Extended file stat: Splitting file- and fs-specific info?

Wed May 9 05:14:20 MDT 2012

On Wed, May 09, 2012 at 02:25:32PM +1000, Dave Chinner wrote:
> On Tue, May 08, 2012 at 09:09:41PM -0400, J. Bruce Fields wrote:
> > On Wed, May 09, 2012 at 10:24:20AM +1000, Dave Chinner wrote:
> > > On Tue, May 08, 2012 at 09:19:42PM +0100, David Howells wrote:
> > > > 
> > > > Should I split the file-specific info and the fs-specific info and make the
> > > > second optional?  What I'm thinking of is something like this:
> > > > 
> > > > Have a file information structure:
> > > > 
> > > > struct statx {
> > > > 	/* 0x00 */
> > > > 	uint32_t	st_mask;	/* What results were written */
> > > > 	uint32_t	st_information;	/* Information about the file */
> > > > 	uint16_t	st_mode;	/* File mode */
> > > > 	uint16_t	__spare0[3];
> > > > 	/* 0x10 */
> > > > 	uint32_t	st_uid;		/* User ID of owner */
> > > > 	uint32_t	st_gid;		/* Group ID of owner */
> > > > 	uint32_t	st_nlink;	/* Number of hard links */
> > > > 	uint32_t	st_blksize;	/* Optimal size for filesystem I/O */
> > > > 	/* 0x20 */
> > > > 	struct statx_dev st_rdev;	/* Device ID of special file */
> > > > 	struct statx_dev st_dev;	/* ID of device containing file */
> > > > 	/* 0x30 */
> > > > 	int32_t		st_atime_ns;	/* Last access time (ns part) */
> > > > 	int32_t		st_btime_ns;	/* File creation time (ns part) */
> > > > 	int32_t		st_ctime_ns;	/* Last attribute change time (ns part) */
> > > > 	int32_t		st_mtime_ns;	/* Last data modification time (ns part) */
> > > > 	/* 0x40 */
> > > > 	int64_t		st_atime;	/* Last access time */
> > > > 	int64_t		st_btime;	/* File creation time */
> > > > 	int64_t		st_ctime;	/* Last attribute change time */
> > > > 	int64_t		st_mtime;	/* Last data modification time */
> > > > 	/* 0x60 */
> > > > 	uint64_t	st_ino;		/* Inode number */
> > > > 	uint64_t	st_size;	/* File size */
> > > > 	uint64_t	st_blocks;	/* Number of 512-byte blocks allocated */
> > > > 	uint64_t	st_gen;		/* Inode generation number */
> > > 
> > > I don't think we want to expose the inode generation numbers. It is
> > > trivial to construct NFS file handles (usually just fsid, inode
> > > number and generation) with that information and hence bypass
> > > security checks to access files.
> > 
> > I'm not convinced there's much value in trying to keep filehandles
> > secret.
> 
> Sure, but I can't really see any good reason to expose filesystem
> internal implementation details like this - a generation number is
> usually used to differentiate between inode life cycles which
> userspace has no concept of and is different for every filesystem,
> so it's behaviour and values are not going to be consistent across
> filesystems.

That's OK.  The only requirement would be that the (inode number, inode
generation) pair be different for different inodes on the same
filesystem.

> Some filesystems might not even have a generation
> number they can export, and that makes me wonder if there is any
> good reason for exposing it at all.

That's true of a number of these new attributes.

> If you need to discriminate between versions of files with the same
> name, then use name_to_handle_at() and compare filehandles....

Sure.

Since the only use case given for this has been constructing
filehandles, and since we already have an interface for that, I don't
feel particularly strongly about this.

--b.