lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20070108183445.9472D522@localhost.localdomain>
Date:	Mon, 08 Jan 2007 10:34:45 -0800
From:	Dave Hansen <haveblue@...ibm.com>
To:	viro@....linux.org.uk
Cc:	hch@...radead.org, linux-kernel@...r.kernel.org,
	Dave Hansen <haveblue@...ibm.com>
Subject: [PATCH] r/o bind mounts: add vfsmount and superblock writer counts


Hi Al,

I was having Christoph review some of the r/o bind mount patches,
and he wasn't a very big fan of the list of mounts hanging off of
the superblock.

Removing it had a few side-effects.  First of all, it made me move
all of the operations on the counts of writers to underneath the
spinlock that was already there.  I guess this could be a cause
for potential contention because there _are_ locks in the common
code paths now.  But, I do agree with Christoph that it would be
awfully hard to get it contended.

The other side-effect is that we can't have the bit in mnt_flags
to be a shortcut to the superblock's writeable state since we
don't have a way to go find the mounts and that bit when a fs
changes writeable state.  This causes a potential cache miss
when we have to check the superblock directly during the
relatively common __mnt_is_readonly() function.

It does simplify the code quite a bit removing the logic which
avoids looking at the superblock.  Anyway, I thought I'd have
you take a look over this to see if you prefer it over the
previous approach.  Here's a copy of the old approach, just in
case you want to take a look:

http://sr71.net/~dave/robind/03-24-add-vfsmount-writer-count.patch


---

 lxc-dave/fs/inode.c            |    5 ++++
 lxc-dave/fs/namespace.c        |   47 ++++++++++++++++++++++++++++++++++++++---
 lxc-dave/fs/super.c            |   31 ++++++++++++++++++++++-----
 lxc-dave/include/linux/fs.h    |    5 ++++
 lxc-dave/include/linux/mount.h |   21 +++++++++++-------
 5 files changed, 93 insertions(+), 16 deletions(-)

diff -puN fs/namespace.c~03-24-add-vfsmount-writer-count fs/namespace.c
--- lxc/fs/namespace.c~03-24-add-vfsmount-writer-count	2007-01-08 10:18:23.000000000 -0800
+++ lxc-dave/fs/namespace.c	2007-01-08 10:20:59.000000000 -0800
@@ -56,6 +56,7 @@ struct vfsmount *alloc_vfsmnt(const char
 	struct vfsmount *mnt = kmem_cache_zalloc(mnt_cache, GFP_KERNEL);
 	if (mnt) {
 		atomic_set(&mnt->mnt_count, 1);
+		mnt->mnt_writers = 0;
 		INIT_LIST_HEAD(&mnt->mnt_hash);
 		INIT_LIST_HEAD(&mnt->mnt_child);
 		INIT_LIST_HEAD(&mnt->mnt_mounts);
@@ -877,15 +878,52 @@ out_unlock:
 	return err;
 }
 
+int mnt_make_readonly(struct vfsmount *mnt)
+{
+	int ret = 0;
+
+	WARN_ON(__mnt_is_readonly(mnt));
+
+	/*
+	 * This flag set is actually redundant with what
+	 * happens in do_remount(), but since we do this
+	 * under the lock, anyone attempting to get a write
+	 * on it after this will fail.
+	 */
+	spin_lock(&mnt->mnt_sb->s_mnt_writers_lock);
+	if (!mnt->mnt_writers)
+		mnt->mnt_flags |= MNT_READONLY;
+	else
+		ret = -EBUSY;
+	spin_unlock(&mnt->mnt_sb->s_mnt_writers_lock);
+	return ret;
+}
+
 int mnt_want_write(struct vfsmount *mnt)
 {
-	if (__mnt_is_readonly(mnt))
-		return -EROFS;
-	return 0;
+	int ret = 0;
+	spin_lock(&mnt->mnt_sb->s_mnt_writers_lock);
+	if (mnt->mnt_writers)
+		goto out;
+
+	if (__mnt_is_readonly(mnt)) {
+		ret = -EROFS;
+		goto out;
+	}
+	mnt->mnt_sb->s_writers++;
+	mnt->mnt_writers++;
+out:
+	spin_unlock(&mnt->mnt_sb->s_mnt_writers_lock);
+	return ret;
 }
+EXPORT_SYMBOL_GPL(mnt_want_write);
 
 void mnt_drop_write(struct vfsmount *mnt)
 {
+	spin_lock(&mnt->mnt_sb->s_mnt_writers_lock);
+	mnt->mnt_sb->s_writers--;
+	mnt->mnt_writers--;
+	spin_unlock(&mnt->mnt_sb->s_mnt_writers_lock);
 }
 
