statx() v3
The stat() system call, which returns metadata about a file, has a long history, having made its debut in the Version 1 Unix release in 1971. It has changed little in the following 45 years, even though the rest of the operating system has changed around it. Thus, it's unsurprising that stat() tends to fall short of current requirements. It is unable to represent much of the information relevant to files now, including generation and version numbers, file creation time, encryption status, whether they are stored on a remote server, and so on. It gives the caller no choice about which information to obtain, possibly forcing expensive operations to obtain data that the application does not need. The timestamp fields have year-2038 problems. And so on.
David Howells has been sporadically working on replacing stat() since 2010; his version 3 patch (counting since he restarted the effort earlier this year) came out on November 23. While the proposed statx() system call looks much the same as it did when we looked at it in May, there have been a few changes.
The prototype for statx() is still:
int statx(int dfd, const char *filename, unsigned atflag, unsigned mask,
struct statx *buffer);
Normally, dfd is a file descriptor identifying a directory, and filename is the name of the file of interest; that file is expected to be found relative to the given directory. If filename is passed as NULL, then dfd is interpreted as referring directly to the file being queried. Thus, statx() supersedes the functionality of both stat() and fstat().
The atflag argument modifies the behavior of the system call. It handles a couple of flags that already exist in current kernels: AT_SYMLINK_NOFOLLOW to return information about a symbolic link rather than following it, and AT_NO_AUTOMOUNT to prevent the automounting of remote filesystems. A set of new flags just for statx() controls the synchronization of data with remote servers, allowing applications to adjust the balance between I/O activity and accurate results. AT_STATX_FORCE_SYNC will force a synchronization with a remote server, even if the local kernel thinks its information is current, while AT_STATX_DONT_SYNC inhibits queries to the remote server, yielding fast results that may be out-of-date or entirely unavailable.
The atflag parameter, thus, controls what statx() will do to obtain the data; mask, instead, controls which data is obtained. The available flags here allow the application to request file permissions, type, number of links, ownership, timestamps, and more. The special value STATX_BASIC_STATS returns everything stat() would, while STATX_ALL returns everything available. Reducing the amount of information requested might reduce the amount of I/O required to execute the system call, but some reviewers worry that developers will just use STATX_ALL to avoid the need to think about it.
The final argument, buffer, contains a structure to be filled with the relevant information; in this version of the patch this structure looks like:
struct statx {
__u32 stx_mask; /* What results were written [uncond] */
__u32 stx_blksize; /* Preferred general I/O size [uncond] */
__u64 stx_attributes; /* Flags conveying information about the file [uncond] */
__u32 stx_nlink; /* Number of hard links */
__u32 stx_uid; /* User ID of owner */
__u32 stx_gid; /* Group ID of owner */
__u16 stx_mode; /* File mode */
__u16 __spare0[1];
__u64 stx_ino; /* Inode number */
__u64 stx_size; /* File size */
__u64 stx_blocks; /* Number of 512-byte blocks allocated */
__u64 __spare1[1];
struct statx_timestamp stx_atime; /* Last access time */
struct statx_timestamp stx_btime; /* File creation time */
struct statx_timestamp stx_ctime; /* Last attribute change time */
struct statx_timestamp stx_mtime; /* Last data modification time */
__u32 stx_rdev_major; /* Device ID of special file [if bdev/cdev] */
__u32 stx_rdev_minor;
__u32 stx_dev_major; /* ID of device containing file [uncond] */
__u32 stx_dev_minor;
__u64 __spare2[14]; /* Spare space for future expansion */
};
Here, stx_mask indicates which fields are actually valid; it will be the intersection of the information requested by the application and what the filesystem is able to provide. stx_attributes contains flags describing the state of the file; they indicate whether the file is compressed, encrypted, immutable, append-only, not to be included in backups, or an automount point.
The timestamp fields contain this structure:
struct statx_timestamp {
__s64 tv_sec;
__s32 tv_nsec;
__s32 __reserved;
};
The __reserved field was added in the version 3 patch as the result of one of the strongest points of disagreement in recent discussions about statx(). Dave Chinner suggested that, at some point in the future, nanosecond resolution may no longer be adequate; he said that the interface should be able to handle femtosecond timestamps. He was mostly alone on that point; other participants, such as Alan Cox, said that the speed of light will ensure that we never need timestamps below nanosecond resolution. Chinner insisted, though, so Howells added the __reserved field with the idea that it can be pressed into service should the need arise in the future.
Chinner had a number of other objections about the interface, some of which have not yet been addressed. These include the definition of the STATX_ATTR_ flags, which shadow a set of existing flags used with the FS_IOC_GETFLAGS and FS_IOC_SETFLAGS ioctl() calls. Reusing the flags allows a micro-optimization of the statx() code but, Chinner says, it perpetuates some interface mistakes made in the past. Ted Ts'o offered similar advice when reviewing a 2015 version of the patch set, but version 3 retains the same flag definitions.
