Linux-Fsdevel Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Christian Schoenebeck <qemu_oss@crudebyte.com>
To: Al Viro <viro@zeniv.linux.org.uk>, Dave Chinner <david@fromorbit.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	Greg Kurz <groug@kaod.org>,
	linux-fsdevel@vger.kernel.org,
	Stefan Hajnoczi <stefanha@redhat.com>,
	Miklos Szeredi <mszeredi@redhat.com>,
	Vivek Goyal <vgoyal@redhat.com>,
	Giuseppe Scrivano <gscrivan@redhat.com>,
	Daniel J Walsh <dwalsh@redhat.com>,
	Chirantan Ekbote <chirantan@chromium.org>
Subject: Re: xattr names for unprivileged stacking?
Date: Sat, 29 Aug 2020 20:22:09 +0200	[thread overview]
Message-ID: <2468509.22xg9qcgnq@silver> (raw)
In-Reply-To: <20200829180448.GQ1236603@ZenIV.linux.org.uk>

On Samstag, 29. August 2020 20:04:48 CEST Al Viro wrote:
> On Sat, Aug 29, 2020 at 07:51:47PM +0200, Miklos Szeredi wrote:
> > On Sat, Aug 29, 2020 at 6:14 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
> > > On Sat, Aug 29, 2020 at 05:07:17PM +0100, Matthew Wilcox wrote:
> > > > > The fact that ADS inodes would not be in the dentry cache and hence
> > > > > not visible to pathwalks at all then means that all of the issues
> > > > > such as mounting over them, chroot, etc don't exist in the first
> > > > > place...
> > > > 
> > > > Wait, you've now switched from "this is dentry cache infrastructure"
> > > > to "it should not be in the dentry cache".  So I don't understand what
> > > > you're arguing for.
> > > 
> > > Bloody wonderful, that.  So now we have struct file instances with no
> > > dentry associated with them?  Which would have to be taken into account
> > > all over the place...
> > 
> > It could have a temporary dentry allocated for the lifetime of the
> > file and dropped on last dput.  I.e. there's a dentry, but no cache.
> > Yeah, yeah, d_path() issues, however that one will have to be special
> > cased anyway.
> 
> d_path() is the least of the problems, actually.  Directory tree structure
> on those, OTOH, is a serious problem.  If you want to have getdents(2) on
> that shite, you want an opened descriptor that looks like a directory.  And
> _that_ opens a large can of worms.  Because now you have fchdir(2) to cope
> with, lookups going through /proc/self/fd/<n>/..., etc., etc.
> 
> Al, fully expecting "we'll special-case our way out of everything - how hard
> could that be?" in response...

Independent of what and how all this is presented to user space, I think all 
this will only ever land if it does not deviate too much from the existing 
unified VFS model.

The most relevant change that I see is that (probably similar to Miklos) that 
a user visible file(/dir) kernel internally links a dedicated directory which 
contains the streams, but as far as the kernel is concerned, that's a 
directory, streams are files, they are still inodes, and they are still part 
of the dentry cache, etc.

Starting to handle ADS streams as some completely separate new thing in the 
model will most certainly just end up with much more code and problems than 
adding filters here and there for making certain things inaccessible from user 
space (e.g. prohibiting chdir() into that special directory, prevent mounting 
things onto ADS files, ot whatever other presentation measures might be 
desired for security reasons).

And no: stat(mainfile) must still return the block count of the main stream 
only, not any aggregated data, otherwise it will break user space. Thinks like 
'du' must explicitly be made ADS aware instead.