 /*
@@ -986,6 +1024,7 @@ static int do_remount(struct nameidata *
 		security_sb_post_remount(nd->mnt, flags, data);
 	return err;
 }
+EXPORT_SYMBOL_GPL(mnt_drop_write);
 
 static inline int tree_contains_unbindable(struct vfsmount *mnt)
 {
@@ -1410,6 +1449,8 @@ long do_mount(char *dev_name, char *dir_
 		((char *)data_page)[PAGE_SIZE - 1] = 0;
 
 	/* Separate the per-mountpoint flags */
+	if (flags & MS_RDONLY)
+		mnt_flags |= MNT_READONLY;
 	if (flags & MS_NOSUID)
 		mnt_flags |= MNT_NOSUID;
 	if (flags & MS_NODEV)
diff -puN fs/super.c~03-24-add-vfsmount-writer-count fs/super.c
--- lxc/fs/super.c~03-24-add-vfsmount-writer-count	2007-01-08 10:18:23.000000000 -0800
+++ lxc-dave/fs/super.c	2007-01-08 10:20:20.000000000 -0800
@@ -93,6 +93,8 @@ static struct super_block *alloc_super(s
 		s->s_qcop = sb_quotactl_ops;
 		s->s_op = &default_op;
 		s->s_time_gran = 1000000000;
+		s->s_writers = 0;
+		spin_lock_init(&s->s_mnt_writers_lock);
 	}
 out:
 	return s;
@@ -576,6 +578,20 @@ static void mark_files_ro(struct super_b
 	file_list_unlock();
 }
 
+static int sb_remount_ro(struct super_block *sb)
+{
+	return fs_may_remount_ro(sb);
+}
+
+static void sb_remount_rw(struct super_block *sb)
+{
+	/*
+	 * No action, yet.  This will soon
+	 * notify the mounts that the sb
+	 * has become writeable.
+	 */
+}
+
 /**
  *	do_remount_sb - asks filesystem to change mount options.
  *	@sb:	superblock in question
@@ -587,7 +603,8 @@ static void mark_files_ro(struct super_b
  */
 int do_remount_sb(struct super_block *sb, int flags, void *data, int force)
 {
-	int retval;
+	int retval = 0;
+	int sb_started_ro = (sb->s_flags & MS_RDONLY);
 	
 #ifdef CONFIG_BLOCK
 	if (!(flags & MS_RDONLY) && bdev_read_only(sb->s_bdev))
@@ -600,13 +617,14 @@ int do_remount_sb(struct super_block *sb
 
 	/* If we are remounting RDONLY and current sb is read/write,
 	   make sure there are no rw files opened */
-	if ((flags & MS_RDONLY) && !(sb->s_flags & MS_RDONLY)) {
+	if ((flags & MS_RDONLY) && !sb_started_ro) {
 		if (force)
 			mark_files_ro(sb);
-		else if (!fs_may_remount_ro(sb))
-			return -EBUSY;
+		else
+			retval = sb_remount_ro(sb);
+		if (retval)
+			return retval;
 	}
-
 	if (sb->s_op->remount_fs) {
 		lock_super(sb);
 		retval = sb->s_op->remount_fs(sb, &flags, data);
@@ -614,6 +632,9 @@ int do_remount_sb(struct super_block *sb
 		if (retval)
 			return retval;
 	}
+	if (!(flags & MS_RDONLY) && sb_started_ro)
+		sb_remount_rw(sb);
+
 	sb->s_flags = (sb->s_flags & ~MS_RMT_MASK) | (flags & MS_RMT_MASK);
 	return 0;
 }
diff -puN include/linux/fs.h~03-24-add-vfsmount-writer-count include/linux/fs.h
--- lxc/include/linux/fs.h~03-24-add-vfsmount-writer-count	2007-01-08 10:18:23.000000000 -0800
+++ lxc-dave/include/linux/fs.h	2007-01-08 10:18:23.000000000 -0800
@@ -969,6 +969,8 @@ struct super_block {
 	struct list_head	s_io;		/* parked for writeback */
 	struct hlist_head	s_anon;		/* anonymous dentries for (nfs) exporting */
 	struct list_head	s_files;
+	int			s_writers;	/* number of files open for write */
+	spinlock_t		s_mnt_writers_lock; /* taken when mounts change rw state */
 
