Message ID | 20240205200529.546646-3-kent.overstreet@linux.dev (mailing list archive) |
---|---|
State | Deferred, archived |
Headers | show |
Series | filesystem visibility ioctls | expand |
On Mon, Feb 05, 2024 at 03:05:13PM -0500, Kent Overstreet wrote: > Add a new generic ioctls for querying the filesystem UUID. > > These are lifted versions of the ext4 ioctls, with one change: we're not > using a flexible array member, because UUIDs will never be more than 16 > bytes. > > This patch adds a generic implementation of FS_IOC_GETFSUUID, which > reads from super_block->s_uuid; FS_IOC_SETFSUUID is left for individual > filesystems to implement. > > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> > Cc: Christian Brauner <brauner@kernel.org> > Cc: Jan Kara <jack@suse.cz> > Cc: Dave Chinner <dchinner@redhat.com> > Cc: "Darrick J. Wong" <djwong@kernel.org> > Cc: Theodore Ts'o <tytso@mit.edu> > Cc: linux-fsdevel@vger.kernel.or > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> > --- > fs/ioctl.c | 16 ++++++++++++++++ > include/uapi/linux/fs.h | 16 ++++++++++++++++ > 2 files changed, 32 insertions(+) > > diff --git a/fs/ioctl.c b/fs/ioctl.c > index 76cf22ac97d7..858801060408 100644 > --- a/fs/ioctl.c > +++ b/fs/ioctl.c > @@ -763,6 +763,19 @@ static int ioctl_fssetxattr(struct file *file, void __user *argp) > return err; > } > > +static int ioctl_getfsuuid(struct file *file, void __user *argp) > +{ > + struct super_block *sb = file_inode(file)->i_sb; > + > + if (WARN_ON(sb->s_uuid_len > sizeof(sb->s_uuid))) > + sb->s_uuid_len = sizeof(sb->s_uuid); A "get"/read only ioctl should not be change superblock fields - this is not the place for enforcing superblock filed constraints. Make a helper function super_set_uuid(sb, uuid, uuid_len) for the filesystems to call that does all the validity checking and then sets the superblock fields appropriately. > + > + struct fsuuid2 u = { .fsu_len = sb->s_uuid_len, }; > + memcpy(&u.fsu_uuid[0], &sb->s_uuid, sb->s_uuid_len); if (!u.fsu_len) return -ENOENT; memcpy(&u.fsu_uuid[0], &sb->s_uuid, u.fsu_len); > + > + return copy_to_user(argp, &u, sizeof(u)) ? -EFAULT : 0; > +} > + > /* > * do_vfs_ioctl() is not for drivers and not intended to be EXPORT_SYMBOL()'d. > * It's just a simple helper for sys_ioctl and compat_sys_ioctl. > @@ -845,6 +858,9 @@ static int do_vfs_ioctl(struct file *filp, unsigned int fd, > case FS_IOC_FSSETXATTR: > return ioctl_fssetxattr(filp, argp); > > + case FS_IOC_GETFSUUID: > + return ioctl_getfsuuid(filp, argp); > + > default: > if (S_ISREG(inode->i_mode)) > return file_ioctl(filp, cmd, argp); > diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h > index 48ad69f7722e..0389fea87db5 100644 > --- a/include/uapi/linux/fs.h > +++ b/include/uapi/linux/fs.h > @@ -64,6 +64,20 @@ struct fstrim_range { > __u64 minlen; > }; > > +/* > + * We include a length field because some filesystems (vfat) have an identifier > + * that we do want to expose as a UUID, but doesn't have the standard length. > + * > + * We use a fixed size buffer beacuse this interface will, by fiat, never > + * support "UUIDs" longer than 16 bytes; we don't want to force all downstream > + * users to have to deal with that. > + */ > +struct fsuuid2 { > + __u32 fsu_len; > + __u32 fsu_flags; > + __u8 fsu_uuid[16]; > +}; Nobody in userspace will care that this is "version 2" of the ext4 ioctl. I'd just name it "fs_uuid" as though the ext4 version didn't ever exist. > + > /* extent-same (dedupe) ioctls; these MUST match the btrfs ioctl definitions */ > #define FILE_DEDUPE_RANGE_SAME 0 > #define FILE_DEDUPE_RANGE_DIFFERS 1 > @@ -215,6 +229,8 @@ struct fsxattr { > #define FS_IOC_FSSETXATTR _IOW('X', 32, struct fsxattr) > #define FS_IOC_GETFSLABEL _IOR(0x94, 49, char[FSLABEL_MAX]) > #define FS_IOC_SETFSLABEL _IOW(0x94, 50, char[FSLABEL_MAX]) > +#define FS_IOC_GETFSUUID _IOR(0x94, 51, struct fsuuid2) > +#define FS_IOC_SETFSUUID _IOW(0x94, 52, struct fsuuid2) 0x94 is the btrfs ioctl space, not the VFS space - why did you choose that? That said, what is the VFS ioctl space identifier? 'v', perhaps? -Dave.
