xfs
[Top] [All Lists]

Re: [PATCH 1/4] fs: split update_time() into update_time() and write_tim

To: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Subject: Re: [PATCH 1/4] fs: split update_time() into update_time() and write_time()
From: David Sterba <dsterba@xxxxxxx>
Date: Mon, 24 Nov 2014 18:34:30 +0100
Cc: Theodore Ts'o <tytso@xxxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx, Ext4 Developers List <linux-ext4@xxxxxxxxxxxxxxx>, xfs@xxxxxxxxxxx, linux-btrfs@xxxxxxxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <20141124152101.GA12575@xxxxxxxxxxxxx>
Mail-followup-to: dsterba@xxxxxxx, Christoph Hellwig <hch@xxxxxxxxxxxxx>, Theodore Ts'o <tytso@xxxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx, Ext4 Developers List <linux-ext4@xxxxxxxxxxxxxxx>, xfs@xxxxxxxxxxx, linux-btrfs@xxxxxxxxxxxxxxx
References: <1416599964-21892-1-git-send-email-tytso@xxxxxxx> <1416599964-21892-2-git-send-email-tytso@xxxxxxx> <20141124152101.GA12575@xxxxxxxxxxxxx>
Reply-to: dsterba@xxxxxxx
User-agent: Mutt/1.5.23.1-rc1 (2014-03-12)
On Mon, Nov 24, 2014 at 07:21:01AM -0800, Christoph Hellwig wrote:
> On Fri, Nov 21, 2014 at 02:59:21PM -0500, Theodore Ts'o wrote:
> > We needed to preserve update_time() because btrfs wants to have a
> > special btrfs_root_readonly() check; otherwise we could drop the
> > update_time() inode operation entirely.
> 
> Can't btrfs just set the immutable flag on every inode that is read
> when the root has the BTRFS_ROOT_SUBVOL_RDONLY flag? 

This would lead to change in return code from EROFS to EPERM/EACCESS for
all syscalls that do not pass through permissions() callback. Also, now
each file from a readonly subvol will show the 'i' attribute and there's
now way to determine if the file had had the 'i' attribute before it was
snapshotted.

> That would
> cut down the places that need this check to the ioctl path so that
> we prevent users from clearling the immutable flag.

This means that even the root or capable user are not able to clear the
flag.

Even though the extra btrfs_root_readonly checks are not all great, the
number of surprises that the immutable bit could bring is IMO not great
either.

These callbacks that now implement the extra check:

- update_time
- setattr
- setflags (ioctl)
- setxattr
- removexattr

The btrfs_root_readonly checks in setxattr and removexattr are
unnecessary because they're done through xattr_permisssion. I'll send a
patch to remove them.

'setflags' is an ioctl and all the checks have to be done there.
The generic permission() callback cannot be used here because it would
fail to clear eg. the immutable flag.

'setattr' does limited permission checks (IMMUTABLE and APPEND), nothing
that calls to the filesystem directly or indirectly.

The remaining one is 'update_time'. I'm not sure if the amount of work
the switch to IMUUTABLE bit would need is justified, compared to this
one instance of extra btrfs_root_readonly test. As the VFS layer has no
notion of subvolume it's not able to determine the RO/RW status without
asking the filesystem anyway.

<Prev in Thread] Current Thread [Next in Thread>