 	struct block_device	*s_bdev;
 	struct list_head	s_instances;
@@ -1277,6 +1279,9 @@ static inline void check_nlink(struct in
 		return;
 
 	inode->i_state |= I_AWAITING_FINAL_IPUT;
+	spin_lock(&inode->i_sb->s_mnt_writers_lock);
+	inode->i_sb->s_writers--;
+	spin_unlock(&inode->i_sb->s_mnt_writers_lock);
 }
 
 /**
diff -puN include/linux/mount.h~03-24-add-vfsmount-writer-count include/linux/mount.h
--- lxc/include/linux/mount.h~03-24-add-vfsmount-writer-count	2007-01-08 10:18:23.000000000 -0800
+++ lxc-dave/include/linux/mount.h	2007-01-08 10:28:04.000000000 -0800
@@ -28,6 +28,7 @@ struct mnt_namespace;
 #define MNT_NOATIME	0x08
 #define MNT_NODIRATIME	0x10
 #define MNT_RELATIME	0x20
+#define MNT_READONLY	0x40 /* does the user want this to be r/o? */
 
 #define MNT_SHRINKABLE	0x100
 
@@ -53,7 +54,7 @@ struct vfsmount {
 	struct list_head mnt_slave;	/* slave list entry */
 	struct vfsmount *mnt_master;	/* slave is on master->mnt_slave_list */
 	struct mnt_namespace *mnt_ns;	/* containing namespace */
-	atomic_t mnt_writers;		/* nr files open for write */
+	int mnt_writers;		/* nr files open for write */
 	/*
 	 * We put mnt_count & mnt_expiry_mark at the end of struct vfsmount
 	 * to let these frequently modified fields in a separate cache line
@@ -71,17 +72,21 @@ static inline struct vfsmount *mntget(st
 	return mnt;
 }
 
-/*
- * This is temporary for now.  We also don't want to check
- * the SB in because it is already checked in other
- * code paths.  We'll have a better way to do this in
- * the end of this series
- */
 static inline int __mnt_is_readonly(struct vfsmount *mnt)
 {
-	return 0;
+	return (mnt->mnt_flags & MNT_READONLY) ||
+	       (mnt->mnt_sb->s_flags & MS_RDONLY);
 }
 
+static inline void __mnt_unmake_readonly(struct vfsmount *mnt)
+{
+	WARN_ON(!__mnt_is_readonly(mnt));
+	mnt->mnt_flags &= ~MNT_READONLY;
+}
+
+extern int mnt_make_readonly(struct vfsmount *mnt);
+extern int mnt_want_write(struct vfsmount *mnt);
+extern void mnt_drop_write(struct vfsmount *mnt);
 extern void mntput_no_expire(struct vfsmount *mnt);
 extern void mnt_pin(struct vfsmount *mnt);
 extern void mnt_unpin(struct vfsmount *mnt);
diff -L lxc-dave/include/linux/fs.h -puN /dev/null /dev/null
diff -puN fs/inode.c~03-24-add-vfsmount-writer-count fs/inode.c
--- lxc/fs/inode.c~03-24-add-vfsmount-writer-count	2007-01-08 10:18:23.000000000 -0800
+++ lxc-dave/fs/inode.c	2007-01-08 10:18:23.000000000 -0800
@@ -1101,6 +1101,11 @@ static inline void iput_final(struct ino
 	if (op && op->drop_inode)
 		drop = op->drop_inode;
 	drop(inode);
+	if (must_drop_sb_write) {
+		spin_lock(&sb->s_mnt_writers_lock);
+		sb->s_writers--;
+		spin_unlock(&sb->s_mnt_writers_lock);
+	}
 }
 
 /**
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