The largest of Chinner's objections, though, may well be the absence of a comprehensive set of tests for statx(). This code, he said, should not go in until those tests are provided:
This position has been echoed by others (Michael Kerrisk, for example) recently. The kernel does have a long history of merging new system calls that do not work as advertised, with corresponding pain resulting later on. Howells will likely end up providing such tests, but not yet:
The rate of change of the patch set does seem to be slowing so, perhaps,
its final form is beginning to come into focus. The history of this work
suggests that it would not be wise to predict its merging in the near
future, though. The stat() system call has been with us for a
long time; it's reasonable to expect that statx() will last for
just as long. A bit of extra "bikeshedding" to get the interface right
seems understandable in that context.
| Index entries for this article | |
|---|---|
| Kernel | Filesystems/stat() |
| Kernel | System calls |
Posted Dec 1, 2016 12:18 UTC (Thu)
by tdz (subscriber, #58733)
[Link] (10 responses)
Asking more seriously, why not store the bits for sub-nano precision in the area at the end of the statx structure? There's plenty of space available. It would be harder to extract the complete time stamp from |struct statx|, but |struct timespec| could be used instead of introducing yet another time-stamp type.
Posted Dec 1, 2016 19:18 UTC (Thu)
by jlayton (subscriber, #31672)
[Link]
So I think David's approach of making _just_ a skeletal statx call that is sufficient for emulating stat is the right approach. That allows us to both debate new attributes individually, and demonstrate that the interface is indeed cleanly extendable.
Posted Dec 1, 2016 19:39 UTC (Thu)
by Tara_Li (guest, #26706)
[Link] (7 responses)
Posted Dec 1, 2016 21:06 UTC (Thu)
by excors (subscriber, #95769)
[Link] (4 responses)
(But it does seem sensible for timestamps to be at least as precise as CPU cycle counters so that you can losslessly map between them, and nanoseconds aren't good enough for that.)
Posted Apr 4, 2017 22:27 UTC (Tue)
by cwillu (guest, #67268)
[Link] (3 responses)
Posted Apr 5, 2017 15:06 UTC (Wed)
by nybble41 (subscriber, #55106)
[Link] (2 responses)
Posted Apr 5, 2017 15:19 UTC (Wed)
by nybble41 (subscriber, #55106)
[Link] (1 responses)
Strike that—this result was for an earlier calculation with a much higher dilation factor (1.0001). The rotation required for that tangential velocity would be several orders of magnitude higher. The correct velocity for a dilation of 1+10^-12 (4200 RPS @ 12mm) is only 424 m/s or about 0.00014% of light speed, which is still more than fast enough to put this concern to rest.
Posted Apr 5, 2017 17:17 UTC (Wed)
by excors (subscriber, #95769)
[Link]
But there's no need for the two parts of the chip to be in different reference frames anyway. Imagine a high-precision timestamp is encoded in a signal emitted from the exact center of the chip, which travels outwards at the speed of light and is received at two points on opposite edges of the chip a few picoseconds later. According to an observer in the same frame of reference as the chip, that signal would reach both points simultaneously (since it's travelling the same distance to both, at a constant speed). The receivers can correct for the transmission delay (based on the known speed and distances) and get perfectly synchronised high-precision timestamps across the whole chip.
Then imagine the chip is flying past you from left to right, very fast. You see the signal is emitted from the center of the chip and travels outwards at the speed of light relative to you (which is bizarre but apparently true). A few picoseconds later the chip has moved slightly to the right, so the left edge is closer to the point of emission than the right edge is. That means you'll see the signal reach the left edge of the chip first, since it has less distance to travel and its speed is the same in all directions. As far as you're concerned, the "perfectly synchronised" chip-wide timestamps are no longer synchronised - the clock on the left edge says it's noticeably later than the clock on the right edge does.
(This is with no acceleration or rotation or gravity. I won't even pretend to know anything about general relativity and what problems will occur if your chip is orbiting a small black hole, but I suspect the problems will be bad.)
There's not much point having attosecond-precision timestamps if that precision is much smaller than the uncertainty introduced by relativity.
Once you abandon the fiction of absolute time, all you really need to care about is causality - if two events occur inside each others' light cones then you want to be able to assign them distinct timestamps, where those timestamps have a total ordering that's a superset of the partial ordering of causality, and you end up with something like a Lamport timestamp.
Posted Dec 2, 2016 8:39 UTC (Fri)
by tdz (subscriber, #58733)
[Link]
I don't know what the shortest useful time frame would be. I think it makes sense to have time stamps that can represent individual clock ticks of the processor. With GHz CPUs we're already close to nano granularity. IIRC, distributed clocks require at least twice the resolution of the implemented time scale to reliably distinguish two adjacent points in time.
