lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150513005746.GJ15721@dastard>
Date:	Wed, 13 May 2015 10:57:46 +1000
From:	Dave Chinner <david@...morbit.com>
To:	Sage Weil <sage@...dream.net>
Cc:	Trond Myklebust <trond.myklebust@...marydata.com>,
	Zach Brown <zab@...hat.com>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	Linux FS-devel Mailing List <linux-fsdevel@...r.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Linux API Mailing List <linux-api@...r.kernel.org>
Subject: Re: [PATCH RFC] vfs: add a O_NOMTIME flag

On Tue, May 12, 2015 at 04:12:46PM -0700, Sage Weil wrote:
> On Tue, 12 May 2015, Dave Chinner wrote:
> > > > > I'd rather not make this XFS specific as other local filesystmes (ext4,
> > > > > f2fs, possibly btrfs) would similarly benefit.  (And if we want to target
> > > > > XFS specifically the existing XFS open-by-handle ioctl is sufficient as it
> > > > > already does O_NOMTIME unconditionally.)
> > > > 
> > > > Lack of a namespace, doesn't imply that you don't want to manage the
> > > > data. The whole point of using object storage instead of plain old
> > > > block storage is to be able to provide whatever metadata you still
> > > > need in order to manage the object.
> > > 
> > > Yeah, agreed--this is presumably why open_by_handle(2) (which is what we'd 
> > > like to use) doesn't assume O_NOMTIME.
> > 
> > Right - the XFS ioctls were designed specifically for applications
> > that interacted directly with the structure of XFS filesystems and
> > so needed invisible IO (e.g. online defragmenter). IOWs, they are
> > not interfaces intended for general usage. They are also only
> > available to root, so a typical user application won't be making use
> > of them, either.
> 
> I understand that's what they're intended for, but I'm having a hard time 
> parsing out the difference between what they *do* and what O_NOMTIME + -o 
> allow_nomtime does.  The open-by-handle ioctls have nothing to do with the 
> online XFS format--they simply allow you to open a file via an opaque 
> handle (albeit a differently formatted one than the generic 
> open_by_handle_at(2)).  They also force you into an O_NOMTIME-equivalent 
> mode.

Actually, the handle is dervied from the information on disk. We
don't do directory lookups to build handles in many cases, we do a
bulkstat to get *on-disk* inode information (inode number, generation,
timestamps, etc) and then use that to build a handle in userspace
*and* validate the file has not changed since the infomration was
retrieved and the handle was built.

> AFAICS the only difference that I see is that
> 
> 1) the ioctl is XFS specific.  (As open_by_handle_at(2) demonstrates, this 
> needn't be the case.)

Of course - it's been in use for 15 years longer than the generic
interface. :)

> 2) the NOMTIME mode is only available via the open-by-handle interface, 
> not open(2).

Right, because of the XFS handle interfaces are intended for
invisible IO which is required by applications interacting directly
with the XFS on-disk data layout.

> 3) it is an ioctl interface, and thus more obscure.  (Well, there is a 
> libhandle library, but it doesn't seem to be widely used.)

The library only exists for xfsdump and the HSMs that interact
directly with the XFS on disk data. These are very constrained
applications.

> Would you object less if 
> 
> 1) the O_NOMTIME flag were only available via open_by_handle_at(2)?

Which limits it to files that have already by created and written to
disk, otherwise there is no handle....

> 2) an equivalent ioctl were implemented for each file system of interest 
> that (say) called into open_by_handle_at(2) code, adding in the O_NOMTIME 
> flag?

Seems like a silly hoop to jump through. I was thinking of a
root-only fcntl() style flag that could be set, but....

> 3) O_NOMTIME required root (vs a mount option that requires root and 
> unpriviledged O_NOMTIME)?
>
> Just trying to tease apart which part is problematic...

... it's very existence ias either a open or fcntl flag is still
problematic. :/

The concept of it being an on-disk attribute flag is less prone to
silent abuse - it's easily discoverable and is persistent. And it's
managable if we make it an "inherit from parent" style flag, because
then ceph can simply set it on the root dir, and every file it then
creates will not do mtime updates.

The other thing that is worth noting here is that we also have a
NODUMP flag on disk (chattr +d). Hence we could define that the
nomtime attribute also implies/sets the nodump attribute, and hence
makes it clear and upfront that turning on the nomtime inode
attribute will mean the files with this set will not get backed up
by mtime sensitive backup programs....

Cheers,

Dave.
-- 
Dave Chinner
david@...morbit.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