From: Christoph Anton Mitterer <calestyo@scientia.net>
To: Chris Mason <clm@fb.com>
Cc: Hugo Mills <hugo@carfax.org.uk>,
"Austin S. Hemmelgarn" <ahferroin7@gmail.com>,
Chris Murphy <lists@colorremedies.com>,
Btrfs BTRFS <linux-btrfs@vger.kernel.org>
Subject: Re: attacking btrfs filesystems via UUID collisions?
Date: Wed, 16 Dec 2015 16:04:03 +0100 [thread overview]
Message-ID: <1450278243.5570.10.camel@scientia.net> (raw)
In-Reply-To: <20151216144132.GE6322@ret.masoncoding.com>
[-- Attachment #1: Type: text/plain, Size: 1682 bytes --]
On Wed, 2015-12-16 at 09:41 -0500, Chris Mason wrote:
> Hugo is right here. reiserfs had tools that would scan and entire
> block
> device for metadata blocks and try to reconstruct the filesystem
> based
> on what it found.
Creepy... at least when talking about a "normal" fsck... good that
btrfs is going to be the next-gen-ext, and not reiser4 ;)
> Adding UUIDs doesn't make that whole class of problem go away (you
> could
> have an image of the filesystem inside that filesystem), but it does
> make it dramatically less likely.
Sure...
> > Does anyone know whether btrfsck (or other userland) tools do such
> > things? I.e. search more or less arbitrary blocks, where it cannot
> > be
> > sure it's *not* data, for what it would interpret as meta-data
> > subsequently?
>
> These are emergency tools, btrfs restore and find-roots can do some
> scanning. We don't do it the way reiserfs did because it would be
> very
> difficult to reconstruct shared data and metadata from snapshots.
Hmm I agree, that it's valid for such tools, to do these kinds of scans
(i.e. scan for meta-data in places that are not known for sure to be
meta-data) when doing some last-resort-rescue tries... or for rescue
operations, where it's clearly documented that this is done.
But I think it shouldn't happen e.g. during a normal fsck - only when
special options are given.
And it should be properly documented (i.e. telling people in the docs,
that this does a block for block scan for meta-data even within normal
data, and that if they'd had e.g. another fs of the same UUIDs within,
the results may be completely bogus.
Cheers,
Chris.
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5313 bytes --]
next prev parent reply other threads:[~2015-12-16 15:04 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-04 12:05 Subvolume UUID, data corruption? S.J
2015-12-04 13:07 ` Hugo Mills
2015-12-05 3:28 ` Christoph Anton Mitterer
2015-12-05 5:52 ` attacking btrfs filesystems via UUID collisions? (was: Subvolume UUID, data corruption?) Christoph Anton Mitterer
2015-12-05 12:01 ` Subvolume UUID, data corruption? Hugo Mills
2015-12-06 1:51 ` attacking btrfs filesystems via UUID collisions? (was: Subvolume UUID, data corruption?) Christoph Anton Mitterer
2015-12-11 12:33 ` Subvolume UUID, data corruption? Austin S. Hemmelgarn
2015-12-05 13:19 ` Duncan
2015-12-06 1:51 ` attacking btrfs filesystems via UUID collisions? (was: Subvolume UUID, data corruption?) Christoph Anton Mitterer
2015-12-06 4:06 ` Duncan
2015-12-09 5:07 ` Christoph Anton Mitterer
2015-12-09 11:54 ` Duncan
2015-12-06 14:34 ` attacking btrfs filesystems via UUID collisions? Qu Wenruo
2015-12-06 20:55 ` Chris Murphy
2015-12-09 5:39 ` Christoph Anton Mitterer
2015-12-09 21:48 ` S.J.
2015-12-10 12:08 ` Austin S Hemmelgarn
2015-12-10 12:41 ` Hugo Mills
2015-12-10 12:57 ` S.J.
2015-12-10 19:42 ` Chris Murphy
2015-12-11 22:21 ` Christoph Anton Mitterer
2015-12-11 22:32 ` Christoph Anton Mitterer
2015-12-11 23:06 ` Chris Murphy
2015-12-12 1:34 ` S.J.
2015-12-14 0:28 ` Christoph Anton Mitterer
2015-12-14 0:27 ` Christoph Anton Mitterer
2015-12-14 13:23 ` Austin S. Hemmelgarn
2015-12-14 21:26 ` Chris Murphy
2015-12-15 0:35 ` Christoph Anton Mitterer
2015-12-15 13:54 ` Austin S. Hemmelgarn
2015-12-15 14:18 ` Hugo Mills
2015-12-15 14:27 ` Austin S. Hemmelgarn
2015-12-15 14:42 ` Hugo Mills
2015-12-15 16:03 ` Austin S. Hemmelgarn
2015-12-16 12:14 ` Christoph Anton Mitterer
2015-12-16 12:10 ` Christoph Anton Mitterer
2015-12-16 12:03 ` Christoph Anton Mitterer
2015-12-16 14:41 ` Chris Mason
2015-12-16 15:04 ` Christoph Anton Mitterer [this message]
2015-12-17 3:25 ` Duncan
2015-12-18 0:56 ` Christoph Anton Mitterer
2015-12-22 2:13 ` Kai Krakow
2015-12-16 12:03 ` Christoph Anton Mitterer
2015-12-17 2:43 ` Duncan
2015-12-15 0:08 ` Christoph Anton Mitterer
2015-12-15 14:19 ` Austin S. Hemmelgarn
2015-12-16 12:56 ` Christoph Anton Mitterer
2015-12-14 20:55 ` Chris Murphy
2015-12-15 0:22 ` Christoph Anton Mitterer
2015-12-11 23:14 ` Eric Sandeen
2015-12-11 22:06 ` Christoph Anton Mitterer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1450278243.5570.10.camel@scientia.net \
--to=calestyo@scientia.net \
--cc=ahferroin7@gmail.com \
--cc=clm@fb.com \
--cc=hugo@carfax.org.uk \
--cc=linux-btrfs@vger.kernel.org \
--cc=lists@colorremedies.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.