lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20161118220744.GC31101@dastard>
Date:   Sat, 19 Nov 2016 09:07:44 +1100
From:   Dave Chinner <david@...morbit.com>
To:     Andreas Dilger <adilger@...ger.ca>
Cc:     David Howells <dhowells@...hat.com>, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/4] statx: Add a system call to make enhanced file info
 available

On Thu, Nov 17, 2016 at 08:28:57PM -0700, Andreas Dilger wrote:
> On Nov 17, 2016, at 4:40 PM, Dave Chinner <david@...morbit.com> wrote:
> >> 
> >> Time fields are split into separate seconds and nanoseconds fields to make
> >> packing easier and the granularities can be queried with the filesystem
> >> info system call.  Note that times will be negative if before 1970; in
> >> such a case, the nanosecond fields will also be negative if not zero.
> > 
> > So what happens in ten years time when we want to support
> > femptosecond resolution in the timestamp interface? We've got to
> > change everything to 64 bit? Shouldn't we just make everything
> > timestamp related 64 bit?
> 
> Is this a serious request?  Are we going to need to multiply everything
> by 10e9 to convert to/from nanoseconds for the next 10 years on the off
> chance that we have timestamps more accurate than this in the future?

We've been stuck with the stat() interface since, what, the early
1980s? And it will still be used in 10-15 years time. That's a
/50-year lifetime/ for a syscall interface.

So it's not unreasonable to think that statx() might have a similar
lifetime. statx() is clearly intended to support >y2038 dates
cleanly, so clearly we're intending statx() to still be around in
20-25 years. And when we start thinking in those timeframes, an
increase in timestamp resoultion of at least another 10e-3 is
likely....

> > Please isolate the new interface flags completely from the FS_*_FL
> > values. We should not repeat the mistake of tying values derived
> > from filesystem specific on-disk values to a user interface.
> 
> Using the existing FS_*_FL flags as initial values is not worse than
> starting with any other arbitrary values for the flags.

Except it starts with a sparse set of flags for no good reason.
Someone comes along needed to add a new flag and wonders WTF there
are holes in the flags space, and whether it is because flags have
been removed and whether it's unsafe to use the flag space in the
holes...

New user facing APIs should be clean and neat and not carry any
unnecessary historical baggage with them....

> >> 	STATX_ATTR_NONUNIX_OWNERSHIP	File doesn't have Unixy ownership
> >> 	STATX_ATTR_HAS_ACL		File has an ACL
> > 
> > So statx will require us to do ACL lookups? i.e. instead of just
> > reading the inode to get the information, we'll also have to do
> > extended attribute lookups? That's potentially very expensive if
> > the extended attribute is not stored in the inode....
> 
> No, there is no requirement to return anything that the caller didn't
> ask for.

Applications are going to use STATX_ALL because it's simpler than
specifying 10 different flags on every statx() call and then
checking them on return.  i.e. the set/check feature flags API
sounds good until you have to write the boiler plate code it
requires time you want to stat a file...

Cheers,

Dave.
-- 
Dave Chinner
david@...morbit.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