Message ID | 20230719221918.8937-1-krisman@suse.de (mailing list archive) |
---|---|
Headers | show |
Series | Support negative dentries on case-insensitive ext4 and f2fs | expand |
Sorry, one more thing... On Wed, Jul 19, 2023 at 06:19:11PM -0400, Gabriel Krisman Bertazi wrote: > > Another problem exists when turning a negative dentry to positive. If > the negative dentry has a different case than what is currently being > used for lookup, the dentry cannot be reused without changing its name, > in order to guarantee filename-preserving semantics to userspace. We > need to either change the name or invalidate the dentry. This issue is > currently avoided in mainline, since the negative dentry mechanism is > disabled. Are you sure this problem even needs to be solved? It actually isn't specific to negative dentries. If you have a file "foo" that's not in the dcache, and you open it (or look it up in any other way) as "FOO", then the positive dentry that gets created is named "FOO". As a result, the name that shows up in /proc/$pid/fd/ for anyone who has the file open is "FOO", not the true name "foo". This is true even for processes that open it as "foo", as long as the dentry remains in the dcache. No negative dentries involved at all! Is your thinking that you just don't want to increase the number of ways in which this behavior can occur? Or, it looks like the positive dentry case is solvable using d_add_ci(). So maybe you are planning to do that? It's not clear to me. - Eric
Eric Biggers <ebiggers@kernel.org> writes: >> Another problem exists when turning a negative dentry to positive. If >> the negative dentry has a different case than what is currently being >> used for lookup, the dentry cannot be reused without changing its name, >> in order to guarantee filename-preserving semantics to userspace. We >> need to either change the name or invalidate the dentry. This issue is >> currently avoided in mainline, since the negative dentry mechanism is >> disabled. > > Are you sure this problem even needs to be solved? Yes, because we promise name-preserving semantics. If we don't do it, the name on the disk might be different than what was asked for, and tools that rely on it (they exist) will break. During initial testing, I've had tools breaking with case-insensitive ext4 because they created a file, did getdents and wanted to see exactly the name they used. > It actually isn't specific to negative dentries. If you have a file "foo" > that's not in the dcache, and you open it (or look it up in any other way) as > "FOO", then the positive dentry that gets created is named "FOO". > > As a result, the name that shows up in /proc/$pid/fd/ for anyone who has the > file open is "FOO", not the true name "foo". This is true even for processes > that open it as "foo", as long as the dentry remains in the dcache. > > No negative dentries involved at all! I totally agree it is goes beyond negative dentries, but this case is particularly important because it is the only one (that I know of) where the incorrect case might actually be written to the disk. other cases, like /proc/<pid>/fd/ can just display a different case to userspace, which is confusing. Still, the disk has the right version, exactly as originally created. I see the current /proc/$pid/fd/ semantics as a bug. In fact, I have/had a bug report for bwrap/flatkpak breaking because it was mounting something and immediately checking /proc/mounts to confirm it worked. A former team member tried fixing it a while ago, but we didn't follow up, and I don't really love the way they did it. I need to look into that. > Or, it looks like the positive dentry case is solvable using d_add_ci(). > So maybe you are planning to do that? It's not clear to me. I want to use d_add_ci for the future, yes. It is not hard, but not trivial, because there is an infinite recursion if d_add_ci uses ->d_compare() when doing the lookup for a duplicate. We sent a patch to fix d_add_ci a while ago, but it was rejected. I need to revisit.
On Thu, Jul 20, 2023 at 01:35:37PM -0400, Gabriel Krisman Bertazi wrote: > Eric Biggers <ebiggers@kernel.org> writes: > > >> Another problem exists when turning a negative dentry to positive. If > >> the negative dentry has a different case than what is currently being > >> used for lookup, the dentry cannot be reused without changing its name, > >> in order to guarantee filename-preserving semantics to userspace. We > >> need to either change the name or invalidate the dentry. This issue is > >> currently avoided in mainline, since the negative dentry mechanism is > >> disabled. > > > > Are you sure this problem even needs to be solved? > > Yes, because we promise name-preserving semantics. If we don't do it, > the name on the disk might be different than what was asked for, and tools > that rely on it (they exist) will break. During initial testing, I've > had tools breaking with case-insensitive ext4 because they created a > file, did getdents and wanted to see exactly the name they used. > > > It actually isn't specific to negative dentries. If you have a file "foo" > > that's not in the dcache, and you open it (or look it up in any other way) as > > "FOO", then the positive dentry that gets created is named "FOO". > > > > As a result, the name that shows up in /proc/$pid/fd/ for anyone who has the > > file open is "FOO", not the true name "foo". This is true even for processes > > that open it as "foo", as long as the dentry remains in the dcache. > > > > No negative dentries involved at all! > > I totally agree it is goes beyond negative dentries, but this case is > particularly important because it is the only one (that I know of) where > the incorrect case might actually be written to the disk. other cases, > like /proc/<pid>/fd/ can just display a different case to userspace, > which is confusing. Still, the disk has the right version, exactly as > originally created. > > I see the current /proc/$pid/fd/ semantics as a bug. In fact, I have/had > a bug report for bwrap/flatkpak breaking because it was mounting > something and immediately checking /proc/mounts to confirm it worked. A > former team member tried fixing it a while ago, but we didn't follow up, > and I don't really love the way they did it. I need to look into that. > > > Or, it looks like the positive dentry case is solvable using d_add_ci(). > > So maybe you are planning to do that? It's not clear to me. > > I want to use d_add_ci for the future, yes. It is not hard, but not > trivial, because there is an infinite recursion if d_add_ci uses > ->d_compare() when doing the lookup for a duplicate. We sent a patch to > fix d_add_ci a while ago, but it was rejected. I need to revisit. > Thanks, I missed that choosing a different-case dentry actually changes the name given to the new file. This is because the filesystem is told about the name of the file to create via the negative dentry that gets found/created -- not via the original user-specified string. It would help if you made this clear in a code comment. Taking the comment I suggested, I'd maybe revise it to: /* * If the lookup is for creation, then a negative dentry * can only be reused if it's a case-sensitive match, * not just a case-insensitive one. This is needed to * make the new file be created with the name the user * specified, preserving case. * - Eric