From: Vivek Goyal <vgoyal@redhat.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: virtio-fs-list <virtio-fs@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
Luis Henriques <lhenriques@suse.de>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
qemu-devel@nongnu.org
Subject: Re: [PATCH v2 0/3] virtiofsd: Add options to enable/disable posix acl
Date: Mon, 22 Feb 2021 09:47:24 -0500 [thread overview]
Message-ID: <20210222144724.GC13715@redhat.com> (raw)
In-Reply-To: <CAJfpeguanq6PEf7jd9Ur_JO7aJ0eoojs65LXb6ukhoGGb_Ccdw@mail.gmail.com>
On Fri, Feb 19, 2021 at 04:55:06PM +0100, Miklos Szeredi wrote:
> On Fri, Feb 19, 2021 at 3:34 PM Vivek Goyal <vgoyal@redhat.com> wrote:
> >
> > On Fri, Feb 19, 2021 at 11:50:54AM +0000, Luis Henriques wrote:
> > > Vivek Goyal <vgoyal@redhat.com> writes:
> > >
> > > > Hi,
> > > >
> > > > This is V2 of the patches. Changes since v1 are.
> > > >
> > > > - Rebased on top of latest master.
> > > > - Took care of Miklos's comments to block acl xattrs if user
> > > > explicitly disabled posix acl.
> > > >
> > > > Luis Henriques reported that fstest generic/099 fails with virtiofs.
> > > > Little debugging showed that we don't enable acl support. So this
> > > > patch series provides option to enable/disable posix acl support. By
> > > > default it is disabled.
> > > >
> > > > I have run blogbench and pjdfstests with posix acl enabled and
> > > > things work fine.
> > > >
> > > > Luis, can you please apply these patches, and run virtiofsd with
> > > > "-o posix_acl" and see if it fixes the failure you are seeing. I
> > > > ran the steps you provided manually and it fixes the issue for
> > > > me.
> > >
> > > Sorry for the delay. I've finally tested these patches and they indeed
> > > fix the problem I reported. My only question about this fix is why is
> > > this option not enabled by default, since this is the documented behavior
> > > in acl(5) and umask(2)? In fact, why is this an option at all?
> >
> > You mean why to not enable acl by default?
> >
> > I am concerned about performance drop this can lead to because extra
> > GETXATTR(system.posix_acl_*) messages which will trigger if acls are enabled.
> > And not all users might require these. That's why I preferred to not enable
> > acl by default. Those who need it can enable it explicitly.
> >
> > Another example is xattr support. Due to performance concerns, we don't
> > enable xattrs by default either.
>
> Actually generic xattr is much worse, since there's no caching for
> them currently, as opposed to posix acls, which are cached both when
> positive and negative.
>
> If we enable ACL by default in case xattrs are enabled, we should be
> safe, I think.
Hi Miklos,
Ok, this sounds reasonable. I am running some quick tests and if I don't
notice any serious performance regression, I will respin my patch.
> Having an option to disable acls still makes sense,
> but it's an optional plus.
Agreed. If there are no serious negative performance issues with enabling
ACL, then an option to disable is an optional plus.
May be I will drop this for now and add this when somebody needs an
option to disable ACL.
Thanks
Vivek
next prev parent reply other threads:[~2021-02-22 14:49 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-17 23:30 [PATCH v2 0/3] virtiofsd: Add options to enable/disable posix acl Vivek Goyal
2021-02-17 23:30 ` [PATCH v2 1/3] virtiofsd: Add an option to enable/disable posix acls Vivek Goyal
2021-02-18 15:04 ` Vivek Goyal
2021-02-18 19:04 ` [PATCH v2.1 " Vivek Goyal
2021-02-17 23:30 ` [PATCH v2 2/3] virtiofsd: Add umask to seccom allow list Vivek Goyal
2021-02-17 23:30 ` [PATCH v2 3/3] virtiofsd: Change umask if posix acls are enabled Vivek Goyal
2021-02-19 11:50 ` [PATCH v2 0/3] virtiofsd: Add options to enable/disable posix acl Luis Henriques
2021-02-19 14:34 ` Vivek Goyal
2021-02-19 15:55 ` Miklos Szeredi
2021-02-19 16:15 ` Luis Henriques
2021-02-22 14:47 ` Vivek Goyal [this message]
2021-02-23 15:05 ` Luis Henriques
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210222144724.GC13715@redhat.com \
--to=vgoyal@redhat.com \
--cc=dgilbert@redhat.com \
--cc=lhenriques@suse.de \
--cc=miklos@szeredi.hu \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).