Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4677215pxj; Wed, 12 May 2021 10:39:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxbZwq6O2Hqf5nA35csY2x7fFkJYnAfDxfL9wVWb+SH4bgaE3+SkvwK3DfhphQZzyjGBkHG X-Received: by 2002:a05:6402:17d7:: with SMTP id s23mr44789526edy.66.1620841195209; Wed, 12 May 2021 10:39:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620841195; cv=none; d=google.com; s=arc-20160816; b=ZpKZarb9TJOG+feKDCnVXwK1682bfVOqd8uhr3L1cuiHF/65bHe0PAJkff4YbtixSt UeefZV+1Q/2LXP2dipEZlFBfo7BsGHhhT8KjXtVZY14DdmmYVCMZAX70ut9t0XenC9ag JQo5xSIdmE+MX0+7sIO3Z9s4dazyaDNRGNVytBihQ8QXru1ze319RPIQs4PBEaf9QBMy 6Uf53rKe90YKizdcTBAjDGSt6OVACmHykopGfCAGhi/F/o1ZfQYVki9/KSVlnisJPSZu 55kceIbbubgScZ+4zbOlZMhvaidhxUS5rL3gv8cB+cezT9UerZ3b8Zs0C2uZM5/r4kuP hlDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=TqeQQp/2PKEAcDHrxI8IrzfVjm3JmgRBZIVHZiA6Xwo=; b=rta3zCaIapdpZ1piZcyiuBuYdfdIFsD3qNdVfTa4NbKr2SL5k92DhZznFwYfNaBr34 3Iw31zn1F0PaUsAZUOAKlsvDjd53uqQWtCRdL6B5694nA4TMICRqKVq+YsNoeSxbe/df EehIN0vQzA2mFaTow+1X2RLkc05Lw9gvpkPXIx23uy2QWgBor6BHVUp5FoNxQY0aPhV1 wxBPaDxFwOI2OLJWDFHBcT8A8qNqccDpu5Qw88nzzTftPNj3ncgb9YE7K2kzNmyZ07Di MRJ73lpNEO6LhDe/ZQ8zBk9qX+r/duoalgyOL+ZFcJnYuHtWx6NK8mm8LNNo7o3rkHJA y3VA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h15si465400eje.694.2021.05.12.10.39.30; Wed, 12 May 2021 10:39:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240083AbhELRZy (ORCPT + 99 others); Wed, 12 May 2021 13:25:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:36288 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239159AbhELQHa (ORCPT ); Wed, 12 May 2021 12:07:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id F002661C49; Wed, 12 May 2021 15:36:26 +0000 (UTC) Date: Wed, 12 May 2021 17:36:21 +0200 From: Christian Brauner To: Jan Kara Cc: Sascha Hauer , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Christoph Hellwig , kernel@pengutronix.de, Jan Kara , Richard Weinberger , Al Viro Subject: Re: [PATCH v3 0/2] quota: Add mountpath based quota support Message-ID: <20210512153621.n5u43jsytbik4yze@wittgenstein> References: <20210304123541.30749-1-s.hauer@pengutronix.de> <20210316112916.GA23532@quack2.suse.cz> <20210512110149.GA31495@quack2.suse.cz> <20210512125310.m3b4ralhwsdocpyb@wittgenstein> <20210512131429.GA2734@quack2.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20210512131429.GA2734@quack2.suse.cz> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 12, 2021 at 03:14:29PM +0200, Jan Kara wrote: > On Wed 12-05-21 14:53:10, Christian Brauner wrote: > > On Wed, May 12, 2021 at 01:01:49PM +0200, Jan Kara wrote: > > > Added a few more CCs. > > > > > > On Tue 16-03-21 12:29:16, Jan Kara wrote: > > > > On Thu 04-03-21 13:35:38, Sascha Hauer wrote: > > > > > Current quotactl syscall uses a path to a block device to specify the > > > > > filesystem to work on which makes it unsuitable for filesystems that > > > > > do not have a block device. This series adds a new syscall quotactl_path() > > > > > which replaces the path to the block device with a mountpath, but otherwise > > > > > behaves like original quotactl. > > > > > > > > > > This is done to add quota support to UBIFS. UBIFS quota support has been > > > > > posted several times with different approaches to put the mountpath into > > > > > the existing quotactl() syscall until it has been suggested to make it a > > > > > new syscall instead, so here it is. > > > > > > > > > > I'm not posting the full UBIFS quota series here as it remains unchanged > > > > > and I'd like to get feedback to the new syscall first. For those interested > > > > > the most recent series can be found here: https://lwn.net/Articles/810463/ > > > > > > > > Thanks. I've merged the two patches into my tree and will push them to > > > > Linus for the next merge window. > > > > > > So there are some people at LWN whining that quotactl_path() has no dirfd > > > and flags arguments for specifying the target. Somewhat late in the game > > > but since there's no major release with the syscall and no userspace using > > > it, I think we could still change that. What do you think? What they > > > suggest does make some sense. But then, rather then supporting API for > > > million-and-one ways in which I may wish to lookup a fs object, won't it be > > > better to just pass 'fd' in the new syscall (it may well be just O_PATH fd > > > AFAICT) and be done with that? > > > > I think adding a dirfd argument makes a lot of sense (Unless there are > > some restrictions around quotas I'm misunderstanding.). > > > > If I may: in general, I think we should aim to not add additional system > > calls that operate on paths only. Purely path-based apis tend to be the > > source of security issues especially when scoped lookups are really > > important which given the ubiquity of sandboxing solutions nowadays is > > quite often actually. > > For example, when openat2() landed it gave such a boost in lookup > > capabilities that I switched some libraries over to only ever do scoped > > lookups, i.e. I decide on a starting point that gets opened path-based > > and then explicitly express how I want that lookup to proceed ultimately > > opening the final path component on which I want to perform operations. > > Combined with the mount API almost everything can be done purely fd > > based. > > > > In addition to that dirfd-scopable system calls allow for a much nicer > > api experience when programming in userspace. > > OK, thanks for your insights. But when we add 'dirfd' I wonder whether we > still need the 'path' component then. I mean you can always do fd = > openat2(), quotactl_fd(fd, ...). After all ioctl() works exactly that way > since the beginning. The only advantage of quotactl_xxx() taking path would > be saving the open(2) call. That is somewhat convenient for simple cases > (but also error prone in complex setups as you point out) and can be also > sligthly faster (but quotactl is hardly a performance sensitive thing)... That's a bit tricky indeed. It would feel consistent to add a path argument as most of our fs apis seems to work that way even stuff like fanotify_mark() but indeed a fd-only based api would be fine too. I would try to follow recent additions/prior art here, I think.