From: Jeremy Allison <jra@samba.org>
To: Matthew Wilcox <willy@infradead.org>
Cc: Steve French <smfrench@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
ebiggers@kernel.org,
samba-technical <samba-technical@lists.samba.org>
Subject: Re: Streams support in Linux
Date: Mon, 27 Aug 2018 12:06:08 -0700 [thread overview]
Message-ID: <20180827190608.GF217636@jra3> (raw)
In-Reply-To: <20180827182143.GB24544@bombadil.infradead.org>
On Mon, Aug 27, 2018 at 11:21:43AM -0700, Matthew Wilcox wrote:
> On Mon, Aug 27, 2018 at 10:05:31AM -0700, Jeremy Allison wrote:
> > I can't think of a *single* case where a stream adds more
> > utility than an EA used in the same case.
> >
> > I don't want theoretical "well it would be nice if..",
> > I want clear "we couldn't have done it any other way"
> > kinds of things.
>
> I started this thread with such an example. The fs-verity patch proposed
> wants to store hundreds of megabytes of data associated with a particular
> file. The current solution is to append it to the end of the data then
> magic to set i_size lower but not remove the data from the file like a
> truncate would. Then more magic to read that data.
> It can't be stored in an xattr; xattrs are limited to 64k in size.
> And you have to read them / write them all-in-one-go; you can't read
> a little bit of them. How would you solve the fs-verity problem with
> less magic?
OK, fair enough. I concede that is a use-case that would
be easier if Linux had streams.
But as Al just pointed out, this is a case of a poor design.
There are other ways of solving this problem without introducing
a feature that adds *known* security issues and causes headaches for
people attempting to secure systems (scanners for "hidden"
data areas etc.). The greatest users of streams in Windows
are the virus-writing fraternity. Let's not add features
for them please.
But you also said:
> There are, of course, other clients for file streams. Samba is one,
> GNOME could use streams for various desktoppy things, and I'm certain
> other users would come out of the woodwork if we had them.
This is not a good justification (IMHO). You have one
case where streams would make things easier. Samba might
use them on Linux if there were there, but we'd always
have to keep our non-Linux stream emulation code around
and up to date for our other important system FreeBSD
(I'm considering Solaris dead now, plus we never implemented
Solaris native streams in all the time they were available,
due to their limited availability on all other platforms).
This is a case of adding a nasty feature that encourages bad
security design "just because" it might be useful for user
space that currently works fine without it.
EA's work OK for Gnome. I doubt they want to store
hundreds of megabytes of extra meta-data hidden inside
a file, and on the off chance they do they also have
to emulate this on non-Linux systems anyway (as does
Samba).
Apple gets away with requiring streams in MacOSX as
they don't care about interop with anything other than
themselves and Windows. We're not in that position.
All pain, no gain IMHO :-).
next prev parent reply other threads:[~2018-08-27 22:54 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-25 13:51 Streams support in Linux Matthew Wilcox
2018-08-25 14:47 ` Al Viro
2018-08-25 15:51 ` Matthew Wilcox
2018-08-25 18:00 ` Al Viro
2018-08-25 20:57 ` Matthew Wilcox
2018-08-25 22:36 ` Al Viro
2018-08-26 1:03 ` Steve French
2018-08-27 17:05 ` Jeremy Allison
2018-08-27 17:41 ` Jeremy Allison
2018-08-27 18:21 ` Matthew Wilcox
2018-08-27 18:45 ` Al Viro
2018-08-27 19:06 ` Jeremy Allison [this message]
2018-08-28 0:45 ` Theodore Y. Ts'o
2018-08-28 1:07 ` Steve French
2018-08-28 18:12 ` Jeremy Allison
2018-08-28 18:32 ` Steve French
2018-08-28 18:40 ` Jeremy Allison
2018-08-28 19:43 ` Steve French
2018-08-28 19:47 ` Jeremy Allison
2018-08-28 20:43 ` Steve French
2018-08-28 20:47 ` Jeremy Allison
2018-08-28 20:51 ` Steve French
2018-08-28 21:19 ` Stefan Metzmacher
2018-08-28 21:22 ` Jeremy Allison
2018-08-28 21:23 ` Steve French
2018-08-29 5:13 ` Ralph Böhme
2018-08-29 13:46 ` Tom Talpey
2018-08-29 13:54 ` Aurélien Aptel
2018-08-29 15:02 ` Tom Talpey
2018-08-29 16:00 ` Jeremy Allison
2018-08-29 15:59 ` Jeremy Allison
2018-08-29 18:52 ` Andreas Dilger
2018-08-26 20:30 ` Matthew Wilcox
2018-08-25 16:25 ` Theodore Y. Ts'o
2018-08-27 16:33 ` Jeremy Allison
-- strict thread matches above, loose matches on Subject: below --
2018-09-20 2:06 Shahbaz Youssefi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180827190608.GF217636@jra3 \
--to=jra@samba.org \
--cc=ebiggers@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=samba-technical@lists.samba.org \
--cc=smfrench@gmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).