On Tue, Feb 06, 2024 at 09:17:58AM +1100, Dave Chinner wrote: > On Mon, Feb 05, 2024 at 03:05:13PM -0500, Kent Overstreet wrote: > > Add a new generic ioctls for querying the filesystem UUID. > > > > These are lifted versions of the ext4 ioctls, with one change: we're not > > using a flexible array member, because UUIDs will never be more than 16 > > bytes. > > > > This patch adds a generic implementation of FS_IOC_GETFSUUID, which > > reads from super_block->s_uuid; FS_IOC_SETFSUUID is left for individual > > filesystems to implement. > > > > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> > > Cc: Christian Brauner <brauner@kernel.org> > > Cc: Jan Kara <jack@suse.cz> > > Cc: Dave Chinner <dchinner@redhat.com> > > Cc: "Darrick J. Wong" <djwong@kernel.org> > > Cc: Theodore Ts'o <tytso@mit.edu> > > Cc: linux-fsdevel@vger.kernel.or > > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> > > --- > > fs/ioctl.c | 16 ++++++++++++++++ > > include/uapi/linux/fs.h | 16 ++++++++++++++++ > > 2 files changed, 32 insertions(+) > > > > diff --git a/fs/ioctl.c b/fs/ioctl.c > > index 76cf22ac97d7..858801060408 100644 > > --- a/fs/ioctl.c > > +++ b/fs/ioctl.c > > @@ -763,6 +763,19 @@ static int ioctl_fssetxattr(struct file *file, void __user *argp) > > return err; > > } > > > > +static int ioctl_getfsuuid(struct file *file, void __user *argp) > > +{ > > + struct super_block *sb = file_inode(file)->i_sb; > > + > > + if (WARN_ON(sb->s_uuid_len > sizeof(sb->s_uuid))) > > + sb->s_uuid_len = sizeof(sb->s_uuid); > > A "get"/read only ioctl should not be change superblock fields - > this is not the place for enforcing superblock filed constraints. > Make a helper function super_set_uuid(sb, uuid, uuid_len) for the > filesystems to call that does all the validity checking and then > sets the superblock fields appropriately. *nod* good thought... > > +struct fsuuid2 { > > + __u32 fsu_len; > > + __u32 fsu_flags; > > + __u8 fsu_uuid[16]; > > +}; > > Nobody in userspace will care that this is "version 2" of the ext4 > ioctl. I'd just name it "fs_uuid" as though the ext4 version didn't > ever exist. I considered that - but I decided I wanted the explicit versioning, because too often we live with unfixed mistakes because versioning is ugly, or something? Doing a new revision of an API should be a normal, frequent thing, and I want to start making it a convention. > > > + > > /* extent-same (dedupe) ioctls; these MUST match the btrfs ioctl definitions */ > > #define FILE_DEDUPE_RANGE_SAME 0 > > #define FILE_DEDUPE_RANGE_DIFFERS 1 > > @@ -215,6 +229,8 @@ struct fsxattr { > > #define FS_IOC_FSSETXATTR _IOW('X', 32, struct fsxattr) > > #define FS_IOC_GETFSLABEL _IOR(0x94, 49, char[FSLABEL_MAX]) > > #define FS_IOC_SETFSLABEL _IOW(0x94, 50, char[FSLABEL_MAX]) > > +#define FS_IOC_GETFSUUID _IOR(0x94, 51, struct fsuuid2) > > +#define FS_IOC_SETFSUUID _IOW(0x94, 52, struct fsuuid2) > > 0x94 is the btrfs ioctl space, not the VFS space - why did you > choose that? That said, what is the VFS ioctl space identifier? 'v', > perhaps? "Promoting ioctls from fs to vfs without revising and renaming considered harmful"... this is a mess that could have been avoided if we weren't taking the lazy route. And 'v' doesn't look like it to me, I really have no idea what to use here. Does anyone?
