diff mbox series

cachefiles: avoid deprecated get_seconds()

Message ID 20180620083339.766780-1-arnd@arndb.de
State Superseded
Headers show
Series cachefiles: avoid deprecated get_seconds() | expand

Commit Message

Arnd Bergmann June 20, 2018, 8:31 a.m. UTC
get_seconds() returns an unsigned long can overflow on some architectures
and is deprecated because of that. In cachefs, we cast that number to
a a 32-bit integer, which will overflow in year 2106 on all architectures.

The overflow probably isn't harmful in the end, since the timestamps are
only used to make the file names unique, but they don't strictly have to
be in monotonically increasing order. Moving to ktime_get_real_seconds()
avoids the deprecated interface, the question is whether we should still
truncate to 32 bits.

In this patch, I decided to not overflow, but instead to extend the
file names using the 64-bit timestamp, so they will be 17 characters
after 2106 rather than 16.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>

---
 fs/cachefiles/namei.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

-- 
2.9.0

Comments

David Howells June 20, 2018, 10:58 a.m. UTC | #1
Arnd Bergmann <arnd@arndb.de> wrote:

> -	sprintf(nbuffer, "%08x%08x",

> -		(uint32_t) get_seconds(),

> +	sprintf(nbuffer, "%08llx%08x",

> +		(uint64_t) ktime_get_real_seconds(),


It's not necessary to expand the 'time' field of the name.  It's not
interpreted by userspace, it's just there to prevent collisions when moving
directories about.  If your cache goes weird in the future because there was a
collision with an object that was moved to the graveyard 68 years ago and not
cleaned up, then that's probably a bug in cachefilesd.

But I've no objection to using ktime_get_real_seconds() and truncating the
value.

David
Arnd Bergmann June 20, 2018, 12:03 p.m. UTC | #2
On Wed, Jun 20, 2018 at 12:58 PM, David Howells <dhowells@redhat.com> wrote:
> Arnd Bergmann <arnd@arndb.de> wrote:

>

>> -     sprintf(nbuffer, "%08x%08x",

>> -             (uint32_t) get_seconds(),

>> +     sprintf(nbuffer, "%08llx%08x",

>> +             (uint64_t) ktime_get_real_seconds(),

>

> It's not necessary to expand the 'time' field of the name.  It's not

> interpreted by userspace, it's just there to prevent collisions when moving

> directories about.  If your cache goes weird in the future because there was a

> collision with an object that was moved to the graveyard 68 years ago and not

> cleaned up, then that's probably a bug in cachefilesd.

>

> But I've no objection to using ktime_get_real_seconds() and truncating the

> value.


Ok, fair enough. I was mainly worried about what might happen when the
file names stop being strictly sorted in numerical order by their creation
time. If that is not a problem, I'll send the simpler patch to use
lower_32_bits(ktime_get_real_seconds()) for clarity.

       Arnd
David Howells June 20, 2018, 12:18 p.m. UTC | #3
Arnd Bergmann <arnd@arndb.de> wrote:

> > But I've no objection to using ktime_get_real_seconds() and truncating the

> > value.

> 

> Ok, fair enough. I was mainly worried about what might happen when the

> file names stop being strictly sorted in numerical order by their creation

> time. If that is not a problem, I'll send the simpler patch to use

> lower_32_bits(ktime_get_real_seconds()) for clarity.


That's not a problem.  Everything copied into that directory is to be deleted
asap.

David
diff mbox series

Patch

diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
index ab0bbe93b398..5705e29d4506 100644
--- a/fs/cachefiles/namei.c
+++ b/fs/cachefiles/namei.c
@@ -297,7 +297,7 @@  static int cachefiles_bury_object(struct cachefiles_cache *cache,
 {
 	struct dentry *grave, *trap;
 	struct path path, path_to_graveyard;
-	char nbuffer[8 + 8 + 1];
+	char nbuffer[16 + 8 + 1];
 	int ret;
 
 	_enter(",'%pd','%pd'", dir, rep);
@@ -336,8 +336,8 @@  static int cachefiles_bury_object(struct cachefiles_cache *cache,
 
 try_again:
 	/* first step is to make up a grave dentry in the graveyard */
-	sprintf(nbuffer, "%08x%08x",
-		(uint32_t) get_seconds(),
+	sprintf(nbuffer, "%08llx%08x",
+		(uint64_t) ktime_get_real_seconds(),
 		(uint32_t) atomic_inc_return(&cache->gravecounter));
 
 	/* do the multiway lock magic */