From: Eric Sandeen <sandeen@redhat.com>
To: Qu Wenruo <quwenruo@cn.fujitsu.com>,
fsdevel <linux-fsdevel@vger.kernel.org>
Cc: btrfs <linux-btrfs@vger.kernel.org>,
linux-ext4@vger.kernel.org, xfs@oss.sgi.com
Subject: Re: Ideas on unified real-ro mount option across all filesystems
Date: Wed, 16 Dec 2015 21:15:59 -0600 [thread overview]
Message-ID: <567228EF.80007@redhat.com> (raw)
In-Reply-To: <567212DA.8050808@cn.fujitsu.com>
<xfs list address fixed>
On 12/16/15 7:41 PM, Qu Wenruo wrote:
> Hi,
>
> In a recent btrfs patch, it is going to add a mount option to disable
> log replay for btrfs, just like "norecovery" for ext4/xfs.
>
> But in the discussion on the mount option name and use case, it seems
> better to have an unified and fs independent mount option alias for
> real RO mount
>
> Reasons:
> 1) Some file system may have already used [no]"recovery" mount option
> In fact, btrfs has already used "recovery" mount option.
> Using "norecovery" mount option will be quite confusing for btrfs.
Too bad btrfs picked those semantics when "norecovery" has existed on
other filesystems for quite some time with a different meaning... :(
> 2) More straight forward mount option
> Currently, to get real RO mount, for ext4/xfs, user must use -o
> ro,norecovery.
> Just ro won't ensure real RO, and norecovery can't be used alone.
> If we have a simple alias, it would be much better for user to use.
> (it maybe done just in user space mount)
mount(8) simply says:
ro Mount the filesystem read-only.
and mount(2) is no more illustrative:
MS_RDONLY
Mount file system read-only.
kernel code is no help, either:
#define MS_RDONLY 1 /* Mount read-only */
They say nothing about what, exactly, "read-only" means. But since at least
the early ext3 days, it means that you cannot write through the filesystem, not
that the filesystem will leave the block device unmodified when it mounts.
I have always interpreted it as simply "no user changes to the filesystem,"
and that is clearly what the vfs does with the flag...
> Not to mention some fs (yeah, btrfs again) doesn't have "norecovery"
> but "nologreplay".
well, again, btrfs picked unfortunate semantics, given the precedent set
by other filesystems.
f2fs, ext4, gfs2, nilfs2, and xfs all support "norecovery" - xfs since
forever, ext4 & f2fs since 2009, etc.
> 3) A lot of user even don't now mount ro can still modify device
> Yes, I didn't know this point until I checked the log replay code of
> btrfs.
> Adding such mount option alias may raise some attention of users.
Given that nothing in the documentation implies that the block device itself
must remain unchanged on a read-only mount, I don't see any problem which
needs fixing. MS_RDONLY rejects user IO; that's all.
If you want to be sure your block device rejects all IO for forensics or
what have you, I'd suggest # blockdev --setro /dev/whatever prior to mount,
and take it out of the filesystem's control. Or better yet, making an
image and not touching the original.
-Eric
> Any ideas about this?
WARNING: multiple messages have this Message-ID (diff)
From: Eric Sandeen <sandeen@redhat.com>
To: Qu Wenruo <quwenruo@cn.fujitsu.com>,
fsdevel <linux-fsdevel@vger.kernel.org>
Cc: linux-ext4@vger.kernel.org, btrfs <linux-btrfs@vger.kernel.org>,
xfs@oss.sgi.com
Subject: Re: Ideas on unified real-ro mount option across all filesystems
Date: Wed, 16 Dec 2015 21:15:59 -0600 [thread overview]
Message-ID: <567228EF.80007@redhat.com> (raw)
In-Reply-To: <567212DA.8050808@cn.fujitsu.com>
<xfs list address fixed>
On 12/16/15 7:41 PM, Qu Wenruo wrote:
> Hi,
>
> In a recent btrfs patch, it is going to add a mount option to disable
> log replay for btrfs, just like "norecovery" for ext4/xfs.