On Mon, Feb 05, 2024 at 05:49:30PM -0500, Kent Overstreet wrote: > On Tue, Feb 06, 2024 at 09:17:58AM +1100, Dave Chinner wrote: > > On Mon, Feb 05, 2024 at 03:05:13PM -0500, Kent Overstreet wrote: > > > Add a new generic ioctls for querying the filesystem UUID. > > > > > > These are lifted versions of the ext4 ioctls, with one change: we're not > > > using a flexible array member, because UUIDs will never be more than 16 > > > bytes. > > > > > > This patch adds a generic implementation of FS_IOC_GETFSUUID, which > > > reads from super_block->s_uuid; FS_IOC_SETFSUUID is left for individual > > > filesystems to implement. > > > > > > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> > > > Cc: Christian Brauner <brauner@kernel.org> > > > Cc: Jan Kara <jack@suse.cz> > > > Cc: Dave Chinner <dchinner@redhat.com> > > > Cc: "Darrick J. Wong" <djwong@kernel.org> > > > Cc: Theodore Ts'o <tytso@mit.edu> > > > Cc: linux-fsdevel@vger.kernel.or > > > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> > > > --- > > > fs/ioctl.c | 16 ++++++++++++++++ > > > include/uapi/linux/fs.h | 16 ++++++++++++++++ > > > 2 files changed, 32 insertions(+) > > > > > > diff --git a/fs/ioctl.c b/fs/ioctl.c > > > index 76cf22ac97d7..858801060408 100644 > > > --- a/fs/ioctl.c > > > +++ b/fs/ioctl.c > > > @@ -763,6 +763,19 @@ static int ioctl_fssetxattr(struct file *file, void __user *argp) > > > return err; > > > } > > > > > > +static int ioctl_getfsuuid(struct file *file, void __user *argp) > > > +{ > > > + struct super_block *sb = file_inode(file)->i_sb; > > > + > > > + if (WARN_ON(sb->s_uuid_len > sizeof(sb->s_uuid))) > > > + sb->s_uuid_len = sizeof(sb->s_uuid); > > > > A "get"/read only ioctl should not be change superblock fields - > > this is not the place for enforcing superblock filed constraints. > > Make a helper function super_set_uuid(sb, uuid, uuid_len) for the > > filesystems to call that does all the validity checking and then > > sets the superblock fields appropriately. > > *nod* good thought... > > > > +struct fsuuid2 { > > > + __u32 fsu_len; > > > + __u32 fsu_flags; > > > + __u8 fsu_uuid[16]; > > > +}; > > > > Nobody in userspace will care that this is "version 2" of the ext4 > > ioctl. I'd just name it "fs_uuid" as though the ext4 version didn't > > ever exist. > > I considered that - but I decided I wanted the explicit versioning, > because too often we live with unfixed mistakes because versioning is > ugly, or something? > > Doing a new revision of an API should be a normal, frequent thing, and I > want to start making it a convention. > > > > > > + > > > /* extent-same (dedupe) ioctls; these MUST match the btrfs ioctl definitions */ > > > #define FILE_DEDUPE_RANGE_SAME 0 > > > #define FILE_DEDUPE_RANGE_DIFFERS 1 > > > @@ -215,6 +229,8 @@ struct fsxattr { > > > #define FS_IOC_FSSETXATTR _IOW('X', 32, struct fsxattr) > > > #define FS_IOC_GETFSLABEL _IOR(0x94, 49, char[FSLABEL_MAX]) > > > #define FS_IOC_SETFSLABEL _IOW(0x94, 50, char[FSLABEL_MAX]) > > > +#define FS_IOC_GETFSUUID _IOR(0x94, 51, struct fsuuid2) > > > +#define FS_IOC_SETFSUUID _IOW(0x94, 52, struct fsuuid2) > > > > 0x94 is the btrfs ioctl space, not the VFS space - why did you > > choose that? That said, what is the VFS ioctl space identifier? 'v', > > perhaps? > > "Promoting ioctls from fs to vfs without revising and renaming > considered harmful"... this is a mess that could have been avoided if we > weren't taking the lazy route. > > And 'v' doesn't look like it to me, I really have no idea what to use > here. Does anyone? I thought it was 'f' but apparently that's ext? --D
