get_seconds() returns an unsigned long can overflow on some architectures and is deprecated because of that. In cachefs, we cast that number to a a 32-bit integer, which will overflow in year 2106 on all architectures.
The overflow probably isn't harmful in the end, since the timestamps are only used to make the file names unique, but they don't strictly have to be in monotonically increasing order. Moving to ktime_get_real_seconds() avoids the deprecated interface, the question is whether we should still truncate to 32 bits.
In this patch, I decided to not overflow, but instead to extend the file names using the 64-bit timestamp, so they will be 17 characters after 2106 rather than 16.
Signed-off-by: Arnd Bergmann arnd@arndb.de --- fs/cachefiles/namei.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c index ab0bbe93b398..5705e29d4506 100644 --- a/fs/cachefiles/namei.c +++ b/fs/cachefiles/namei.c @@ -297,7 +297,7 @@ static int cachefiles_bury_object(struct cachefiles_cache *cache, { struct dentry *grave, *trap; struct path path, path_to_graveyard; - char nbuffer[8 + 8 + 1]; + char nbuffer[16 + 8 + 1]; int ret;
_enter(",'%pd','%pd'", dir, rep); @@ -336,8 +336,8 @@ static int cachefiles_bury_object(struct cachefiles_cache *cache,
try_again: /* first step is to make up a grave dentry in the graveyard */ - sprintf(nbuffer, "%08x%08x", - (uint32_t) get_seconds(), + sprintf(nbuffer, "%08llx%08x", + (uint64_t) ktime_get_real_seconds(), (uint32_t) atomic_inc_return(&cache->gravecounter));
/* do the multiway lock magic */
Arnd Bergmann arnd@arndb.de wrote:
- sprintf(nbuffer, "%08x%08x",
(uint32_t) get_seconds(),
- sprintf(nbuffer, "%08llx%08x",
(uint64_t) ktime_get_real_seconds(),
It's not necessary to expand the 'time' field of the name. It's not interpreted by userspace, it's just there to prevent collisions when moving directories about. If your cache goes weird in the future because there was a collision with an object that was moved to the graveyard 68 years ago and not cleaned up, then that's probably a bug in cachefilesd.
But I've no objection to using ktime_get_real_seconds() and truncating the value.
David
On Wed, Jun 20, 2018 at 12:58 PM, David Howells dhowells@redhat.com wrote:
Arnd Bergmann arnd@arndb.de wrote:
sprintf(nbuffer, "%08x%08x",(uint32_t) get_seconds(),
sprintf(nbuffer, "%08llx%08x",(uint64_t) ktime_get_real_seconds(),It's not necessary to expand the 'time' field of the name. It's not interpreted by userspace, it's just there to prevent collisions when moving directories about. If your cache goes weird in the future because there was a collision with an object that was moved to the graveyard 68 years ago and not cleaned up, then that's probably a bug in cachefilesd.
But I've no objection to using ktime_get_real_seconds() and truncating the value.
Ok, fair enough. I was mainly worried about what might happen when the file names stop being strictly sorted in numerical order by their creation time. If that is not a problem, I'll send the simpler patch to use lower_32_bits(ktime_get_real_seconds()) for clarity.
Arnd
Arnd Bergmann arnd@arndb.de wrote:
But I've no objection to using ktime_get_real_seconds() and truncating the value.
Ok, fair enough. I was mainly worried about what might happen when the file names stop being strictly sorted in numerical order by their creation time. If that is not a problem, I'll send the simpler patch to use lower_32_bits(ktime_get_real_seconds()) for clarity.
That's not a problem. Everything copied into that directory is to be deleted asap.
David
-
Arnd Bergmann -
David Howells