On Mon, Aug 03, 2015 at 04:30:54PM -0500, Eric W. Biederman wrote: > > Add a new field mnt_escape_count in nameidata, initialize it to 0 and > cache the value of read_mnt_escape_count in nd->mnt_escape_count. > > This allows a single check in path_connected in the common case where > either the mount has had no escapes (mnt_escape_count == 0) or there > has been an escape and it has been validated that the current path > does not escape. > > To keep the cache valid nd->mnt_escape_count must be set to 0 whenever > the nd->path.mnt changes or when nd->path.dentry changes such that > the connectedness of the previous value of nd->path.dentry does > not imply the connected of the new value of nd->path.dentry. > > Various locations in fs/namei.c are updated to set > nd->mnt_escape_count to 0 as necessary. > > Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > --- > fs/namei.c | 26 +++++++++++++++++++++++--- > 1 file changed, 23 insertions(+), 3 deletions(-) > > diff --git a/fs/namei.c b/fs/namei.c > index bccd3810ff60..79a5dca073f5 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -514,6 +514,7 @@ struct nameidata { > struct nameidata *saved; > unsigned root_seq; > int dfd; > + unsigned mnt_escape_count; > }; > > static void set_nameidata(struct nameidata *p, int dfd, struct filename *name) > @@ -572,12 +573,13 @@ static bool path_connected(struct nameidata *nd) > struct vfsmount *mnt = nd->path.mnt; > unsigned escape_count = read_mnt_escape_count(mnt); > > - if (likely(escape_count == 0)) > + if (likely(escape_count == nd->mnt_escape_count)) > return true; The size of mnt_escape_count is only 4 bytes. Looks like it possible to make UINT_MAX / 2 operations for the resonable time and get the same value of mnt_escape_count, path_connected() will return true, but the path may be already detached. What do you think about this? Thanks, Andrew _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers