Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1865088ybv; Thu, 6 Feb 2020 11:12:06 -0800 (PST) X-Google-Smtp-Source: APXvYqy6Z5OEmHXOAKj6z6aAeVUXZIBa8Ky1I00yTCWTpsQ0gRYjauvjDJ8Byh/EmC0oXJEFWPnC X-Received: by 2002:a9d:4541:: with SMTP id p1mr31920253oti.199.1581016326334; Thu, 06 Feb 2020 11:12:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581016326; cv=none; d=google.com; s=arc-20160816; b=gMACXDIYFfHALO/OPtjiAhDbITqSyMxXyY9E6z2BRPRxMkIV/L7S9MWE5pHz0Na1Fw 4i+ySLlWKhlmTLXdYbVYAeS7BaUL8VJwx50SehI9D+e013Le8s3kc+3XmsnZoSW7WqcC sfz2FQNUKz2XXTIiBoHh+/711iajqxatPJ1XEk84Iq4t1PttGNKxvHNueOns7k+BvEq0 XYHwIv5rJQCXyA4UZKZl4moIaMeC5k2KCh3O7wTIPoyeq935tIAEPYSHY2+xRt1FThRm JzodLnpBg3DafzCFNwhqrTvoHtTnSOjyNhMfCgut40lSG5lcTKBHaOrhmIvauHsRPgB8 cIWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=y0pT29ClCf7RkfthHwCY2/Eag9Xi+xiynNVAeKgXOlY=; b=SD6ZFqrZQOiMUE7IoFheFXowVSrC6t4fyfUs7jQdbpkpXMMYx2/L8f7DlIQblEsJhF 79lFZU4MtLps8JhP/FeZMzBc1O8he2oen6tCoxojfG/g+ZzxYQ0d0IIid5ABkO82fFGS dQq5L1NNGBS19E+gpoGkM3wY1t2WSfPJZjbQLNVC3AGvlOT8NVgVEI0ADAqHTCfTu6Kc 9cJTl0CtPNLRBdQt7omsUJPrdbNSciKF/cbKhPj3JnX6/7H7g+zmvbu4FfvJXmGUB98/ B7ElF9FgY9TGS8NdjGOGx83PFhC/9Vy2DCq7yAG6tT8kQwe+zHB6Q4rlWQvgETFzmlRB z3Wg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e13si278350otr.167.2020.02.06.11.11.54; Thu, 06 Feb 2020 11:12:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727897AbgBFTKv (ORCPT + 99 others); Thu, 6 Feb 2020 14:10:51 -0500 Received: from mail-io1-f65.google.com ([209.85.166.65]:37478 "EHLO mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727479AbgBFTKu (ORCPT ); Thu, 6 Feb 2020 14:10:50 -0500 Received: by mail-io1-f65.google.com with SMTP id k24so7474473ioc.4 for ; Thu, 06 Feb 2020 11:10:49 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=y0pT29ClCf7RkfthHwCY2/Eag9Xi+xiynNVAeKgXOlY=; b=i/87nf+b+lkWyT4cI9kzrEkHXVT/qU+/FnRnwRjl0r+gcAr3OC/vGEpEXRCpnMG3Qp ZhYBYWp9nNnVUSEQ2D/r3JjvvEpqK/NKvtVmaYmq7XFhPAWvN2HcTF6MpkR5HWw0Ix4I lXg/C8mlmxE4Wbkp34oD9GdI4PNDzWgdrkIPNwr9kMk1Q/OMpNke2CAIZmGob3Uz6c1+ hIJ3L2EP4pd3twCQx2u6lu+D0lfxLN1LcL70DzRNdNWaPPRRyYFOZDVIlyycO7DozvM5 sKj1oyel8R6CAGbA50vuobY9ndm9ISoE/ALlIqlsnVkzQ840IGRKNCTryd3bPuKFBYx2 EBWw== X-Gm-Message-State: APjAAAX0hnocX4HxEVgbGtsQ1N6JthgzXRWn9cJy2hisEcLvglfKsBe9 mGGcCBxcmvNk5WQ8WhrDZroscw== X-Received: by 2002:a6b:e601:: with SMTP id g1mr34051816ioh.55.1581016248293; Thu, 06 Feb 2020 11:10:48 -0800 (PST) Received: from google.com ([2620:15c:183:200:855f:8919:84a7:4794]) by smtp.gmail.com with ESMTPSA id d18sm121599iom.39.2020.02.06.11.10.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Feb 2020 11:10:47 -0800 (PST) Date: Thu, 6 Feb 2020 12:10:45 -0700 From: Ross Zwisler To: David Howells Cc: Matthew Wilcox , Raul Rangel , linux-kernel , Mattias Nissler , Alexander Viro , linux-fsdevel@vger.kernel.org, Benjamin Gordon , Micah Morton , Dmitry Torokhov , Jan Kara , Aleksa Sarai Subject: Re: [PATCH v5] Add a "nosymfollow" mount option. Message-ID: References: <20200204215014.257377-1-zwisler@google.com> <20200205032110.GR8731@bombadil.infradead.org> <20200205034500.x3omkziqwu3g5gpx@yavin> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200205034500.x3omkziqwu3g5gpx@yavin> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 4, 2020 at 8:45 PM Aleksa Sarai wrote: > On 2020-02-04, Matthew Wilcox wrote: > > On Tue, Feb 04, 2020 at 04:49:48PM -0700, Ross Zwisler wrote: > > > On Tue, Feb 4, 2020 at 3:11 PM Ross Zwisler wrote: > > > > On Tue, Feb 4, 2020 at 2:53 PM Raul Rangel wrote: > > > > > > --- a/include/uapi/linux/mount.h > > > > > > +++ b/include/uapi/linux/mount.h > > > > > > @@ -34,6 +34,7 @@ > > > > > > #define MS_I_VERSION (1<<23) /* Update inode I_version field */ > > > > > > #define MS_STRICTATIME (1<<24) /* Always perform atime updates */ > > > > > > #define MS_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */ > > > > > > +#define MS_NOSYMFOLLOW (1<<26) /* Do not follow symlinks */ > > > > > Doesn't