lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Aug 2022 16:08:30 -0400 From: bfields@...ldses.org (J. Bruce Fields) To: Jeff Layton <jlayton@...nel.org> Cc: Trond Myklebust <trondmy@...merspace.com>, "zohar@...ux.ibm.com" <zohar@...ux.ibm.com>, "djwong@...nel.org" <djwong@...nel.org>, "xiubli@...hat.com" <xiubli@...hat.com>, "brauner@...nel.org" <brauner@...nel.org>, "linux-xfs@...r.kernel.org" <linux-xfs@...r.kernel.org>, "linux-api@...r.kernel.org" <linux-api@...r.kernel.org>, "neilb@...e.de" <neilb@...e.de>, "david@...morbit.com" <david@...morbit.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "chuck.lever@...cle.com" <chuck.lever@...cle.com>, "linux-ceph@...r.kernel.org" <linux-ceph@...r.kernel.org>, "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>, "tytso@....edu" <tytso@....edu>, "viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>, "jack@...e.cz" <jack@...e.cz>, "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>, "linux-btrfs@...r.kernel.org" <linux-btrfs@...r.kernel.org>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, "lczerner@...hat.com" <lczerner@...hat.com>, "adilger.kernel@...ger.ca" <adilger.kernel@...ger.ca>, "walters@...bum.org" <walters@...bum.org> Subject: Re: [PATCH v3 1/7] iversion: update comments with info about atime updates On Tue, Aug 30, 2022 at 03:57:09PM -0400, Jeff Layton wrote: > On Tue, 2022-08-30 at 15:46 -0400, J. Bruce Fields wrote: > > On Tue, Aug 30, 2022 at 03:30:13PM -0400, Jeff Layton wrote: > > > On Tue, 2022-08-30 at 14:32 -0400, J. Bruce Fields wrote: > > > > On Tue, Aug 30, 2022 at 01:02:50PM -0400, Jeff Layton wrote: > > > > > The fact that NFS kept this more loosely-defined is what allowed us to > > > > > elide some of the i_version bumps and regain a fair bit of performance > > > > > for local filesystems [1]. If the change attribute had been more > > > > > strictly defined like you mention, then that particular optimization > > > > > would not have been possible. > > > > > > > > > > This sort of thing is why I'm a fan of not defining this any more > > > > > strictly than we require. Later on, maybe we'll come up with a way for > > > > > filesystems to advertise that they can offer stronger guarantees. > > > > > > > > Yeah, the afs change-attribute-as-counter thing seems ambitious--I > > > > wouldn't even know how to define what exactly you're counting. > > > > > > > > My one question is whether it'd be worth just defining the thing as > > > > *increasing*. That's a lower bar. > > > > > > > > > > That's a very good question. > > > > > > One could argue that NFSv4 sort of requires that for write delegations > > > anyway. All of the existing implementations that I know of do this, so > > > that wouldn't rule any of them out. > > > > > > I'm not opposed to adding that constraint. Let me think on it a bit > > > more. > > > > > > > (Though admittedly we don't quite manage it now--see again 1631087ba872 > > > > "Revert "nfsd4: support change_attr_type attribute"".) > > > > > > > > > > Factoring the ctime into the change attr seems wrong, since a clock jump > > > could make it go backward. Do you remember what drove that change (see > > > 630458e730b8) ? > > > > > > It seems like if the i_version were to go backward, then the ctime > > > probably would too, and you'd still see a duplicate change attr. > > > > See the comment--I was worried about crashes: the change attribute isn't > > on disk at the time the client requests it, so after a crash the client > > may see it go backward. (And then could see it repeat a value, possibly > > with different file contents.) > > > > Combining it with the ctime means we get something that behaves > > correctly even in that case--unless the clock goes backwards. > > > > Yeah ok, I vaguely remember discussing this. > > That seems like it has its own problem though. If you mix in the ctime > and the clock jumps backward, then you could end up with the same issue > (a stale changeid, different contents). No crash required. Yes, exactly. My feeling was that I've got no control over power failures and such, but the clock setting is something I can get right. So I'd rather have something that depended on the latter than the former. I could be wrong. --b.
Powered by blists - more mailing lists