On Tue, Feb 6, 2024 at 12:49 AM Kent Overstreet <kent.overstreet@linux.dev> wrote: > > On Tue, Feb 06, 2024 at 09:17:58AM +1100, Dave Chinner wrote: > > On Mon, Feb 05, 2024 at 03:05:13PM -0500, Kent Overstreet wrote: > > > Add a new generic ioctls for querying the filesystem UUID. > > > > > > These are lifted versions of the ext4 ioctls, with one change: we're not > > > using a flexible array member, because UUIDs will never be more than 16 > > > bytes. > > > > > > This patch adds a generic implementation of FS_IOC_GETFSUUID, which > > > reads from super_block->s_uuid; FS_IOC_SETFSUUID is left for individual > > > filesystems to implement. > > > It's fine to have a generic implementation, but the filesystem should have the option to opt-in for a specific implementation. There are several examples, even with xfs and btrfs where ->s_uuid does not contain the filesystem's UUID or there is more than one uuid and ->s_uuid is not the correct one to expose to the user. A model like ioctl_[gs]etflags() looks much more appropriate and could be useful for network filesystems/FUSE as well. > > > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> > > > Cc: Christian Brauner <brauner@kernel.org> > > > Cc: Jan Kara <jack@suse.cz> > > > Cc: Dave Chinner <dchinner@redhat.com> > > > Cc: "Darrick J. Wong" <djwong@kernel.org> > > > Cc: Theodore Ts'o <tytso@mit.edu> > > > Cc: linux-fsdevel@vger.kernel.or > > > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> > > > --- > > > fs/ioctl.c | 16 ++++++++++++++++ > > > include/uapi/linux/fs.h | 16 ++++++++++++++++ > > > 2 files changed, 32 insertions(+) > > > > > > diff --git a/fs/ioctl.c b/fs/ioctl.c > > > index 76cf22ac97d7..858801060408 100644 > > > --- a/fs/ioctl.c > > > +++ b/fs/ioctl.c > > > @@ -763,6 +763,19 @@ static int ioctl_fssetxattr(struct file *file, void __user *argp) > > > return err; > > > } > > > > > > +static int ioctl_getfsuuid(struct file *file, void __user *argp) > > > +{ > > > + struct super_block *sb = file_inode(file)->i_sb; > > > + > > > + if (WARN_ON(sb->s_uuid_len > sizeof(sb->s_uuid))) > > > + sb->s_uuid_len = sizeof(sb->s_uuid); > > > > A "get"/read only ioctl should not be change superblock fields - > > this is not the place for enforcing superblock filed constraints. > > Make a helper function super_set_uuid(sb, uuid, uuid_len) for the > > filesystems to call that does all the validity checking and then > > sets the superblock fields appropriately. > > *nod* good thought... > > > > +struct fsuuid2 { > > > + __u32 fsu_len; > > > + __u32 fsu_flags; > > > + __u8 fsu_uuid[16]; > > > +}; > > > > Nobody in userspace will care that this is "version 2" of the ext4 > > ioctl. I'd just name it "fs_uuid" as though the ext4 version didn't > > ever exist. > > I considered that - but I decided I wanted the explicit versioning, > because too often we live with unfixed mistakes because versioning is > ugly, or something? > > Doing a new revision of an API should be a normal, frequent thing, and I > want to start making it a convention. > > > > > > + > > > /* extent-same (dedupe) ioctls; these MUST match the btrfs ioctl definitions */ > > > #define FILE_DEDUPE_RANGE_SAME 0 > > > #define FILE_DEDUPE_RANGE_DIFFERS 1 > > > @@ -215,6 +229,8 @@ struct fsxattr { > > > #define FS_IOC_FSSETXATTR _IOW('X', 32, struct fsxattr) > > > #define FS_IOC_GETFSLABEL _IOR(0x94, 49, char[FSLABEL_MAX]) > > > #define FS_IOC_SETFSLABEL _IOW(0x94, 50, char[FSLABEL_MAX]) > > > +#define FS_IOC_GETFSUUID _IOR(0x94, 51, struct fsuuid2) > > > +#define FS_IOC_SETFSUUID _IOW(0x94, 52, struct fsuuid2) > > > > 0x94 is the btrfs ioctl space, not the VFS space - why did you > > choose that? That said, what is the VFS ioctl space identifier? 