On Wed, Sep 4, 2019 at 2:49 PM Aleksa Sarai <cyphar@xxxxxxxxxx> wrote:
Hinting to userspace to do a retry (with -EAGAIN as you mention in your other mail) wouldn't be a bad thing at all, though you'd almost certainly get quite a few spurious -EAGAINs -- &{mount,rename}_lock are global for the entire machine, after all.
I'd hope that we have some future (possibly very long-term) alternative that is not quite system-global, but yes, right now they are. Which is one reason I'd rather see EAGAIN in user space - yes, it probably makes it even easier to trigger, but it also means that user space might be able to do something about it when it does trigger. For example, maybe user space can first just use an untrusted path as-is, and if it gets EAGAIN or EXDEV, it may be that user space can simplify the path (ie turn "xyz/.../abc" into just "abc". And even if user space doesn't do anything like that, I suspect a performance problem is going to be a whole lot easier to debug and report when somebody ends up seeing excessive retries happening. As a developer you'll see it in profiles or in system call traces, rather than it resulting in very odd possible slowdowns for the kernel. And yeah, it would probably be best to then at least delay doing option 3 indefinitely, just to make sure user space knows about and actually has a test-case for that EAGAIN happening. Linus