lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e7e867b8-b57a-7eb2-2432-1627bd3a88fb@toxicpanda.com>
Date:   Thu, 15 Apr 2021 14:17:58 -0400
From:   Josef Bacik <josef@...icpanda.com>
To:     Luis Chamberlain <mcgrof@...nel.org>,
        Filipe Manana <fdmanana@...e.com>,
        David Sterba <dsterba@...e.cz>
Cc:     Al Viro <viro@...iv.linux.org.uk>, Chris Mason <clm@...com>,
        Josef Bacik <jbacik@...com>,
        Christoph Hellwig <hch@...radead.org>,
        Linux FS Devel <linux-fsdevel@...r.kernel.org>,
        Btrfs BTRFS <linux-btrfs@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Jeff Mahoney <jeffm@...e.com>
Subject: Re: [RFC v3 0/2] vfs / btrfs: add support for ustat()

On 4/15/21 1:53 PM, Luis Chamberlain wrote:
> On Wed, Aug 23, 2017 at 3:31 PM Jeff Mahoney <jeffm@...e.com> wrote:
>>
>> On 8/15/14 5:29 AM, Al Viro wrote:
>>> On Thu, Aug 14, 2014 at 07:58:56PM -0700, Luis R. Rodriguez wrote:
>>>
>>>> Christoph had noted that this seemed associated to the problem
>>>> that the btrfs uses different assignments for st_dev than s_dev,
>>>> but much as I'd like to see that changed based on discussions so
>>>> far its unclear if this is going to be possible unless strong
>>>> commitment is reached.
>>
>> Resurrecting a dead thread since we've been carrying this patch anyway
>> since then.
>>
>>> Explain, please.  Whose commitment and commitment to what, exactly?
>>> Having different ->st_dev values for different files on the same
>>> fs is a bloody bad idea; why does btrfs do that at all?  If nothing else,
>>> it breaks the usual "are those two files on the same fs?" tests...
>>
>> It's because btrfs snapshots would have inode number collisions.
>> Changing the inode numbers for snapshots would negate a big benefit of
>> btrfs snapshots: the quick creation and lightweight on-disk
>> representation due to metadata sharing.
>>
>> The thing is that ustat() used to work.  Your commit 0ee5dc676a5f8
>> (btrfs: kill magical embedded struct superblock) had a regression:
>> Since it replaced the superblock with a simple dev_t, it rendered the
>> device no longer discoverable by user_get_super.  We need a list_head to
>> attach for searching.
>>
>> There's an argument that this is hacky.  It's valid.  The only other
>> feedback I've heard is to use a real superblock for subvolumes to do
>> this instead.  That doesn't work either, due to things like freeze/thaw
>> and inode writeback.  Ultimately, what we need is a single file system
>> with multiple namespaces.  Years ago we just needed different inode
>> namespaces, but as people have started adopting btrfs for containers, we
>> need more than that.  I've heard requests for per-subvolume security
>> contexts.  I'd imagine user namespaces are on someone's wish list.  A
>> working df can be done with ->d_automount, but the way btrfs handles
>> having a "canonical" subvolume location has always been a way to avoid
>> directory loops.  I'd like to just automount subvolumes everywhere
>> they're referenced.  One solution, for which I have no code yet, is to
>> have something like a superblock-light that we can hang things like a
>> security context, a user namespace, and an anonymous dev.  Most file
>> systems would have just one.  Btrfs would have one per subvolume.
>>
>> That's a big project with a bunch of discussion.
> 
> 4 years have gone by and this patch is still being carried around for
> btrfs. Other than resolving this ustat() issue for btrfs are there new
> reasons to support this effort done to be done properly? Are there
> other filesystems that would benefit? I'd like to get an idea of the
> stakeholder here before considering taking this on or not.
> 

Not really sure why this needs to be addressed, we have statfs(), and what we 
have has worked forever now.  There's a lot of larger things that need to be 
addressed in general to support the volume approach inside file systems that is 
going to require a lot of work inside of VFS.  If you feel like tackling that 
work and then wiring up btrfs by all means have at it, but I'm not seeing a 
urgent need to address this.  Thanks,

Josef

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