Index Home About Blog
From: Linus Torvalds <torvalds@linux-foundation.org>
Newsgroups: fa.linux.kernel
Subject: Re: [PATCH -v6 2/2] Updating ctime and mtime for memory-mapped
Date: Fri, 18 Jan 2008 19:37:51 UTC
Message-ID: <fa.RdU9NFU3pfvL7tTCyTM9Qd4TDO4@ifi.uio.no>

On Fri, 18 Jan 2008, Miklos Szeredi wrote:
>
> What I'm saying is that the times could be left un-updated for a long
> time if program doesn't do munmap() or msync(MS_SYNC) for a long time.

Sure.

But in those circumstances, the programmer cannot depend on the mtime
*anyway* (because there is no synchronization), so what's the downside?

Let's face it, there's exactly three possible solutions:

 - the insane one: trap EVERY SINGLE instruction that does a write to the
   page, and update mtime each and every time.

   This one is so obviously STUPID that it's not even worth discussing
   further, except to say that "yes, there is an 'exact' algorithm, but
   no, we are never EVER going to use it".

 - the non-exact solutions that don't give you mtime updates every time
   a write to the page happens, but give *some* guarantees for things that
   will update it.

   This is the one I think we can do, and the only things a programmer can
   impact using it is "msync()" and "munmap()", since no other operations
   really have any thing to do with it in a programmer-visible way (ie a
   normal "sync" operation may happen in the background and has no
   progam-relevant timing information)

   Other things *may* or may not update mtime (some filesystems - take
   most networked one as an example - will *always* update mtime on the
   server on writeback, so we cannot ever guarantee that nothing but
   msync/munmap does so), but at least we'll have a minimum set of things
   that people can depend on.

 - the "we don't care at all solutions".

   mmap(MAP_WRITE) doesn't really update times reliably after the write
   has happened (but might do it *before* - maybe the mmap() itself does).

Those are the three choices, I think. We currently approximate #3. We
*can* do #2 (and there are various flavors of it). And even *aiming* for
#1 is totally insane and stupid.

			Linus


From: Linus Torvalds <torvalds@linux-foundation.org>
Newsgroups: fa.linux.kernel
Subject: Re: [PATCH -v6 2/2] Updating ctime and mtime for memory-mapped
Date: Fri, 18 Jan 2008 22:49:17 UTC
Message-ID: <fa.b4sfEGHyq9g9LV/aMBC27WcO2vw@ifi.uio.no>

On Fri, 18 Jan 2008, Ingo Oeser wrote:
>
> Can we get "if the write to the page hits the disk, the mtime has hit the disk
> already no less than SOME_GRANULARITY before"?
>
> That is very important for computer forensics. Esp. in saving your ass!
>
> Ok, now back again to making that fast :-)

I certainly don't mind it if we have some tighter guarantees, but what I'd
want is:

 - keep it simple. Let's face it, Linux has never ever given those
   guarantees before, and it's not as if anybody has really cared. Even
   now, the issue seems to be more about paper standards conformance than
   anything else.

 - I get worried about people playing around with the dirty bit in
   particular. We have had some really rather nasty bugs here. Most of
   which are totally impossible to trigger under normal loads (for
   example the old random-access utorrent writable mmap issue from about
   a year ago).

So these two issues - the big red danger signs flashing in my brain,
coupled with the fact that no application has apparently ever really
noticed in the last 15 years - just makes it a case where I'd like each
step of the way to be obvious and simple and no larger than really
absolutely necessary.

			Linus

Index Home About Blog