Posted Dec 8, 2016 13:57 UTC (Thu)
by welinder (guest, #4699)
[Link]
1s ~ 300Mm
Atom size is on the order of 100-500pm, i.e., atto second range.
See http://www.wolframalpha.com/input/?i=femto+second+times+s...
Posted Dec 4, 2016 6:04 UTC (Sun)
by markh (subscriber, #33984)
[Link]
I think they want to ensure that there is only one version of struct statx, for both 32-bit and 64-bit environments, whether off_t is 32-bit or 64-bit, whether time_t is 32-bit or 64-bit, and so on. That means that time_t, struct timespec, struct timeval, or any other type that may vary in size, cannot be used.
The alternative is to store all fields of each timestamp in separate non-adjacent fields within struct statx, but it is certainly simpler if they are together and a single pointer can be used to point to a particular timestamp.
Posted Dec 1, 2016 19:27 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link] (6 responses)
I never liked the fixed structures, even with "reserved" space. It always eventually runs out.
Posted Dec 2, 2016 6:26 UTC (Fri)
by johill (subscriber, #25196)
[Link] (3 responses)
At that point, there's little value in having tagged values - just the "make the struct bigger if userspace can deal with it" part should be enough?
Posted Dec 2, 2016 7:06 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link] (2 responses)
Also it would pose a problem only for the "GIVE ME ALL THE DATA!!!" requests, in most cases users will probably just specify a pre-determined set of tags.
Posted Dec 2, 2016 7:12 UTC (Fri)
by johill (subscriber, #25196)
[Link] (1 responses)
I think my main point was that there's no value in tagging things - the kernel will have to provide all "old" fields, even if a new field supersedes an old one, for compatibility, so the tagged data can't ever be removed. Hence, just making the struct size variable in this way should be enough.
Posted Dec 2, 2016 7:18 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Newer clients simply won't be asking for the old tag. Sure, you'd have to keep the code in the kernel to provide the old tag for the older clients but that's it.
The tagged structure can be much more flexible and predictable. This would make it easier to use them for stuff like statx_multi() to get information about multiple files at the same time.
Posted Dec 2, 2016 7:28 UTC (Fri)
by mm7323 (subscriber, #87386)
[Link] (1 responses)
But if you are having to parse tag-value lists, the code is going to be much slower on both sides. System calls already have enough overhead.
Posted Dec 2, 2016 7:30 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link]
The kernel-side would be more complicated, but I doubt it'll make a huge difference.
Posted Dec 5, 2016 12:43 UTC (Mon)
by k3ninho (subscriber, #50375)
[Link] (2 responses)
From the perspective having worked in a test-driven proprietary development shop and (in other settings) having faced down 'we don't know what this software should do' causing problems for our processes, this comment seems like terrible engineering. I understand that the drive behind contributing to free software and open source projects is that it solves a problem you have, or allows you to scratch an itch you have and, that notwithstanding, these patches are investigatory work rather than ready for production use. The idea that making a test suite would double the amount of work is a finger-in-the-air estimate, given the final form isn't mapped out and its scope estimated, and lands as a weak excuse for not making an effort.
If it takes twice as long because there are classes of bugs eliminated during the conception and design or there are issues highlighted by a test suite that subsequently are fixed, that's work to engineer a high-quality solution. If seeking comments from the mailing list changed the interfaces (it didn't between v2 and v3), then this work is investigative and in the open. But the patch seems to be settling on a final form -- and final bug count.
K3n.
Posted Dec 6, 2016 9:51 UTC (Tue)
by NAR (subscriber, #1313)
[Link] (1 responses)
Posted Dec 6, 2016 23:14 UTC (Tue)
by k3ninho (subscriber, #50375)
[Link]
That sounds right. What are we, the end-users of this patch going to do? Take it and its interface when it's not right?!?
If it is going to take another 'n' months of labour to get it to the point where there's a list of sensible users of the interfaces in terms of their reasonable insights into the working system, and that comes with shaking out the issues with each and finally understanding the end-to-end of 'system has a problem with stat()' as well as 'userspace has a problem with stat()..?
I can't imagine a world where 'release early and make no changes' is a better answer than 'release often and incrementally improve'.
Caveat: Even with a healthy set of git habits, rebasing remains something you have to stay on top of.
K3n.
statx() v3
statx() v3
statx() v3
statx() v3
statx() v3
statx() v3
statx() v3
statx() v3
statx() v3
statx() v3
1ms ~ 300km
1us ~ 300m
1ns ~ 300mm
1ps ~ 300um
1fs ~ 300nm
1as ~ 300pm
statx() v3
statx() v3
statx() v3
statx() v3
statx() v3
statx() v3
Uhmm... Why?
statx() v3
statx() v3
statx() v3
statx() v3
statx() v3