'v', > > perhaps? > > "Promoting ioctls from fs to vfs without revising and renaming > considered harmful"... this is a mess that could have been avoided if we > weren't taking the lazy route. > > And 'v' doesn't look like it to me, I really have no idea what to use > here. Does anyone? > All the other hoisted FS_IOC_* use the original fs ioctl namespace they came from. Although it is not an actual hoist, I'd use: struct fsuuid128 { __u32 fsu_len; __u32 fsu_flags; __u8 fsu_uuid[16]; }; #define FS_IOC_GETFSUUID _IOR('f', 45, struct fsuuid128) #define FS_IOC_SETFSUUID _IOW('f', 46, struct fsuuid128) Technically, could also overload EXT4_IOC_[GS]ETFSUUID numbers because of the different type: #define FS_IOC_GETFSUUID _IOR('f', 44, struct fsuuid128) #define FS_IOC_SETFSUUID _IOW('f', 44, struct fsuuid128) and then ext4 can follow up with this patch, because as far as I can tell, the ext4 implementation is already compatible with the new ioctls. Thanks, Amir. --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -1613,8 +1613,10 @@ static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) return ext4_ioctl_setlabel(filp, (const void __user *)arg); + case FS_IOC_GETFSUUID: case EXT4_IOC_GETFSUUID: return ext4_ioctl_getuuid(EXT4_SB(sb), (void __user *)arg); + case FS_IOC_SETFSUUID: case EXT4_IOC_SETFSUUID: return ext4_ioctl_setuuid(filp, (const void __user *)arg);
On Tue, Feb 06, 2024 at 10:24:45AM +0200, Amir Goldstein wrote: > On Tue, Feb 6, 2024 at 12:49 AM Kent Overstreet > <kent.overstreet@linux.dev> wrote: > > > > On Tue, Feb 06, 2024 at 09:17:58AM +1100, Dave Chinner wrote: > > > On Mon, Feb 05, 2024 at 03:05:13PM -0500, Kent Overstreet wrote: > > > > Add a new generic ioctls for querying the filesystem UUID. > > > > > > > > These are lifted versions of the ext4 ioctls, with one change: we're not > > > > using a flexible array member, because UUIDs will never be more than 16 > > > > bytes. > > > > > > > > This patch adds a generic implementation of FS_IOC_GETFSUUID, which > > > > reads from super_block->s_uuid; FS_IOC_SETFSUUID is left for individual > > > > filesystems to implement. > > > > > > It's fine to have a generic implementation, but the filesystem should > have the option to opt-in for a specific implementation. > > There are several examples, even with xfs and btrfs where ->s_uuid > does not contain the filesystem's UUID or there is more than one > uuid and ->s_uuid is not the correct one to expose to the user. Yeah, some of you were smoking some good stuff from the stories I've been hearing... > A model like ioctl_[gs]etflags() looks much more appropriate > and could be useful for network filesystems/FUSE as well. A filesystem needs to store two UUIDs (that identify the filesystem as a whole). - Your internal UUID, which can never change because it's referenced in various other on disk data structures - Your external UUID, which identifies the filesystem to the outside world. Users want to be able to change this - which is why it has to be distinct from the internal UUID. The internal UUID must never be exposed to the outside world, and that includes the VFS; storing your private UUID in sb->s_uuid is wrong - separation of concerns. yes, I am aware of fscrypt, and yes, someone's going to have to fix that. This interface is only for the external/public UUID.
