All of lore.kernel.org
 help / color / mirror / Atom feed
From: Luis Henriques <lhenriques@suse.de>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: virtio-fs-list <virtio-fs@redhat.com>,
	Stefan Hajnoczi <stefanha@redhat.com>,
	qemu-devel@nongnu.org, Vivek Goyal <vgoyal@redhat.com>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: Re: [PATCH v2 0/3] virtiofsd: Add options to enable/disable posix acl
Date: Fri, 19 Feb 2021 16:15:38 +0000	[thread overview]
Message-ID: <87im6oghjp.fsf@suse.de> (raw)
In-Reply-To: <CAJfpeguanq6PEf7jd9Ur_JO7aJ0eoojs65LXb6ukhoGGb_Ccdw@mail.gmail.com> (Miklos Szeredi's message of "Fri, 19 Feb 2021 16:55:06 +0100")

Miklos Szeredi <miklos@szeredi.hu> writes:

> On Fri, Feb 19, 2021 at 3:34 PM Vivek Goyal <vgoyal@redhat.com> wrote:
>>
>> On Fri, Feb 19, 2021 at 11:50:54AM +0000, Luis Henriques wrote:
>> > Vivek Goyal <vgoyal@redhat.com> writes:
>> >
>> > > Hi,
>> > >
>> > > This is V2 of the patches. Changes since v1 are.
>> > >
>> > > - Rebased on top of latest master.
>> > > - Took care of Miklos's comments to block acl xattrs if user
>> > >   explicitly disabled posix acl.
>> > >
>> > > Luis Henriques reported that fstest generic/099 fails with virtiofs.
>> > > Little debugging showed that we don't enable acl support. So this
>> > > patch series provides option to enable/disable posix acl support. By
>> > > default it is disabled.
>> > >
>> > > I have run blogbench and pjdfstests with posix acl enabled and
>> > > things work fine.
>> > >
>> > > Luis, can you please apply these patches, and run virtiofsd with
>> > > "-o posix_acl" and see if it fixes the failure you are seeing. I
>> > > ran the steps you provided manually and it fixes the issue for
>> > > me.
>> >
>> > Sorry for the delay.  I've finally tested these patches and they indeed
>> > fix the problem I reported.  My only question about this fix is why is
>> > this option not enabled by default, since this is the documented behavior
>> > in acl(5) and umask(2)?  In fact, why is this an option at all?
>>
>> You mean why to not enable acl by default?
>>
>> I am concerned about performance drop this can lead to because extra
>> GETXATTR(system.posix_acl_*) messages which will trigger if acls are enabled.
>> And not all users might require these. That's why I preferred to not enable
>> acl by default. Those who need it can enable it explicitly.
>>
>> Another example is xattr support. Due to performance concerns, we don't
>> enable xattrs by default either.
>
> Actually generic xattr is much worse, since there's no caching for
> them currently, as opposed to posix acls, which are cached both when
> positive and negative.
>
> If we enable ACL by default in case xattrs are enabled, we should be
> safe, I think.  Having an option to disable acls still makes sense,
> but it's an optional plus.

Great, thanks for clarifying that the reason for having these options is
really for performance.

Anyway, thanks a lot for looking at this and fixing it.

Cheers,
-- 
Luis


WARNING: multiple messages have this Message-ID (diff)
From: Luis Henriques <lhenriques@suse.de>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: virtio-fs-list <virtio-fs@redhat.com>,
	qemu-devel@nongnu.org, Vivek Goyal <vgoyal@redhat.com>
Subject: Re: [Virtio-fs] [PATCH v2 0/3] virtiofsd: Add options to enable/disable posix acl
Date: Fri, 19 Feb 2021 16:15:38 +0000	[thread overview]
Message-ID: <87im6oghjp.fsf@suse.de> (raw)
In-Reply-To: <CAJfpeguanq6PEf7jd9Ur_JO7aJ0eoojs65LXb6ukhoGGb_Ccdw@mail.gmail.com> (Miklos Szeredi's message of "Fri, 19 Feb 2021 16:55:06 +0100")

Miklos Szeredi <miklos@szeredi.hu> writes:

> On Fri, Feb 19, 2021 at 3:34 PM Vivek Goyal <vgoyal@redhat.com> wrote:
>>
>> On Fri, Feb 19, 2021 at 11:50:54AM +0000, Luis Henriques wrote:
>> > Vivek Goyal <vgoyal@redhat.com> writes:
>> >
>> > > Hi,
>> > >
>> > > This is V2 of the patches. Changes since v1 are.
>> > >
>> > > - Rebased on top of latest master.
>> > > - Took care of Miklos's comments to block acl xattrs if user
>> > >   explicitly disabled posix acl.
>> > >
>> > > Luis Henriques reported that fstest generic/099 fails with virtiofs.
>> > > Little debugging showed that we don't enable acl support. So this
>> > > patch series provides option to enable/disable posix acl support. By
>> > > default it is disabled.
>> > >
>> > > I have run blogbench and pjdfstests with posix acl enabled and
>> > > things work fine.
>> > >
>> > > Luis, can you please apply these patches, and run virtiofsd with
>> > > "-o posix_acl" and see if it fixes the failure you are seeing. I
>> > > ran the steps you provided manually and it fixes the issue for
>> > > me.
>> >
>> > Sorry for the delay.  I've finally tested these patches and they indeed
>> > fix the problem I reported.  My only question about this fix is why is
>> > this option not enabled by default, since this is the documented behavior
>> > in acl(5) and umask(2)?  In fact, why is this an option at all?
>>
>> You mean why to not enable acl by default?
>>
>> I am concerned about performance drop this can lead to because extra
>> GETXATTR(system.posix_acl_*) messages which will trigger if acls are enabled.
>> And not all users might require these. That's why I preferred to not enable
>> acl by default. Those who need it can enable it explicitly.
>>
>> Another example is xattr support. Due to performance concerns, we don't
>> enable xattrs by default either.
>
> Actually generic xattr is much worse, since there's no caching for
> them currently, as opposed to posix acls, which are cached both when
> positive and negative.
>
> If we enable ACL by default in case xattrs are enabled, we should be
> safe, I think.  Having an option to disable acls still makes sense,
> but it's an optional plus.

Great, thanks for clarifying that the reason for having these options is
really for performance.

Anyway, thanks a lot for looking at this and fixing it.

Cheers,
-- 
Luis


  reply	other threads:[~2021-02-19 16:27 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-17 23:30 [PATCH v2 0/3] virtiofsd: Add options to enable/disable posix acl Vivek Goyal
2021-02-17 23:30 ` [Virtio-fs] " Vivek Goyal
2021-02-17 23:30 ` [PATCH v2 1/3] virtiofsd: Add an option to enable/disable posix acls Vivek Goyal
2021-02-17 23:30   ` [Virtio-fs] " Vivek Goyal
2021-02-18 15:04   ` Vivek Goyal
2021-02-18 15:04     ` [Virtio-fs] " Vivek Goyal
2021-02-18 19:04   ` [PATCH v2.1 " Vivek Goyal
2021-02-18 19:04     ` [Virtio-fs] " Vivek Goyal
2021-02-17 23:30 ` [PATCH v2 2/3] virtiofsd: Add umask to seccom allow list Vivek Goyal
2021-02-17 23:30   ` [Virtio-fs] " Vivek Goyal
2021-02-17 23:30 ` [PATCH v2 3/3] virtiofsd: Change umask if posix acls are enabled Vivek Goyal
2021-02-17 23:30   ` [Virtio-fs] " Vivek Goyal
2021-02-19 11:50 ` [PATCH v2 0/3] virtiofsd: Add options to enable/disable posix acl Luis Henriques
2021-02-19 11:50   ` [Virtio-fs] " Luis Henriques
2021-02-19 14:34   ` Vivek Goyal
2021-02-19 14:34     ` [Virtio-fs] " Vivek Goyal
2021-02-19 15:55     ` Miklos Szeredi
2021-02-19 15:55       ` [Virtio-fs] " Miklos Szeredi
2021-02-19 16:15       ` Luis Henriques [this message]
2021-02-19 16:15         ` Luis Henriques
2021-02-22 14:47       ` Vivek Goyal
2021-02-22 14:47         ` [Virtio-fs] " Vivek Goyal
2021-02-23 15:05   ` Luis Henriques
2021-02-23 15:05     ` [Virtio-fs] " Luis Henriques

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87im6oghjp.fsf@suse.de \
    --to=lhenriques@suse.de \
    --cc=dgilbert@redhat.com \
    --cc=miklos@szeredi.hu \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    --cc=vgoyal@redhat.com \
    --cc=virtio-fs@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.