From: Luis Henriques <lhenriques@suse.de>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: virtio-fs-list <virtio-fs@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
qemu-devel@nongnu.org, Vivek Goyal <vgoyal@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: Re: [PATCH v2 0/3] virtiofsd: Add options to enable/disable posix acl
Date: Fri, 19 Feb 2021 16:15:38 +0000 [thread overview]
Message-ID: <87im6oghjp.fsf@suse.de> (raw)
In-Reply-To: <CAJfpeguanq6PEf7jd9Ur_JO7aJ0eoojs65LXb6ukhoGGb_Ccdw@mail.gmail.com> (Miklos Szeredi's message of "Fri, 19 Feb 2021 16:55:06 +0100")
Miklos Szeredi <miklos@szeredi.hu> writes:
> On Fri, Feb 19, 2021 at 3:34 PM Vivek Goyal <vgoyal@redhat.com> wrote:
>>
>> On Fri, Feb 19, 2021 at 11:50:54AM +0000, Luis Henriques wrote:
>> > Vivek Goyal <vgoyal@redhat.com> writes:
>> >
>> > > Hi,
>> > >
>> > > This is V2 of the patches. Changes since v1 are.
>> > >
>> > > - Rebased on top of latest master.
>> > > - Took care of Miklos's comments to block acl xattrs if user
>> > > explicitly disabled posix acl.
>> > >
>> > > Luis Henriques reported that fstest generic/099 fails with virtiofs.
>> > > Little debugging showed that we don't enable acl support. So this
>> > > patch series provides option to enable/disable posix acl support. By
>> > > default it is disabled.
>> > >
>> > > I have run blogbench and pjdfstests with posix acl enabled and
>> > > things work fine.
>> > >
>> > > Luis, can you please apply these patches, and run virtiofsd with
>> > > "-o posix_acl" and see if it fixes the failure you are seeing. I
>> > > ran the steps you provided manually and it fixes the issue for
>> > > me.
>> >
>> > Sorry for the delay. I've finally tested these patches and they indeed
>> > fix the problem I reported. My only question about this fix is why is
>> > this option not enabled by default, since this is the documented behavior
>> > in acl(5) and umask(2)? In fact, why is this an option at all?
>>
>> You mean why to not enable acl by default?
>>
>> I am concerned about performance drop this can lead to because extra
>> GETXATTR(system.posix_acl_*) messages which will trigger if acls are enabled.
>> And not all users might require these. That's why I preferred to not enable
>> acl by default. Those who need it can enable it explicitly.
>>
>> Another example is xattr support. Due to performance concerns, we don't
>> enable xattrs by default either.
>
> Actually generic xattr is much worse, since there's no caching for
> them currently, as opposed to posix acls, which are cached both when
> positive and negative.
>
> If we enable ACL by default in case xattrs are enabled, we should be
> safe, I think. Having an option to disable acls still makes sense,
> but it's an optional plus.
Great, thanks for clarifying that the reason for having these options is
really for performance.
Anyway, thanks a lot for looking at this and fixing it.
Cheers,
--
Luis
next prev parent reply other threads:[~2021-02-19 16:27 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-17 23:30 [PATCH v2 0/3] virtiofsd: Add options to enable/disable posix acl Vivek Goyal
2021-02-17 23:30 ` [PATCH v2 1/3] virtiofsd: Add an option to enable/disable posix acls Vivek Goyal
2021-02-18 15:04 ` Vivek Goyal
2021-02-18 19:04 ` [PATCH v2.1 " Vivek Goyal
2021-02-17 23:30 ` [PATCH v2 2/3] virtiofsd: Add umask to seccom allow list Vivek Goyal
2021-02-17 23:30 ` [PATCH v2 3/3] virtiofsd: Change umask if posix acls are enabled Vivek Goyal
2021-02-19 11:50 ` [PATCH v2 0/3] virtiofsd: Add options to enable/disable posix acl Luis Henriques
2021-02-19 14:34 ` Vivek Goyal
2021-02-19 15:55 ` Miklos Szeredi
2021-02-19 16:15 ` Luis Henriques [this message]
2021-02-22 14:47 ` Vivek Goyal
2021-02-23 15:05 ` Luis Henriques
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87im6oghjp.fsf@suse.de \
--to=lhenriques@suse.de \
--cc=dgilbert@redhat.com \
--cc=miklos@szeredi.hu \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).