diff --git a/fs/ioctl.c b/fs/ioctl.c index 76cf22ac97d7..858801060408 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -763,6 +763,19 @@ static int ioctl_fssetxattr(struct file *file, void __user *argp) return err; } +static int ioctl_getfsuuid(struct file *file, void __user *argp) +{ + struct super_block *sb = file_inode(file)->i_sb; + + if (WARN_ON(sb->s_uuid_len > sizeof(sb->s_uuid))) + sb->s_uuid_len = sizeof(sb->s_uuid); + + struct fsuuid2 u = { .fsu_len = sb->s_uuid_len, }; + memcpy(&u.fsu_uuid[0], &sb->s_uuid, sb->s_uuid_len); + + return copy_to_user(argp, &u, sizeof(u)) ? -EFAULT : 0; +} + /* * do_vfs_ioctl() is not for drivers and not intended to be EXPORT_SYMBOL()'d. * It's just a simple helper for sys_ioctl and compat_sys_ioctl. @@ -845,6 +858,9 @@ static int do_vfs_ioctl(struct file *filp, unsigned int fd, case FS_IOC_FSSETXATTR: return ioctl_fssetxattr(filp, argp); + case FS_IOC_GETFSUUID: + return ioctl_getfsuuid(filp, argp); + default: if (S_ISREG(inode->i_mode)) return file_ioctl(filp, cmd, argp); diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index 48ad69f7722e..0389fea87db5 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -64,6 +64,20 @@ struct fstrim_range { __u64 minlen; }; +/* + * We include a length field because some filesystems (vfat) have an identifier + * that we do want to expose as a UUID, but doesn't have the standard length. + * + * We use a fixed size buffer beacuse this interface will, by fiat, never + * support "UUIDs" longer than 16 bytes; we don't want to force all downstream + * users to have to deal with that. + */ +struct fsuuid2 { + __u32 fsu_len; + __u32 fsu_flags; + __u8 fsu_uuid[16]; +}; + /* extent-same (dedupe) ioctls; these MUST match the btrfs ioctl definitions */ #define FILE_DEDUPE_RANGE_SAME 0 #define FILE_DEDUPE_RANGE_DIFFERS 1 @@ -215,6 +229,8 @@ struct fsxattr { #define FS_IOC_FSSETXATTR _IOW('X', 32, struct fsxattr) #define FS_IOC_GETFSLABEL _IOR(0x94, 49, char[FSLABEL_MAX]) #define FS_IOC_SETFSLABEL _IOW(0x94, 50, char[FSLABEL_MAX]) +#define FS_IOC_GETFSUUID _IOR(0x94, 51, struct fsuuid2) +#define FS_IOC_SETFSUUID _IOW(0x94, 52, struct fsuuid2) /* * Inode flags (FS_IOC_GETFLAGS / FS_IOC_SETFLAGS)