Hi Al! This is a follow-up to your review of the configfs rename operation for committable items. I'd like to start with a disclaimer: I have a very limited knowledge of the linux VFS and am more of a driver & platform guy. That means I may be asking silly questions so please be patient with me. You've mentioned two sets of problems: one with my rename implementation and one with the general architecture of configfs. While I can try to take on the latter as a side-project, I'll definitely need guidance in the form of your old notes you mentioned. For the former: I'd like to ask for advice on how to approach it. My goal is to get an acceptable implementation of committable items in for v5.14 and then potentially try to improve the overall configfs design later. > FWIW, I'm not happy about the userland API of that thing (what is supposed > to happen if you create, move to live, then create another with the same > name and try to move it to live or original back from live?), but > Documentation/filesystems/configfs.rst is too sparse on such details. > So I would like to see the specifics on that as well. _Before_ signing > up on anything, including "we can fix it up after merge". Do you not like just the details like this (i.e. fixing this use-case and documenting the behavior would be fine) or do you have an entirely different idea for committable items? I'm open for other designs as admittedly the hard-coded "live" and "pending" directories aren't very elegant. Regarding the repeating names: are there any helpers I could use for finding the sibling (live for pending and vice versa) and then inspecting its children for a repeating name? Any caveats to watch out for? > Rename implementation is simply bogus. You are, for some reason, attaching > stuff to *destination*, which won't be seen by anyone not currently using > it. It's the old_dentry that will be seen from that point on - you are > moving it to new location by that d_move(). So I rather wonder how much > had that thing been tested. And I'm pretty much certain that you are > mishandling the refcounts on configfs-internal objects, with everything > that entails in terms of UAF and leaks. I admit I don't really understand the meaning of "won't be seen by anyone not currently using it". Should this cause some visible problems in user-space or is it just related to VFS' accounting? Could you point me to any existing example of the rename() callback that would be useful in my case? The documentation does not really explain the goal of rename wrt both the vfs and underlying fs' structures. I assume d_move() should not be here at all (no other rename() callback seems to call it) but does moving of the configfs sub-tree to the live/pending sibling make sense? Is the fact that configfs has its own tree with children and siblings in parallel to the VFS a problem? To my inexperienced eye this looks redundant if the VFS already keeps track of this. Is this one of the things that should be reworked? Best regards, Bartosz Golaszewski