From: Florian Weimer <fweimer@redhat.com>
To: Aleksa Sarai <cyphar@cyphar.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, Dave Chinner <dchinner@redhat.com>
Subject: Re: Testing if two open descriptors refer to the same inode
Date: Mon, 29 Jul 2024 11:29:49 +0200 [thread overview]
Message-ID: <87a5i0r1f6.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <20240729.085339-ebony.subplot.isolated.pops-b8estyg9vB9Q@cyphar.com> (Aleksa Sarai's message of "Mon, 29 Jul 2024 19:09:56 +1000")
* Aleksa Sarai:
> On 2024-07-29, Florian Weimer <fweimer@redhat.com> wrote:
>> It was pointed out to me that inode numbers on Linux are no longer
>> expected to be unique per file system, even for local file systems.
>> Applications sometimes need to check if two (open) files are the same.
>> For example, a program may want to use a temporary file if is invoked
>> with input and output files referring to the same file.
>
> Based on the discussions we had at LSF/MM, I believe the "correct" way
> now is to do
>
> name_to_handle_at(fd, "", ..., AT_EMPTY_PATH|AT_HANDLE_FID)
>
> and then use the fhandle as the key to compare inodes. AT_HANDLE_FID is
> needed for filesystems that don't support decoding file handles, and was
> added in Linux 6.6[1]. However, I think this inode issue is only
> relevant for btree filesystems, and I think both btrfs and bcachefs both
> support decoding fhandles so this should work on fairly old kernels
> without issue (though I haven't checked).
> [1]: commit 96b2b072ee62 ("exportfs: allow exporting non-decodeable file handles to userspace")
Thanks, it's not too bad. The name_to_handle_at manual page says that
the handle is supposed to be treated as an opaque value, although it
mentions AT_HANDLE_FID. I think this needs to be fixed that it's
expected to compare the handle bytes, and also say whether it's
necessary to compare the type or not.
> Lennart suggested there should be a way to get this information from
> statx(2) so that you can get this new inode identifier without doing a
> bunch of extra syscalls to verify that inode didn't change between the
> two syscalls. I have a patchset for this, but I suspect it's too ugly
> (we can't return the full file handle so we need to hash it). I'll send
> an RFC later this week or next.
Hashing these things is rather nasty because it makes things impossible
to test.
>> How can we check for this? The POSIX way is to compare st_ino and
>> st_dev in stat output, but if inode numbers are not unique, that will
>> result in files falsely being reported as identical. It's harmless in
>> the temporary file case, but it in other scenarios, it may result in
>> data loss.
>
> (Another problem is that st_dev can be different for the same mount due
> to subvolumes.)
Uh-oh. If st_dev are different, is it still possible that truncating
one path will affect the other with the different st_dev value?
Thanks,
Florian
next prev parent reply other threads:[~2024-07-29 9:30 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-29 6:55 Testing if two open descriptors refer to the same inode Florian Weimer
2024-07-29 9:09 ` Aleksa Sarai
2024-07-29 9:29 ` Florian Weimer [this message]
2024-07-29 10:18 ` Mateusz Guzik
2024-07-29 10:40 ` Florian Weimer
2024-07-29 10:50 ` Mateusz Guzik
2024-07-29 10:56 ` Mateusz Guzik
2024-07-29 10:57 ` Florian Weimer
2024-07-29 11:06 ` Mateusz Guzik
2024-07-29 11:36 ` Florian Weimer
2024-07-29 12:00 ` Mateusz Guzik
2024-07-29 11:40 ` Aleksa Sarai
2024-07-31 18:07 ` David Sterba
2024-07-29 11:47 ` Aleksa Sarai
2024-07-29 12:12 ` Mateusz Guzik
2024-07-29 23:19 ` Dave Chinner
2024-07-29 23:08 ` Dave Chinner
2024-07-29 12:26 ` Christian Brauner
2024-07-29 13:36 ` Theodore Ts'o
2024-07-30 2:31 ` Dave Chinner
2024-07-30 4:19 ` Theodore Ts'o
2024-07-30 15:38 ` Christoph Hellwig
2024-07-29 15:24 ` Jeff Layton
2024-07-29 15:39 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a5i0r1f6.fsf@oldenburg.str.redhat.com \
--to=fweimer@redhat.com \
--cc=cyphar@cyphar.com \
--cc=dchinner@redhat.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.