Best regards,
Christian Schoenebeck



  reply	other threads:[~2020-08-29 18:22 UTC|newest]

Thread overview: 62+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-28 10:55 Dr. David Alan Gilbert
2020-07-28 13:08 ` Greg Kurz
2020-07-28 13:55   ` Christian Schoenebeck
2020-08-04 11:28     ` Dr. David Alan Gilbert
2020-08-04 13:51       ` Christian Schoenebeck
2020-08-12 11:18         ` Dr. David Alan Gilbert
2020-08-12 13:34           ` Christian Schoenebeck
2020-08-12 14:33             ` Dr. David Alan Gilbert
2020-08-13  9:01               ` Christian Schoenebeck
2020-08-16 22:56                 ` Dave Chinner
2020-08-16 23:09                   ` Matthew Wilcox
2020-08-17  0:29                     ` Dave Chinner
2020-08-17 10:37                       ` file forks vs. xattr (was: xattr names for unprivileged stacking?) Christian Schoenebeck
2020-08-23 23:40                         ` Dave Chinner
2020-08-24 15:30                           ` Christian Schoenebeck
2020-08-24 20:01                             ` Miklos Szeredi
2020-08-24 21:26                             ` Frank van der Linden
2020-08-24 22:29                             ` Theodore Y. Ts'o
2020-08-25 15:12                               ` Christian Schoenebeck
2020-08-25 15:32                                 ` Miklos Szeredi
2020-08-27 12:02                                   ` Christian Schoenebeck
2020-08-27 12:25                                     ` Matthew Wilcox
2020-08-27 13:48                                       ` Christian Schoenebeck
2020-08-27 14:01                                         ` Matthew Wilcox
2020-08-27 14:23                                           ` Christian Schoenebeck
2020-08-27 14:25                                             ` Matthew Wilcox
2020-08-27 14:44                                             ` Al Viro
2020-08-27 16:29                                               ` Dr. David Alan Gilbert
2020-08-27 16:35                                                 ` Matthew Wilcox
2020-08-28  9:11                                                 ` Christian Schoenebeck
2020-08-28 14:46                                                   ` Theodore Y. Ts'o
2020-08-27 15:22                       ` xattr names for unprivileged stacking? Matthew Wilcox
2020-08-27 22:24                         ` Dave Chinner
2020-08-29 16:07                           ` Matthew Wilcox
2020-08-29 16:13                             ` Al Viro
2020-08-29 17:51                               ` Miklos Szeredi
2020-08-29 18:04                                 ` Al Viro
2020-08-29 18:22                                   ` Christian Schoenebeck [this message]
2020-08-29 19:13                                   ` Miklos Szeredi
2020-08-29 19:25                                     ` Al Viro
2020-08-30 19:05                                       ` Miklos Szeredi
2020-08-30 19:10                                         ` Matthew Wilcox
2020-08-31  7:34                                           ` Miklos Szeredi
2020-08-31 11:37                                             ` Matthew Wilcox
2020-08-31 11:51                                               ` Miklos Szeredi
2020-08-31 13:23                                                 ` Matthew Wilcox
2020-08-31 14:21                                                   ` Miklos Szeredi
2020-08-31 14:25                                                   ` Theodore Y. Ts'o
2020-08-31 14:45                                                     ` Matthew Wilcox
2020-08-31 14:49                                                       ` Miklos Szeredi
2020-09-01  3:34                                                     ` Dave Chinner
2020-09-01 14:52                                                       ` Theodore Y. Ts'o
2020-09-01 15:14                                                         ` Theodore Y. Ts'o
2020-09-02  5:19                                                           ` Dave Chinner
2020-08-31 18:02                                                   ` Andreas Dilger
2020-09-01  3:48                                                     ` Dave Chinner
2020-08-29 19:17                               ` Matthew Wilcox
2020-08-29 19:40                                 ` Al Viro
2020-08-29 20:12                                   ` Matthew Wilcox
2020-08-31 14:23                                     ` Theodore Y. Ts'o
2020-08-31 14:40                                       ` Matthew Wilcox
2020-08-31 16:11                                       ` Christian Schoenebeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2468509.22xg9qcgnq@silver \
    --to=qemu_oss@crudebyte.com \
    --cc=chirantan@chromium.org \
    --cc=david@fromorbit.com \
    --cc=dgilbert@redhat.com \
    --cc=dwalsh@redhat.com \
    --cc=groug@kaod.org \
    --cc=gscrivan@redhat.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=miklos@szeredi.hu \
    --cc=mszeredi@redhat.com \
    --cc=stefanha@redhat.com \
    --cc=vgoyal@redhat.com \
    --cc=viro@zeniv.linux.org.uk \
    --subject='Re: xattr names for unprivileged stacking?' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).