>
> But in the discussion on the mount option name and use case, it seems
> better to have an unified and fs independent mount option alias for
> real RO mount
>
> Reasons:
> 1) Some file system may have already used [no]"recovery" mount option
> In fact, btrfs has already used "recovery" mount option.
> Using "norecovery" mount option will be quite confusing for btrfs.
Too bad btrfs picked those semantics when "norecovery" has existed on
other filesystems for quite some time with a different meaning... :(
> 2) More straight forward mount option
> Currently, to get real RO mount, for ext4/xfs, user must use -o
> ro,norecovery.
> Just ro won't ensure real RO, and norecovery can't be used alone.
> If we have a simple alias, it would be much better for user to use.
> (it maybe done just in user space mount)
mount(8) simply says:
ro Mount the filesystem read-only.
and mount(2) is no more illustrative:
MS_RDONLY
Mount file system read-only.
kernel code is no help, either:
#define MS_RDONLY 1 /* Mount read-only */
They say nothing about what, exactly, "read-only" means. But since at least
the early ext3 days, it means that you cannot write through the filesystem, not
that the filesystem will leave the block device unmodified when it mounts.
I have always interpreted it as simply "no user changes to the filesystem,"
and that is clearly what the vfs does with the flag...
> Not to mention some fs (yeah, btrfs again) doesn't have "norecovery"
> but "nologreplay".
well, again, btrfs picked unfortunate semantics, given the precedent set
by other filesystems.
f2fs, ext4, gfs2, nilfs2, and xfs all support "norecovery" - xfs since
forever, ext4 & f2fs since 2009, etc.
> 3) A lot of user even don't now mount ro can still modify device
> Yes, I didn't know this point until I checked the log replay code of
> btrfs.
> Adding such mount option alias may raise some attention of users.
Given that nothing in the documentation implies that the block device itself
must remain unchanged on a read-only mount, I don't see any problem which
needs fixing. MS_RDONLY rejects user IO; that's all.
If you want to be sure your block device rejects all IO for forensics or
what have you, I'd suggest # blockdev --setro /dev/whatever prior to mount,
and take it out of the filesystem's control. Or better yet, making an
image and not touching the original.
-Eric
> Any ideas about this?
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2015-12-17 3:16 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-17 1:41 Ideas on unified real-ro mount option across all filesystems Qu Wenruo
2015-12-17 1:58 ` Qu Wenruo
2015-12-17 3:15 ` Eric Sandeen [this message]
2015-12-17 3:15 ` Eric Sandeen
2015-12-17 3:26 ` Darrick J. Wong
2015-12-17 3:26 ` Darrick J. Wong
2015-12-17 14:35 ` Carlos E. R.
2015-12-17 14:58 ` Carlos E. R.
2015-12-17 14:08 ` Karel Zak
2015-12-17 14:08 ` Karel Zak
2015-12-18 1:29 ` Qu Wenruo
2015-12-18 1:29 ` Qu Wenruo
2015-12-18 1:29 ` Qu Wenruo
2015-12-18 2:01 ` Christoph Anton Mitterer
2015-12-18 2:01 ` Christoph Anton Mitterer
2015-12-18 2:51 ` Eric Sandeen
2015-12-18 2:51 ` Eric Sandeen
2015-12-18 4:20 ` Christoph Anton Mitterer
2015-12-18 4:20 ` Christoph Anton Mitterer
2015-12-22 1:32 ` Kai Krakow
2015-12-22 1:32 ` Kai Krakow
2015-12-22 1:32 ` Kai Krakow
2015-12-22 12:41 ` Austin S. Hemmelgarn
2015-12-23 23:22 ` Stewart Smith
2015-12-23 23:22 ` Stewart Smith
2015-12-26 22:53 ` Dave Chinner
2015-12-26 22:53 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=567228EF.80007@redhat.com \
--to=sandeen@redhat.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=quwenruo@cn.fujitsu.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.