Ext3 users - Oct 2001 - Extended Attributes and Access Control Lists

Hello,

I have today released an initial version of extended attributes and access
control lists for ext3 (patch against the 2.4.13-ac3 kernel). Eric Jarman
<ejarman@acm.org> has contributed a lot to this effort.

Since I'm not very much into the innards of ext3, can some of you please
take a look at the patch, and see whether it contains any flaws (and tell
me which flaws)? Thanks!

The patch can be found at <http://acl.bestbits.at/>.

Please direct discussions about EA/ACL stuff to me personally, and to
acl-devel@bestbits.at. Acl-devel is a subscribers-only mailman list, to
which you can subscribe from the web site.


Cheers,
Andreas.

On Oct 28, 2001  23:03 +0100, Andreas Gruenbacher wrote:
> Since I'm not very much into the innards of ext3, can some of you
please
> take a look at the patch, and see whether it contains any flaws (and tell
> me which flaws)? Thanks!
> 
> The patch can be found at <http://acl.bestbits.at/>.
Hmm, I had a good look around, and couldn't find it.  Finally, I see
that it is already part of the "current" patches.

  http://acl.bestbits.at/current/linux-2.4.13ea-0.7.22.patch.gz
  http://acl.bestbits.at/current/linux-2.4.13-ac3-ea-0.7.22.patch.gz
  http://acl.bestbits.at/current/linux-2.4.13-ac4-ea-0.7.22.patch.gz


Well, as a start, it would be nice if the EA/ACL code followed the
coding style of ext2 and ext3 (and Linus) (i.e. function declarations).

- It seems that there are not enough files modified in the ext3 tree
  to implement EAs properly (at least compared to the number of files
  changed in the ext2 tree.  Is part of the patch missing?

- ext3_journal_stop() can return an error code.
- I would suggest using more specific macro names than "HDR" and
"ENTRY"
- I'm not saying that there is a problem, but it in ext3_set_ext_attr()
  it is very hard to see whether your ext3_journal_get_write_access()
  calls always have an ext3_journal_dirty_metadata() to go along with
  them, and I think the original coders have the same problem (e.g. the
  commented-out call to ext3_journal_dirty_metadata() at the end.  Is it
  possible to split up this _huge_ function into easier-to-digest bits?
- In ext3_attr_free_inode() it doesn't appear that you are journaling
  the changes to the inode itself.  Are you doing this elsewhere?
- Where/how is ext3_ext_attr_check_block() used?  It would seem that this
  should be part of e2fsck only.  If runtime checks are really needed,
  could you do something like ext3_check_page() where we only check the
  data a single time when it is read from disk?  If you find a bad EA
  block, you should probably call ext3_error() to force fsck on the
  next boot.
- ea_error() should probably just be replaced with a call to ext3_error()
  or ext3_warning(), as appropriate, which would solve the problem above.
- In ext3_ext_attr_cmp() shouldn't it be enough to compare only the
  hash values of each entry (or even better - only the hash value in
  the header)?  Maybe the entry hash should include the name as well?
  I don't think you will ever want to merge EAs with identical data
  but different names.  It seems like we are comparing too many things.
- Conversely, it appears that we are not comparing EA values in any
  cardinal "order", so that if you have one block with EAs foo,bar,
  and another block with EAs bar,foo (both with identical contents)
  they will not merge even though they should (AFAIK, position within
  the EA block should not be important).  Maybe comparing in EA-name
  order is best? 
- The mbcache stuff - you may as well move dcache, icache, dqcache
  into the list of caches, since we seem to be getting a lot of them,
  and it would clean up the code a bit.

- You should probably see if Linus will allow you to reserve the EA
  syscall numbers, so that you don't need to change them again if he
  adds new syscalls.  The EA stuff is mature enough (and close enough
  to inclusion into the main kernel) that allocating syscall numbers
  is a reasonable thing to do, even if the code is not included yet.

Cheers, Andreas
--
Andreas Dilger
http://sourceforge.net/projects/ext2resize/
http://www-mddsp.enel.ucalgary.ca/People/adilger/

On Fri, Nov 02, 2001 at 04:15:27PM +0000, Stephen C. Tweedie
wrote:
> Hi,
> 
> On Fri, Nov 02, 2001 at 09:08:12AM -0700, Peter J. Braam wrote:
> 
> > i_generation != i_version, the latter is really a version
> > counter, the former is an incarnation counter -- completely different
> > viz-a-viz NFS for example.
> 
> i_version may give you better caching by letting you know when the
> object has changed.  Is there anything you'd want i_version for that
> you can't do equally well with monotonically-increasing
> nanosecond-resolution ctime timestamps?
The ctime is changed by generic_file_write (I wonder why in fact). So
it reflects the data version of the file.  The i_version, when
properly used, could version the inode metadata.

A nano second ctime would be great, an independently managed i_version
for the inode changes only would also be very useful.
> 
> > >is held on disk in the inode, 
> > > and ".." is in the
> > > first directory data block
> > 
> > That's not what I want -- it's precisely the elimination of
directory
> > data reads for .. that I want. 
> 
> The VFS API problem remains --- ".." lookup never actually gets
as far
> as the on-disk filesystem in most cases these days.
The NFS server in fact has to do this (nfsd_find_parent) - when the
dentry corresponding to the file handle was purged from the cache.

_ Peter _
> 
> Cheers,
>  Stephen
--

I've been running more tests.

Kernel 2.4.13-ac5
patches applied:
ea and acl versions 0.7.22d
sgi kdb version 1.9-2.4.13-ac1 (turned off in tests)

The oops doesn't occur on a single processor machine, only on a
multiprocessor
machine.  Output of ksymoops and kernel config file attached.

(Note.  The output of ksymoops I sent to A.G. a few days ago is mangled by using
the wrong System.map file.  This one is correct.)

Eric.



-------------------------------------------------
This mail sent through MuleMail: http://mulemail.cmsu.edu/

Hi,

On Fri, Nov 02, 2001 at 11:09:03AM -0600, Eric Jarman wrote:
> Kernel 2.4.13-ac5
> patches applied:
> ea and acl versions 0.7.22d
> sgi kdb version 1.9-2.4.13-ac1 (turned off in tests)
> 
> The oops doesn't occur on a single processor machine, only on a
multiprocessor
> machine.  Output of ksymoops and kernel config file attached.
How easy is it to reproduce?

So far I can't see why this should happen, but if there are deleted
buffers involved, I can't convinve myself that it's impossible either.

Andrew, the 2.2 code always took _both_ the journal and buffer locks
before entering do_get_write_access(), so we knew we had total
knowledge of the buffer state and there was no other IO going on.  

That was dropped in the 2.4 port: can you think of any reason why we
shouldn't restore it?

Cheers,
 Stephen