Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp318879rdb; Fri, 6 Oct 2023 04:45:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEbPIIakBXbG0XzIQCSx6iX4dvd89znnIzEZorIOt9PyLusTE44sw26g+lHLvJPbs7J6YGA X-Received: by 2002:a05:6e02:1bc7:b0:351:5d8f:d299 with SMTP id x7-20020a056e021bc700b003515d8fd299mr10207566ilv.7.1696592710556; Fri, 06 Oct 2023 04:45:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696592710; cv=none; d=google.com; s=arc-20160816; b=cSnZxW7+8FnSK555PRdRlSZmWEfBYxcQ8ytw+TM9ZbZSe6OwF3nINolYJTM37T2jCE 255kD2N2bJ3RwtD9ohgsWRLWhMdQhHztBtJiQ9dmIBfV+aB7vkeMD6oCYVjIcNp/NWzz mosO7p67KKkGWNWjN9Es//r/hA15EkEqvfZqxglNY8kU/n60F/NZZkhdpbdKkgC993TE ntzYIRPuCHaNldVsrQTb0U/o7X7+UAlz6Lky+9eawBfdUy0RZD5NbvG1CeHbZePETKEJ F4FGJ9mQ52ucZMtkSHro3vOnjZhqh6Tn9tmLSkSfvEEXBBT4+19kWuP+/cMj/fXTdL+0 rOag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=ZM+JEXPoWkqE2R2OZqnBYJfbJJGioqTQDA2fARdnsWI=; fh=/XxYHh6xYS4KCfk4y6ZX1U5asMH2x3zWrk3bB0x8Vxo=; b=bMUJaRjw8FZp2FrDPlx1yN4YRaCtU0Q+A+PLVSV0Pm3U7KucxXPF3nruCzTDX1TFvN DzeKakcWH8b0HTBctY4f2rZYOay2FyCcKIqM5v1EODHoiMXscGxZO9fR/DkBOZ/sBcGB 1OqBRjtHI/H5Ypkjbis1EuM7vqoEQ3y4hbx4xAhX+7e6Y3FYeFdU7yCrpZN3T5WG1uFC sRkAA0OMJRIHv8e9QrFFuQN6MB4mJudBwefMGJana03RVLo+b60PTU2yILV2qVmGdTbR BMaXs8JF87MTQ99u2YZofZqs3mbtgJccmO1FmWLEhv/fo0FNTtl2zT1tRAQbuJN1QGzw EXcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=F7BpiSVf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id m1-20020a633f01000000b00584e05f62e1si3602439pga.297.2023.10.06.04.45.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 04:45:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=F7BpiSVf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 082348120B44; Fri, 6 Oct 2023 04:45:06 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232118AbjJFLow (ORCPT + 99 others); Fri, 6 Oct 2023 07:44:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231887AbjJFLov (ORCPT ); Fri, 6 Oct 2023 07:44:51 -0400 Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99AC1CE; Fri, 6 Oct 2023 04:44:50 -0700 (PDT) Received: by mail-qv1-xf2c.google.com with SMTP id 6a1803df08f44-65b0e623189so10041076d6.1; Fri, 06 Oct 2023 04:44:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696592689; x=1697197489; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ZM+JEXPoWkqE2R2OZqnBYJfbJJGioqTQDA2fARdnsWI=; b=F7BpiSVf2F/x2fwRipqpz0Th059a8mX5wASI3qWhlG1NAZjnY/YFoftm3vrZQdXy4X 78fdwPcMJ/Jvls85aPUMT0LVMB/Qx20twYzaOfzAr5yz8pY5PlwgJed5KPy6WLMVic0h aLLqXRQnS1GmZfZ63bRFFY894P7GXcxd+edrurwd6xyZZ4T0ybn9CGqzYftouc24roMK qQ0tD/CYDdruznRN+6JwegvDVITdnqjXJ3I4gkMCC3b433wgiMRVB193FsUgXIIqa6T5 BLQOQXYzwxsbo/tXezj9UZXoQNsPLe6hIDwhKS2kytOI9A+54c4nuFqlpnHm5dlA4RAG ylow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696592690; x=1697197490; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZM+JEXPoWkqE2R2OZqnBYJfbJJGioqTQDA2fARdnsWI=; b=RGDrjEb15zBWB5uYU6ac25EbSEf1t4LKYAkgsh/UMNDkJiN+egaRSa1l3kYtPAAo4t ppGdIkpwGJV1s7L6lWEhxKTyvHS9kvTJOR3jM5WNsguG+SKWA09OeFDfPVvWkYbOLjqp