this conflict with MS_SUBMOUNT below? > > > > > > > > > > > > /* These sb flags are internal to the kernel */ > > > > > > #define MS_SUBMOUNT (1<<26) > > > > > > > > Yep. Thanks for the catch, v6 on it's way. > > > > > > It actually looks like most of the flags which are internal to the > > > kernel are actually unused (MS_SUBMOUNT, MS_NOREMOTELOCK, MS_NOSEC, > > > MS_BORN and MS_ACTIVE). Several are unused completely, and the rest > > > are just part of the AA_MS_IGNORE_MASK which masks them off in the > > > apparmor LSM, but I'm pretty sure they couldn't have been set anyway. > > > > > > I'll just take over (1<<26) for MS_NOSYMFOLLOW, and remove the rest in > > > a second patch. > > > > > > If someone thinks these flags are actually used by something and I'm > > > just missing it, please let me know. > > > > Afraid you did miss it ... > > > > /* > > * sb->s_flags. Note that these mirror the equivalent MS_* flags where > > * represented in both. > > */ > > ... > > #define SB_SUBMOUNT (1<<26) > > > > It's not entirely clear to me why they need to be the same, but I haven't > > been paying close attention to the separation of superblock and mount > > flags, so someone else can probably explain the why of it. > > I could be wrong, but I believe this is historic and originates from the > kernel setting certain flags internally (similar to the whole O_* flag, > "internal" O_* flag, and FMODE_NOTIFY mixup). > > Also, one of the arguments for the new mount API was that we'd run out > MS_* bits so it's possible that you have to enable this new mount option > in the new mount API only. (Though Howells is the right person to talk > to on this point.) As far as I can tell, SB_SUBMOUNT doesn't actually have any dependence on MS_SUBMOUNT. Nothing ever sets or checks MS_SUBMOUNT from within the kernel, and whether or not it's set from userspace has no bearing on how SB_SUBMOUNT is used. SB_SUBMOUNT is set independently inside of the kernel in vfs_submount(). I agree that their association seems to be historical, introduced in this commit from David Howells: e462ec50cb5fa VFS: Differentiate mount flags (MS_*) from internal superblock flags In that commit message David notes: (1) Some MS_* flags get translated to MNT_* flags (such as MS_NODEV -> MNT_NODEV) without passing this on to the filesystem, but some filesystems set such flags anyway. I think this is sort of what we are trying to do with MS_NOSYMFOLLOW: have a userspace flag that translates to MNT_NOSYMFOLLOW, but which doesn't need an associated SB_* flag. Is it okay to reclaim the bit currently owned by MS_SUBMOUNT and use it for MS_NOSYMFOLLOW. A second option would be to choose one of the unused MS_* values from the middle of the range, such as 256 or 512. Looking back as far as git will let me, I don't think that these flags have been used for MS_* values at least since v2.6.12: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/linux/fs.h?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 I think maybe these used to be S_WRITE and S_APPEND, which weren't filesystem mount flags? https://sites.uclouvain.be/SystInfo/usr/include/sys/mount.h.html A third option would be to create this flag using the new mount system: https://lwn.net/Articles/753473/ https://lwn.net/Articles/759499/ My main concern with this option is that for Chrome OS we'd like to be able to backport whatever solution we come up with to a variety of older kernels, and if we go with the new mount system this would require us to backport the entire new mount system to those kernels, which I think is infeasible. David, what are your thoughts on this? Of these three options for supporting a new MS_NOSYMFOLLOW flag: 1) reclaim the bit currently used by MS_SUBMOUNT 2) use a smaller unused value for the flag, 256 or 512 3) implement the new flag only in the new mount system do you think either #1 or #2 are workable? If so, which would you prefer?