From: Gustav Munkby <grddev@gmail.com>
To: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@ZenIV.linux.org.uk>, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] hfsplus: read support for directory hardlinks
Date: Wed, 04 May 2011 17:04:18 +0200 [thread overview]
Message-ID: <4DC16AF2.6010000@gmail.com> (raw)
In-Reply-To: <20110504093025.GA30023@lst.de>
On 05/04/2011 11:30 AM, Christoph Hellwig wrote:
> On Tue, May 03, 2011 at 04:11:31PM +0200, Gustav Munkby wrote:
>> On 05/02/2011 02:40 PM, Al Viro wrote:
>>> What happens to rename() with that thing? Specifically, what happens to
>>> loop detection?
>>
>> Good point.
>>
>> Since my main interest was retrieving contents of a backup, I did not much
>> consider the impact of write operations. Before the patch, the source files were
>> exposed as normal files, and the target directories as normal directories, so
>> one could easily have introduced loops with rename operations before.
>
> Given that you have the filesystem around can you clarify where the additional
> directory links live? I was under the impression they are in hidden backup
> directories not normally accessible, so there's always just one link in the
> normal namespace.
>
> The basic idea would be that we allow any kind of renames in the normal
> namespace, but disallow any kind of operation involving the time machine
> backups.
>
You are correct, the hardlink targets are all inside a hidden private directory.
And then there are hardlink sources both inside and outside this hidden
directory linking to directories inside this directory. While the hidden
directory is not directly accessible to clients, its subdirectories are through
the hardlinks.
Perhaps it was obvious to everyone else, but I just realized that it is not
enough to prevent moving the directory hardlinks themselves, but all directory
renames must be limited (or checked), since the old directory might contain a
nested directory hardlink.Disallowing renames of directories altogether is
clearly not a viable option.
The following three (somewhat overlapping) classes of renames should always be
possible without any risk for introducing loops.
1) Allow renames where target directory is an ancestor of source directory.
2) Allow renames that doesn't change the closest hardlink ancestor.
3) Allow renames into target directories without hardlinked parents.
The first check seems simple enough to implement, but the other two might
require additional locking as far as I understand. Alternatively, they could
both be implemented by adding some additional flags/data to dentry->d_fsdata.
next prev parent reply other threads:[~2011-05-04 15:04 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-29 10:20 [PATCH] hfsplus: read support for directory hardlinks Gustav Munkby
2011-05-02 8:46 ` Christoph Hellwig
2011-05-02 12:40 ` Al Viro
2011-05-03 14:11 ` Gustav Munkby
2011-05-03 14:26 ` [PATCH] hfsplus: disable rename of " Gustav Munkby
2011-05-03 17:10 ` Andreas Dilger
2011-05-03 21:29 ` Gustav Munkby
2011-05-04 9:30 ` [PATCH] hfsplus: read support for " Christoph Hellwig
2011-05-04 15:04 ` Gustav Munkby [this message]
2011-05-19 11:09 ` Christoph Hellwig
2011-05-19 15:57 ` Gustav Munkby
2011-05-20 10:30 ` [PATCH v2] hfsplus: readonly " Gustav Munkby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DC16AF2.6010000@gmail.com \
--to=grddev@gmail.com \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.