lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <6e6da8a875a0defec1a0f58314995a6a12dca74e.camel@kernel.org> Date: Tue, 19 Sep 2023 16:46:25 -0400 From: Jeff Layton <jlayton@...nel.org> To: Paul Eggert <eggert@...ucla.edu>, Bruno Haible <bruno@...sp.org>, Jan Kara <jack@...e.cz>, Xi Ruoyao <xry111@...uxfromscratch.org>, bug-gnulib@....org Cc: Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Eric Van Hensbergen <ericvh@...nel.org>, Latchesar Ionkov <lucho@...kov.net>, Dominique Martinet <asmadeus@...ewreck.org>, Christian Schoenebeck <linux_oss@...debyte.com>, David Howells <dhowells@...hat.com>, Marc Dionne <marc.dionne@...istor.com>, Chris Mason <clm@...com>, Josef Bacik <josef@...icpanda.com>, David Sterba <dsterba@...e.com>, Xiubo Li <xiubli@...hat.com>, Ilya Dryomov <idryomov@...il.com>, Jan Harkes <jaharkes@...cmu.edu>, coda@...cmu.edu, Tyler Hicks <code@...icks.com>, Gao Xiang <xiang@...nel.org>, Chao Yu <chao@...nel.org>, Yue Hu <huyue2@...lpad.com>, Jeffle Xu <jefflexu@...ux.alibaba.com>, Namjae Jeon <linkinjeon@...nel.org>, Sungjong Seo <sj1557.seo@...sung.com>, Jan Kara <jack@...e.com>, Theodore Ts'o <tytso@....edu>, Andreas Dilger <adilger.kernel@...ger.ca>, Jaegeuk Kim <jaegeuk@...nel.org>, OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>, Miklos Szeredi <miklos@...redi.hu>, Bo b Peterson <rpeterso@...hat.com>, Andreas Gruenbacher <agruenba@...hat.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Tejun Heo <tj@...nel.org>, Trond Myklebust <trond.myklebust@...merspace.com>, Anna Schumaker <anna@...nel.org>, Konstantin Komarov <almaz.alexandrovich@...agon-software.com>, Mark Fasheh <mark@...heh.com>, Joel Becker <jlbec@...lplan.org>, Joseph Qi <joseph.qi@...ux.alibaba.com>, Mike Marshall <hubcap@...ibond.com>, Martin Brandenburg <martin@...ibond.com>, Luis Chamberlain <mcgrof@...nel.org>, Kees Cook <keescook@...omium.org>, Iurii Zaikin <yzaikin@...gle.com>, Steve French <sfrench@...ba.org>, Paulo Alcantara <pc@...guebit.com>, Ronnie Sahlberg <ronniesahlberg@...il.com>, Shyam Prasad N <sprasad@...rosoft.com>, Tom Talpey <tom@...pey.com>, Sergey Senozhatsky <senozhatsky@...omium.org>, Richard Weinberger <richard@....at>, Hans de Goede <hdegoede@...hat.com>, Hugh Dickins <hughd@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Amir Goldstein <l@...il.com>, "Darrick J. Wong" <djwong@...nel.org>, Benjamin Coddington <bcodding@...hat.com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, v9fs@...ts.linux.dev, linux-afs@...ts.infradead.org, linux-btrfs@...r.kernel.org, ceph-devel@...r.kernel.org, codalist@...a.cs.cmu.edu, ecryptfs@...r.kernel.org, linux-erofs@...ts.ozlabs.org, linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, cluster-devel@...hat.com, linux-nfs@...r.kernel.org, ntfs3@...ts.linux.dev, ocfs2-devel@...ts.linux.dev, devel@...ts.orangefs.org, linux-cifs@...r.kernel.org, samba-technical@...ts.samba.org, linux-mtd@...ts.infradead.org, linux-mm@...ck.org, linux-unionfs@...r.kernel.org, linux-xfs@...r.kernel.org Subject: Re: [PATCH v7 12/13] ext4: switch to multigrain timestamps On Tue, 2023-09-19 at 13:10 -0700, Paul Eggert wrote: > On 2023-09-19 09:31, Jeff Layton wrote: > > The typical case for make > > timestamp comparisons is comparing source files vs. a build target. If > > those are being written nearly simultaneously, then that could be an > > issue, but is that a typical behavior? > > I vaguely remember running into problems with 'make' a while ago > (perhaps with a BSDish system) when filesystem timestamps were > arbitrarily truncated in some cases but not others. These files would > look older than they really were, so 'make' would think they were > up-to-date when they weren't, and 'make' would omit actions that it > should have done, thus screwing up the build. > > File timestamps can be close together with 'make -j' on fast hosts. > Sometimes a shell script (or 'make' itself) will run 'make', then modify > a file F, then immediately run 'make' again; the latter 'make' won't > work if F's timestamp is mistakenly older than targets that depend on it. > > Although 'make'-like apps are the biggest canaries in this coal mine, > the issue also affects 'find -newer' (as Bruno mentioned), 'rsync -u', > 'mv -u', 'tar -u', Emacs file-newer-than-file-p, and surely many other > places. For example, any app that creates a timestamp file, then backs > up all files newer than that file, would be at risk. > > > > I wonder if it would be feasible to just advance the coarse-grained > > current_time whenever we end up updating a ctime with a fine-grained > > timestamp? > > Wouldn't this need to be done globally, that is, not just on a per-file > or per-filesystem basis? If so, I don't see how we'd avoid locking > performance issues. > Maybe. Another idea might be to introduce a new timekeeper for multigrain filesystems, but all of those would likely have to share the same coarse-grained clock source. So yeah, if you stat an inode and then update it, any inode written on a multigrain filesystem within the same jiffy-sized window would have to log an extra transaction to write out the inode. That's what I meant when I was talking about write amplification. > > PS. Although I'm no expert in the Linux inode code I hope you don't mind > my asking a question about this part of inode_set_ctime_current: > > /* > * If we've recently updated with a fine-grained timestamp, > * then the coarse-grained one may still be earlier than the > * existing ctime. Just keep the existing value if so. > */ > ctime.tv_sec = inode->__i_ctime.tv_sec; > if (timespec64_compare(&ctime, &now) > 0) > return ctime; > > Suppose root used clock_settime to set the clock backwards. Won't this > code incorrectly refuse to update the file's timestamp afterwards? That > is, shouldn't the last line be "goto fine_grained;" rather than "return > ctime;", with the comment changed from "keep the existing value" to "use > a fine-grained value"? It is a problem, and Linus pointed that out yesterday, which is why I sent this earlier today: https://lore.kernel.org/linux-fsdevel/20230919-ctime-v1-1-97b3da92f504@kernel.org/T/#u Bear in mind that we're not dealing with a situation where the value has not been queried since its last update, so we don't need to use a fine grained timestamp there (and really, it's preferable not to do so). A coarse one should be fine in this case. -- Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists