Re: [fuse-devel] [PATCH] Make file struct available to fchmod FS handlers.

[ebiederm@xmission.com (Eric W. Biederman)]

Nikolaus Rath <Nikolaus@rath.org> writes:

> On Nov 17 2016, ebiederm@xmission.com (Eric W. Biederman) wrote:
>> Jose Lopes <jabolopes@gmail.com> writes:
>>
>>> Hi,
>>>
>>> On Thu, Nov 3, 2016 at 9:22 AM Jean-Pierre André <jean-pierre.andre@wanadoo.fr> wrote:
>>>
>>>  Al Viro wrote:
>>>  > On Wed, Nov 02, 2016 at 11:53:40PM +0100, Jose Lopes wrote:
>>>  >> Syscall 'ftruncate' makes the 'file' struct available to filesystem
>>>  >> handlers. This makes it possible, e.g., for filesystems, such as,
>>>  >> FUSE, to access the file handle associated with the file descriptor
>>>  >> that was passed to 'ftruncate'. In the specific case of FUSE, this
>>>  >> also makes it possible for (userspace) FUSE-based filesystems to
>>>  >> distinguish between calls to 'truncate' and 'ftruncate'.
>>>  >
>>>  > Why FUSE is such a precious snowflake that it needs to make that distinction,
>>>  > unlike all other filesystems?
>>>
>>>  For fuse file system which delegate the permission checks
>>>  to user space (and have to do so because of cacheing
>>>  issues), the write permission has to be checked for
>>>  truncate(), and not checked for ftruncate() : the file
>>>  may have been opened for writing and then its permissions
>>>  set to read-only before the ftruncate() is requested.
>>>  The user space file system can check current permissions,
>>>  not the ones which were set when the file was opened.
>>>
>>> +1 what Jean-Pierre said.
>>>
>>> Also, I work on a FUSE-based network filesystem and the fact that we cannot
>>> distinguish between calls to fchmod and chmod produces incorrect results.
>>> For example, in the cases where a file was unlinked or moved, calling fchmod
>>> should apply the change directly in the open file. However, since the fchmod
>>> call arrives to FUSE as chmod (because of the missing file handle), FUSE will
>>> try to resolve the path to get to the open file, which fails because the file was
>>> moved or unlinked, or it will apply the change to the wrong file if in the meantime
>>> another file was open under the same path of the previous file.
>>
>> I read through this and I agree with Al.  Semantically ftruncate needs
>> the file handle to operate correctly.  Semantically fchmod does not need
>> the file handle.  The file handle to fchmod is just a way to pass it the
>> specific inode.
>
> Could you explain this in more detail? What does ftruncate need the file
> handle for other than to obtain the inode?

ftruncate requires the file to be opened for writing.

>> Given that a file handle exists presumably userspace has state cached
>> for this file already.  So a lookup by inode in the userspace
>> filesystems data structures should get the job done.
>
> True. But passing the information from the kernel is just copying some
> bytes around, obtaining it in userspace would mean a hash table lookup
> for every request (including those that don't have a file handle).
>
> I presume this is the reason why ftruncate gets the information from the
> kernel (it could also just do lookup by inode). Why doesn't the same
> argument apply to eg fchmod?

fchmod does not require the file to be opened for writing.


There might be an argument for better tokens between fuse and the kernel
for inodes, but that is another story.

Eric