[PATCH review 0/7] Bind mount escape fixes

Linus Torvalds torvalds at linux-foundation.org
Sat Aug 15 22:47:50 UTC 2015


On Sat, Aug 15, 2015 at 2:07 PM, Eric W. Biederman
<ebiederm at xmission.com> wrote:
>
> Yes we can compare s_root and mnt_root and only call is_subir  if they don't match.

Not even "is_subdir()" - for the RCU traversal case, just d_ancestor()
should be sufficient since we'd already be in an RCU read-locked
region and the RCU lookup checks the rename sequence number around it
all.

And d_ancestor() should really be pretty low-cost - even *if* we have
to call it, which wouldn't even be the case for the normal situation.

> At this point it is a matter of trade offs.
>
> If there is not an escape I do not expect my current implementation will have a measurable cost.
> And I don't expect there will be any escapes.

So the cost I worry about is not the CPU cost, but the complexity and
correctness. If anything goes subtly wrong, the end result is going to
be some very very subtle bugs.

And personally, I'd be much happier with something that is a bit more
straightforward, even if it makes ".." lookup slower. Especially since
I think we can limit the costs to fairly obvious cases (ie only for
partial bind mounts). Keep the code more straightforward, and *if* we
ever see the cost of dentry traversal

But it's up to Al, I think.

Al, comments?

                Linus


More information about the Containers mailing list