Re: [Y2038] [PATCH] vfs: Add support to check max and min inode times

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 04 March 2016 12:10:08 Dave Chinner wrote:
> On Thu, Mar 03, 2016 at 03:08:22PM +0100, Arnd Bergmann wrote:
> > On Thursday 03 March 2016 10:45:11 Dave Chinner wrote:
> > > On Thu, Mar 03, 2016 at 12:07:42AM +0100, Arnd Bergmann wrote:
> > > > On Thursday 03 March 2016 09:19:05 Dave Chinner wrote:
> > > > > On Wed, Mar 02, 2016 at 07:51:34AM -0800, Deepa Dinamani wrote:
> > > Eventually, yes. But right now, 32 bit systems are limited by the
> > > platform architecture. Hence no matter what the filesystem on-disk
> > > format supports, these are going to hard limits until filesystems
> > > start modifying the defaults to indicate what their on-disk format
> > > supports.
> > 
> > The purpose of the patch for now is to allow file systems to set
> > the defaults, we are not checking them yet, until all file systems
> > are converted, hence setting the defaults to invalid.
> 
> Wrong way around, IMO. Set the defaults to be limiting first, then
> as filesystems are converted the limits get expanded.

That would break perfectly working 64-bit systems, along with 32-bit
systems that have the new syscalls, unless we intentionally treat
them differently. :(

> > How about setting the defaults for minimum and maximum to '-1'?
> > That would allow us to detect whether file systems have set
> > this correctly, and it would be less confusing to the reader.
> 
> Perhaps, but I'm yet to understand why we even care if filesystems
> have set limits or not? If the filesystem has not set it's own
> limits, then surely we should assume that the filesystem is not
> y2038k compatible and have the default limits set appropriately for
> that?

I don't think we can make any such assumption. Out of the ~50
file systems that have store timestamps on disk or on the network,
I only found eight that are use the 1902..2038 range that matches
the 32-bit time_t.

> > > i.e. 32 bit systems should default to 32 bit time limits until the
> > > filesystem developers come along and verify that conversion from
> > > their on-disk format to 64 bit time works correctly. Then they set
> > > their real limits which may (or may not) be >y2038 compatible, and
> > > this means that filesystems that have not been converted to >y2038
> > > compatible do not need any modifications to behave correctly on 32
> > > bit systems...
> > 
> > We can set the limits in the superblock if you like, but I would
> > not do it by changing the constants here:
> > 
> > Most file systems have arbitrary other maximum dates that they
> > need to set (on 64-bit systems), e.g. 2028 (iso9660), 2040 (hfsplus), 
> > 2106 (ceph), 2107 (fat, cifs), 2262 (logfs), 2514 (ext4).
> 
> Yes, and that needs to be done when the filesystem is converted to
> use the proper timespec64 representation.

No, it's completely unrelated to the timespec64 change, other than
the fact that you asked for the limits to be implemented as a
result of the y2038 patch series. This is absolute reasonable because
we are touching the same code, and we have to audit it anyway.

> > The file systems specific code should just set whatever it actually
> > supports and then we can find a way to limit that further for
> > 32-bit tasks.
> 
> Yes, 32 bit tasks is something for the syscall layer to care about.
> 
> But that doesn't change the fact that the *default timestamp range*
> should be "no >y2038 support", and it is up to the filesystem to
> override that with it's own limits if they are different.

I still think the opposite approach makes more sense here: Right
now, we have 64-bit systems that have file systems with arbitrary
limitations working in random ways, most of them correctly
supporting at least time stamps between 1970 and 2106, some of them
much wider ranges.

The 32-bit systems are currently all broken beyond 2038, and they
have always been that way.

Changing everything to use timespec64 brings 32-bit systems to
the same level of functionality as 64-bit systems, and extends
the maximum supported timestamp range to what each file system
can store on disk.

Adding the range checking ensures that we don't run into whatever
limit a file system has in an uncontrolled way, but get a
specific error, or controlled clamping of the range. We would need
this even if all 32-bit systems would die out tomorrow and we
only worried about 64-bit machines.

> > On most 32-bit architectures, stat64 still has a 32-bit time value,
> > and even if it is 64-bit wide, glibc turns it into a 32-bit
> > number when copying to its version of 'struct stat64' that differs
> > from the kernel's and contains a 'struct timespec'.
> 
> So stat64 also returns EOVERLFOW to indicate to the application
> that it needs to use a different, 64 bit time aware syscall.

Right, except that for an application programmer this is not
visible. The application won't be able to call a replacement system
call, but it has to be built with -D_TIME_BITS=64 so all time_t
uses get changed to 64-bit.

I believe for LFS support, user space was allowed to call
a stat64() glibc function, but that won't be provided here.

> > I don't care if we return EOVERFLOW or give some other indication
> > of the overflow, but this is fundamentally a separate problem from
> > large file support, and we need a new syscall for it.
> 
> Yes, but you seem to have missed my point that the we don't need to
> care about 32 bit times, whether it be syscalls or tasks, at the
> VFS/filesystem level. That's all a syscall layer issue. i.e.
> vfs_fstatat() only uses 64 bit times and only places where struct
> kstat contents get converted to whatever structure userspace has
> supplied (e.g. cp_new_stat()) need to detect/care about timestamp
> overflows like they already do with inode numbers and link counts.

I think that was exactly the point I was making.

	Arnd
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux