Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp356194rdb; Fri, 6 Oct 2023 05:49:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHrQzQ4Xbu0H+KbZE6PINZxTGqmtOUQS1tiLGZEFr06Wrp/nD5MYx36Ps+PHqjklncXvV/S X-Received: by 2002:a05:6a20:394d:b0:153:5366:dec1 with SMTP id r13-20020a056a20394d00b001535366dec1mr9298428pzg.15.1696596554778; Fri, 06 Oct 2023 05:49:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696596554; cv=none; d=google.com; s=arc-20160816; b=ixpQBQvShHzK4OYTgFta8nbCeidZ3kseQNWinraL64HOX6nxMkjqA5D47H3K5fAfNo 9X9TAFBLkYOyxRODXRj4f0/HjJR15k1tAHevEUWviORF+h4WeBFZxKprljRKNgGHQmJW itrkYjxU2o/HXFJopapIAuzSP7lij31ee3JNq01w0A9WE1Die9kJ4p935Fw9NVmd+1FY 3fbC2yiUlRZO6NL8G/hkObNSxEzy7SWE5h+o3Oo1ZcmylvPdRjkTj6TUb4L5EdhYtAIn DFEqU2r5zvDPF2jRbUPOOro0AUWycR8oDeSw6sXY7fkhLAsW7TYdyyZD0kN5bZ48JkNi CfrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=9AHjmOOVg74tMZjWptrYGXUC/br+tpPBZRDuB46pbJ4=; fh=VgNuVRAn7niSQV4orl3sBQwEU734jweHgnHG2PxNzvQ=; b=OJyJ5E2U0HQzio/oLuItTMPkJrd8t/Zyx6NneZtsM6936iJXVy/GE8L4b9OenI31A+ Wac/zfDqz0Uc/7ycV4ldkYtOnG3lNBIcEpr7+ZYw37v12dvmuUDajXaC48QKcxAztVBQ qoS8R92FsydyKKTXWjDHla3WxD/if4vz0pddh4WmXYVTeZnrP6DgSrCT2/R6dODAbJlq K+bBZHQaHj32g0YRTLiwU1yRM6U3gdbpn4GXxt3QQW/3J8OO6YDG6R21cD7zDzk6B5V1 WYz1pbFmpsbaQQwV+sMd5GK+DoQkPVtoCDIxEfEMamweyHxrW0JoRtKpP3twzAMHEJke sYsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=cybkrnUG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id cr6-20020a056a000f0600b00694d034452csi1405781pfb.105.2023.10.06.05.49.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 05:49:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=cybkrnUG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id BD4EB8106782; Fri, 6 Oct 2023 05:49:12 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232209AbjJFMtI (ORCPT + 99 others); Fri, 6 Oct 2023 08:49:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231603AbjJFMtG (ORCPT ); Fri, 6 Oct 2023 08:49:06 -0400 Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 02141C6 for ; Fri, 6 Oct 2023 05:49:04 -0700 (PDT) Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-99c136ee106so372460866b.1 for ; Fri, 06 Oct 2023 05:49:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; t=1696596542; x=1697201342; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=9AHjmOOVg74tMZjWptrYGXUC/br+tpPBZRDuB46pbJ4=; b=cybkrnUGy9JdW8Bq6HZ3s8LtKVkPFd3uIuxU3nZegmL8NCx/gJJvd4tkIGEOEjaGVc TBoQtvncVvvHAiLlNaACmW3GzFvABrLFQMBK7qZkiOr99ujkOEw1F7OLlOWTYVCaevW+ 0CZrL8GNUXClnCF0odjdk3rC5BDyMihuR2Mfw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696596542; x=1697201342; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9AHjmOOVg74tMZjWptrYGXUC/br+tpPBZRDuB46pbJ4=; b=KFQ+edJNOm9mv/8DHgElsjC1uB/N0Jy89m7kq/qp7DrGa6Ski0Mwmn4P+9+7smm5iu YXCIm7wH7k5jDSryrFpbw9JEGwFEfsnQ9gEFfWzkU60cM+I2DXzA1h27PTSXFa+3fBgJ 3Vndd09caVpAe6BHwqeeAzM/C5S4tT2d501Z5YJtAALx1zwcpvAcRtGFNV9H/ON2eyWI sTmC4edm64GVAaAuFyTKtcULAOKlQHScvIP80yEK/BhRvuU7NPXu1DKH7DAJogVjRgd6 Qvjoy/+kOFa7d7FgCElqni/Bd6qm0Y2JzHY+v1MrgeI7R9tC0DXkSMyQ485XfFJdzZMu GpCw== X-Gm-Message-State: AOJu0YxpeC9CLOO0Fp3UupjdxmNOe4VLkx69qAgXotyXjjV4GfjbKXEU DX7wqFGFe8tn3GGKeug2m6c4Iytr15YOUp9T8BIRNw== X-Received: by 2002:a17:907:7790:b0:9b9:facb:d950 with SMTP id ky16-20020a170907779000b009b9facbd950mr1823443ejc.72.1696596542320; Fri, 06 Oct 2023 05:49:02 -0700 (PDT) MIME-Version: 1.0 References: <20230928130147.564503-1-mszeredi@redhat.com> <20230928130147.564503-2-mszeredi@redhat.com> In-Reply-To: