, 4 Sep 2019 14:35:22 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v12 10/12] namei: aggressively check for nd->root escape on ".." resolution To: Aleksa Sarai Cc: Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Shuah Khan , Shuah Khan , Ingo Molnar , Peter Zijlstra , Christian Brauner , Jann Horn , Kees Cook , Eric Biederman , Andy Lutomirski , Andrew Morton , Alexei Starovoitov , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Rasmus Villemoes , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Aleksa Sarai , Linux Containers , alpha , Linux API , linux-arch , Linux ARM , linux-fsdevel , linux-ia64@vger.kernel.org, Linux List Kernel Mailing , "open list:KERNEL SELFTEST FRAMEWORK" , linux-m68k , linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390 , Linux-sh list , linux-xtensa@linux-xtensa.org, sparclinux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 4, 2019 at 2:09 PM Linus Torvalds wrote: > > So you'd have three stages: > > 1) ".." always returns -EXDEV > > 2) ".." returns -EXDEV if there was a concurrent rename/mount > > 3) ".." returns -EXDEV if there was a concurrent rename/mount and we > reset the sequence numbers and check if you escaped. In fact, I wonder if this should return -EAGAIN instead - to say that "retrying may work". Because then: > Also, I'm not 100% convinced that (3) is needed at all. I think the > retry could be done in user space instead, which needs to have a > fallback anyway. Yes? No? Any user mode fallback would want to know whether it's a final error or whether simply re-trying might make it work again. I think that re-try case is valid for any of the possible "races happened, we can't guarantee that it's safe", and retrying inside the kernel (or doing that re-validation) could have latency issues. Maybe ".." is the only such case. I can't think of any other ones in your series, but at least conceptually they could happen. For example, we've had people who wanted pathname lookup without any IO happening, because if you have to wait for IO you could want to use another thread etc if you're doing some server in user space.. Linus