tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: fs-independent quotas



On Tue, Nov 15, 2011 at 01:39:10PM -0500, Thor Lancelot Simon wrote:
> On Tue, Nov 15, 2011 at 11:54:12AM +0100, Manuel Bouyer wrote:
> > 
> > An error is still better than a crash.
> 
> Why is a text-based format inherently less likely to cause a crash?

Because you use standard convertion functions, which reports an
error if the text format doesn't have the proper structure, or if
and expected key is not found.

> 
> Do we expect NetBSD developers to be checking in handlers for
> functionally equivalent binary formats that are *more* likely to cause
> a crash if invalid data are presented?  That does not seem good.

If you pass e.g. a string to the legacy quotactl syscall instead of the
required data structure, the kernel won't notice and will use the bogus data.

> 
> Whether text or binary, the data have to be validated before being
> used.  Text or binary, code that doesn't do that is simply buggy.

But it's easier to validate a text format than a binary one.

> 
> > And I still think a text-based format is better than a binary format for
> > backward compatibility.
> 
> I think that if we aren't _actually_ going to provide backward
> compatibility in some way _now_, it doesn't matter.  Either way, to
> actually get sane semantics, versioning is required.

The actual quotactl interface has a version number embeeded, for this reason.
But, for example, some fields can be added to the strucure without changing
the version number. The consumer will just notice if the new field is
present or not and real with it; this provides backward and forward
compat (older consumers will just ignore the new fields).
This is somethig you can't do with a binary format.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--


Home | Main Index | Thread Index | Old Index