lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1734.1462801101@warthog.procyon.org.uk>
Date:	Mon, 09 May 2016 14:38:21 +0100
From:	David Howells <dhowells@...hat.com>
To:	Christoph Hellwig <hch@...radead.org>
Cc:	dhowells@...hat.com, linux-fsdevel@...r.kernel.org,
	linux-afs@...r.kernel.org, linux-nfs@...r.kernel.org,
	samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org,
	linux-ext4@...r.kernel.org
Subject: Re: [PATCH 1/6] statx: Add a system call to make enhanced file info available

Christoph Hellwig <hch@...radead.org> wrote:

> How are the semantics defined when userspace asks for fields not
> available?  I'd expect them to be ignored, but we should documentat that
> fact.

I went into this in some detail.

> > Fields in struct statx come in a number of classes:
> 
> I really disagree with all these special cases.  You should get
> what you ask for, or rather what you ask for IFF the fs can provide it.
> And we need to document for each field if it's optional if we want
> to treat it as option.

I did document this.  You saw it as a bunch of special cases.  It is not.
stat() fabricates some of the data it returns under certain circumstances.

> A hodge podge bag of special cases is not an API that a normal person can
> use.

Let's look at the list, and please bear in mind I'm trying to make it so that
you can emulate stat() through this interface.  If you want to waive that
requirement - or push the emulation out to userspace - then I can forego
providing unsupported data from the basic stat set.

| (0) st_information, st_dev_*, st_blksize.

st_dev_* and st_blksize must always be available from whatever we stat.
Because this is the case, there's no point providing mask bits for them.

My implementation defines st_information to be in this class, but it doesn't
have to be.  Note that st_information really needs a way to ask the filesystem
what flags it actually supports so that you can distinguish being 0 -> not set
from 0 -> not supported, hence the fsinfo() interface that I've dropped for
now.

| (1) st_nlinks, st_uid, st_gid, st_[amc]time*, st_ino, st_size, st_blocks.

These data are all in the bog standard struct stat.  As it is, they must all
be given values as for stat().  However, mask bits are provided to indicate
when the value presented here is actually fabricated so that the user can
decide not to use them.

| (2) st_mode.

This is actually in two parts.  There's the file type (which must always be
set correctly) and the mode bits (which may be fabricated).  STATX_MODE covers
the mode bits only.

| (3) st_rdev_*.

This datum is part of the bog standard struct stat, and as such must be set to
something.  However, the value is only relevant in the case that the mode
indicates a blockdev or chardev.  STATX_RDEV can be considered redundant in
such a case.

| (4) File creation time (st_btime*), data version (st_version), inode
|     generation number (st_gen).

These are all new data and have no counterpart in the Linux struct stat.
However, they do in the struct stat on other Unix variants (st_birthtime and
st_gen, for example, exist on BSD).  Not all filesystems provide them so if
they are requested but are not actually supported by a filesystem, the bit in
the mask is cleared upon returning.

However, even if you didn't ask for a datum, it may still be available - and I
am permitting a filesystem to give you the datum and mark the mask to indicate
the value's availability, even if you didn't ask for it.  You are free to
ignore it.

At this time, I think it likely that all new attributes would be in this
class.  One could argue that something like st_win_attrs (in patch 5) could be
in class 0 if added immediately, but anything added later *must* have a mask
bit to indicate its presence.


So, barring st_information, classes (0) - (3) are all current stat stuff.
That is how they work *now*.  All I'm doing is defining which data have mask
bits, and under what conditions the mask bit might not be set.

David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