lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 06 Sep 2022 15:55:11 -0400
From:   Jeff Layton <jlayton@...nel.org>
To:     "J. Bruce Fields" <bfields@...ldses.org>
Cc:     Florian Weimer <fweimer@...hat.com>, tytso@....edu,
        adilger.kernel@...ger.ca, djwong@...nel.org, david@...morbit.com,
        trondmy@...merspace.com, neilb@...e.de, viro@...iv.linux.org.uk,
        zohar@...ux.ibm.com, xiubli@...hat.com, chuck.lever@...cle.com,
        lczerner@...hat.com, jack@...e.cz, brauner@...nel.org,
        linux-man@...r.kernel.org, linux-api@...r.kernel.org,
        linux-btrfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, ceph-devel@...r.kernel.org,
        linux-ext4@...r.kernel.org, linux-nfs@...r.kernel.org,
        linux-xfs@...r.kernel.org
Subject: Re: [RFC PATCH v2] statx, inode: document the new STATX_INO_VERSION
 field

On Tue, 2022-09-06 at 15:29 -0400, J. Bruce Fields wrote:
> On Tue, Sep 06, 2022 at 01:04:05PM -0400, Jeff Layton wrote:
> > On Tue, 2022-09-06 at 12:41 -0400, Jeff Layton wrote:
> > > On Tue, 2022-09-06 at 14:17 +0200, Florian Weimer wrote:
> > > > * Jeff Layton:
> > > > 
> > > > > All of the existing implementations use all 64 bits. If you were to
> > > > > increment a 64 bit value every nanosecond, it will take >500 years for
> > > > > it to wrap. I'm hoping that's good enough. ;)
> > > > > 
> > > > > The implementation that all of the local Linux filesystems use track
> > > > > whether the value has been queried using one bit, so there you only get
> > > > > 63 bits of counter.
> > > > > 
> > > > > My original thinking here was that we should leave the spec "loose" to
> > > > > allow for implementations that may not be based on a counter. E.g. could
> > > > > some filesystem do this instead by hashing certain metadata?
> > > > 
> > > > Hashing might have collisions that could be triggered deliberately, so
> > > > probably not a good idea.  It's also hard to argue that random
> > > > collisions are unlikely.
> > > > 
> > > 
> > > In principle, if a filesystem could guarantee enough timestamp
> > > resolution, it's possible collisions could be hard to achieve. It's also
> > > possible you could factor in other metadata that wasn't necessarily
> > > visible to userland to try and ensure uniqueness in the counter.
> > > 
> > > Still...
> 
> I've got one other nagging worry, about the ordering of change attribute
> updates with respect to their corresponding changes.  I think with
> current implementations it's possible that the only change attribute
> update(s) may happen while the old file data is still visible, which
> means a concurrent reader could cache the old data with the new change
> attribute, and be left with a stale cache indefinitely.
> 

Yeah, that's a potential issue. The i_version is updated in
inode_update_time, which does happen before the write to the pagecache.

We should probably add a note to the manpage that one should not expect
any sort of atomicity between the change to the inode and the change in
the value. I'm not sure we can offer much in the way of mitigation for
that problem, otherwise.

> For the purposes of close-to-open semantics I think that's not a
> problem, though.
> 
> There may be some previous discussion of this in mailing list archives.
> 

-- 
Jeff Layton <jlayton@...nel.org>

Powered by blists - more mailing lists