On Thu, Nov 28, 2024 at 03:39:59PM +0100, Miklos Szeredi wrote: > Prior to this patch mount namespace changes could be monitored by polling > /proc/self/mountinfo, which did not convey any information about what > changed. > > To monitor an entire mount namespace with this new interface, watches need > to be added to all existing mounts. This can be done by performing > listmount()/statmount() recursively at startup and when a new mount is > added. First impression is that it's bloody awful, TBH. You are calling fsnotify() under mount_lock; in effect, *ANY* path_init() call done during that time will be spinning in __read_seqcount_begin() until you are done with that shite. And it's _very_ easy to generate a lot of such events with a single syscall; that doesn't even need sroot - a root in container will suffice. So... why is it not a DoS?