muezzkrcnhbJfgPygYwBO8I6UuIVwOB3E4XGHOUgG/aQHdTmx4xitPawhYJ5OJeqVl2L 5R31Us+NgpsW65az9thv3HNAFbe33KWEE8M1LN7KnVsdPbuWLsQ2JBO/l+/Rhc+VfZTL bHaHN+0pMZCqMZ9CUbC2iItC5nQXBabAGFMVs2+tdzHYv6x/8T9s5ke37qdIcYCSz00U WtPw== X-Gm-Message-State: AOJu0YxnKjr7mlv1EIuHEMYw1uClS653nJutBKo9vZp390Ypqn4UI3IN kyeodw0Oos9uUYCIzYGi6/1Z9x4sJs7BkJATPm3ee5A9 X-Received: by 2002:a0c:c409:0:b0:64f:3699:90cd with SMTP id r9-20020a0cc409000000b0064f369990cdmr8286281qvi.42.1696592689654; Fri, 06 Oct 2023 04:44:49 -0700 (PDT) MIME-Version: 1.0 References: <20230928130147.564503-1-mszeredi@redhat.com> <20230928130147.564503-2-mszeredi@redhat.com> In-Reply-To: From: Amir Goldstein Date: Fri, 6 Oct 2023 14:44:38 +0300 Message-ID: Subject: Re: [PATCH v3 1/4] add unique mount ID To: Miklos Szeredi Cc: Miklos Szeredi , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , Ian Kent , David Howells , Linus Torvalds , Al Viro , Christian Brauner , Matthew House , Florian Weimer , Arnd Bergmann , Paul Moore Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_SBL_CSS, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 06 Oct 2023 04:45:06 -0700 (PDT) X-Spam-Level: ** On Thu, Oct 5, 2023 at 6:52=E2=80=AFPM Miklos Szeredi w= rote: > > On Thu, 28 Sept 2023 at 15:03, Miklos Szeredi wrote= : > > > > If a mount is released then its mnt_id can immediately be reused. This= is > > bad news for user interfaces that want to uniquely identify a mount. > > > > Implementing a unique mount ID is trivial (use a 64bit counter). > > Unfortunately userspace assumes 32bit size and would overflow after the > > counter reaches 2^32. > > > > Introduce a new 64bit ID alongside the old one. Initialize the counter= to > > 2^32, this guarantees that the old and new IDs are never mixed up. > > It occurred to me that it might make sense to make this counter > per-namespace. That would allow more separation between namespaces, > like preventing the observation of mount creations in other > namespaces. > Preventing the observation of mount creations in other mount namespaces is independent of whether a global mntid namespace is used. > Does a global number make any sense? > I think global mntid namepsace makes notifications API a lot easier. A process (e.g. systemd) may set marks to watch new mounts on different mount namespaces. If mntid could collide in different mount namepsaces, we will either need to describe the mount namespace in the event or worse, map child mount namespace mntid to parent mount namespace like with uids. If we use a global mntid namespace, multi mount namespace watching becomes much much easier. Regarding the possible scopes for watching added/removed mounts we could support: - watch parent mount for children mounts (akin to inotify directory watch) - watch all mounts of a filesystem - watch all mounts in mount namespace - watch on entire system Not sure which of the above we will end up implementing, but the first two can use existing fanotify mount/sb marks. Thanks, Amir.