From: Miklos Szeredi Date: Fri, 6 Oct 2023 14:48:51 +0200 Message-ID: Subject: Re: [PATCH v3 1/4] add unique mount ID To: Amir Goldstein Cc: Miklos Szeredi , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , Ian Kent , David Howells , Linus Torvalds , Al Viro , Christian Brauner , Matthew House , Florian Weimer , Arnd Bergmann , Paul Moore Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Fri, 06 Oct 2023 05:49:12 -0700 (PDT) On Fri, 6 Oct 2023 at 13:44, Amir Goldstein wrote: > > On Thu, Oct 5, 2023 at 6:52=E2=80=AFPM Miklos Szeredi = wrote: > > > > On Thu, 28 Sept 2023 at 15:03, Miklos Szeredi wro= te: > > > > > > If a mount is released then its mnt_id can immediately be reused. Th= is is > > > bad news for user interfaces that want to uniquely identify a mount. > > > > > > Implementing a unique mount ID is trivial (use a 64bit counter). > > > Unfortunately userspace assumes 32bit size and would overflow after t= he > > > counter reaches 2^32. > > > > > > Introduce a new 64bit ID alongside the old one. Initialize the count= er to > > > 2^32, this guarantees that the old and new IDs are never mixed up. > > > > It occurred to me that it might make sense to make this counter > > per-namespace. That would allow more separation between namespaces, > > like preventing the observation of mount creations in other > > namespaces. > > > > Preventing the observation of mount creations in other mount namespaces > is independent of whether a global mntid namespace is used. A local ID space makes observation of mount creations in other namespaces impossible. While a global ID space does not. ID allocation could be designed in a way that makes observation impossible, but that basically boils down to allocating separate ranges to each namespace, which is equivalent to identifying mounts by an {NSID, MNTID} pair. > > > Does a global number make any sense? > > > > I think global mntid namepsace makes notifications API a lot easier. > A process (e.g. systemd) may set marks to watch new mounts on > different mount namespaces. > > If mntid could collide in different mount namepsaces, we will either > need to describe the mount namespace in the event or worse, > map child mount namespace mntid to parent mount namespace > like with uids. Mntids are quite different from uids in that a certain ID is only valid in a certain namespace. There's no inheritance or sharing of mounts. Also mounts cannot be moved from one namespace to another (with the exception of mounts created in an anonymous namespace). > If we use a global mntid namespace, multi mount namespace > watching becomes much much easier. If the watcher wants to interpret the received event it will have to know the namespace anyway. Otherwise it's just a meaningless number. > Regarding the possible scopes for watching added/removed mounts > we could support: > - watch parent mount for children mounts (akin to inotify directory watch= ) This probably makes sense. > - watch all mounts of a filesystem I don't see a use case. > - watch all mounts in mount namespace Yes. > - watch on entire system Again, I don't see how this could make sense. Each time unshare(CLONE_NEWNS) is invoked a storm of mount creation events will happen. I'd imagine that watching mounts is primarily to complement the directory tree notifications, so that all changes to the path lookup namespace of a process could be monitored. Thanks, Miklos