Re: [git pull] mount API series

From: Linus Torvalds
Date: Thu Nov 01 2018 - 14:33:53 EST

Next message: Jann Horn: "Re: RFC: userspace exception fixups"
Previous message: Cyrill Gorcunov: "[PATCH] posix-timers: Use array safe helper when fetching notification symbolic name"
In reply to: David Howells: "Re: [git pull] mount API series"
Next in thread: Al Viro: "Re: [git pull] mount API series"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Nov 1, 2018 at 10:18 AM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> No. What we have upstream now is most definitely *not* atomic. That said,
> some of the steps of the sequence are atomic in their own right:

It's more that what we have traditionally is atomic wrt user space.
Use space does *one* indivisible operation. There's no way for
user-space to do a half-way mount and say "ok, that's it, I'll just
exit now" (or skip a phase and fool the kernel into handling a
half-way setup issue).

So the new model does require a bit more care in tear-down etc. I'm
not so worried about this, actually, but it *is* different.

Afaik, some of the bugs were exactly in this half-way state bits.

[ And yes, looking back at some the reports I found, it was Alan
Jenkins and mainly the open-tree thing. ]

> Would you be willing to take just the *internal* fs_context changes and leave
> the UAPI for the next window?

Hmm. I had to think about that, but the more I thought about it, the
more I liked it.

Yes. Depending on how that is done, that would make a lot of my
worries go away. *Particularly* if it then allows us to do the
per-filesystem conversion one by one.

So if the patch series can be split up into a prep-phase that doesn't
change any user-visible semantics (including the security side), but
that uses the fs_context internally and allows the filesystems to be
converted to the new world order, than that would make merging the
early work much easier (and then my worry about the later phases would
probably be much less too).

It would be _really_ nice to see that prep-phase be done in a way
where each individual patch very obviously doesn't change semantics.
If it's obvious, then I'm happy to consider that pure prep-work and
willing to merge it after the merge window in order to make the _next_
merge window easier.

Al - can I ask you to look at helping David with something like that?
You tend to be very good at generating those patch-series with
"obviously no changes" for the individual patches, but the end result
ends up being totally different from the starting point (I'm thinking
of all the locking and dentry refcounting series).

Linus

Next message: Jann Horn: "Re: RFC: userspace exception fixups"
Previous message: Cyrill Gorcunov: "[PATCH] posix-timers: Use array safe helper when fetching notification symbolic name"
In reply to: David Howells: "Re: [git pull] mount API series"
Next in thread: Al Viro: "Re: [git pull] mount API series"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]