Re: [PATCH 2/3] enhanced syscall ESTALE error handling (v2)

From: Peter Staubach
Date: Fri Feb 01 2008 - 17:31:11 EST

Next message: Sam Ravnborg: "Re: Are Section mismatches out of control?"
Previous message: Andrew Morton: "Re: [PATCH 12/12] Deprecate the find_task_by_pid"
In reply to: Miklos Szeredi: "Re: [PATCH 2/3] enhanced syscall ESTALE error handling (v2)"
Next in thread: Miklos Szeredi: "Re: [PATCH 2/3] enhanced syscall ESTALE error handling (v2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Miklos Szeredi wrote:

This doesn't apply to -mm, because the ro-mounts stuff touches a lot
of the same places as this patch. You probably need to rebase this on
top of those changes.

This patch adds handling for the error, ESTALE, to the system
calls which take pathnames as arguments. The algorithm used
is to detect that an ESTALE error has occurred during an
operation subsequent to the lookup process and then to unwind
appropriately and then to perform the lookup process again.
Eventually, either the lookup process will return an error
or a valid dentry/inode combination and then operation can
succeed or fail based on its own merits.

If a broken NFS server or FUSE filesysem keeps returning ESTALE, this
goes into an infinite loop. How are we planning to deal with that?

Would you describe the situation that would cause the kernel to
go into an infinite loop, please?

The patch basically does:

do {
...
error = inode->i_op->foo()
...
} while (error == ESTALE);

What is the guarantee, that ->foo() will not always return ESTALE?

You skimmed over some stuff, like the pathname lookup component
contained in the first set of dots...

I can't guarantee that ->foo() won't always return ESTALE.

That said, the loop is not unbreakable. At least for NFS, a signal
to the process will interrupt the loop because the error returned
will change from ESTALE to EINTR.

These changes include the base assumption that the components of
the underlying file system are basically reliable, that there is
a way to deal with bugs and/or malicious entities in the short
term, and that these things will be dealt with appropriately
in the longer term.

The short term resolution is a signal. The longer term fix is
to hunt down the bug or the malicious entity and either make it
go away or fence it off via some security measure or another to
prevent it from causing another problem.

If the underlying file system is the type that could potentially
return ESTALE, then it needs to be aware of the system architecture
and handle things appropriately.

Thanx...

ps
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sam Ravnborg: "Re: Are Section mismatches out of control?"
Previous message: Andrew Morton: "Re: [PATCH 12/12] Deprecate the find_task_by_pid"
In reply to: Miklos Szeredi: "Re: [PATCH 2/3] enhanced syscall ESTALE error handling (v2)"
Next in thread: Miklos Szeredi: "Re: [PATCH 2/3] enhanced syscall ESTALE error handling (v2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]