Re: exclusive subvolume space missing

[Tomasz Pala <gotar@polanet.pl>]

On Tue, Dec 12, 2017 at 08:50:15 +0800, Qu Wenruo wrote:

> Even without snapshot, things can easily go crazy.
> 
> This will write 128M file (max btrfs file extent size) and write it to disk.
> # xfs_io -f -c "pwrite 0 128M" -c "sync" /mnt/btrfs/file
> 
> Then, overwrite the 1~128M range.
> # xfs_io -f -c "pwrite 1M 127M" -c "sync" /mnt/btrfs/file
> 
> Guess your real disk usage, it's 127M + 128M = 255M.
> 
> The point here, if there is any reference of a file extent, the whole
> extent won't be freed, even it's only 1M of a 128M extent.

OK, /this/ is scary. I guess nocow prevents this behaviour?
I have +C chatted the file eating my space and it ceased.

> Are you pre-allocating the file before write using tools like dd?

I have no idea, this could be checked in source of http://pam-abl.sourceforge.net/
But this is plain Berkeley DB (5.3 in my case)... which scarries me even
more:

$  rpm -q --what-requires 'libdb-5.2.so()(64bit)' 'libdb-5.3.so()(64bit)' | wc -l
14

#  ipoldek desc -B db5.3
Package:        db5.3-5.3.28.0-4.x86_64
Required(by):   apache1-base, apache1-mod_ssl, apr-util-dbm-db,
bogofilter, 
    c-icap, c-icap-srv_url_check, courier-authlib, 
    courier-authlib-authuserdb, courier-imap, courier-imap-common, 
    cyrus-imapd, cyrus-imapd-libs, cyrus-sasl, cyrus-sasl-sasldb, 
    db5.3-devel, db5.3-utils, dnshistory, dsniff, evolution-data-server, 
    evolution-data-server-libs, exim, gda-db, ggz-server, 
    heimdal-libs-common, hotkeys, inn, inn-libs, isync, jabberd, jigdo, 
    jigdo-gtk, jnettop, libetpan, libgda3, libgda3-devel, libhome, libqxt, 
    libsolv, lizardfs-master, maildrop, moc, mutt, netatalk, nss_updatedb, 
    ocaml-dbm, opensips, opensmtpd, pam-pam_abl, pam-pam_ccreds, perl-BDB, 
    perl-BerkeleyDB, perl-BerkeleyDB, perl-DB_File, perl-URPM, 
    perl-cyrus-imapd, php4-dba, php52-dba, php53-dba, php54-dba, php55-dba, 
    php56-dba, php70-dba, php70-dba, php71-dba, php71-dba, php72-dba, 
    php72-dba, postfix, python-bsddb, python-modules, python3-bsddb3, 
    redland, ruby-modules, sendmail, squid-session_acl, 
    squid-time_quota_acl, squidGuard, subversion-libs, swish-e, tomoe-svn, 
    webalizer-base, wwwcount

OK, not much of user-applications here, as they mostly use sqlite.
I wonder how this one db-library behaves:

$  find . -name \*.sqlite | xargs ls -gGhS | head -n1
-rw-r--r-- 1  15M 2017-12-08 12:14 ./.mozilla/firefox/vni9ojqi.default/extension-data/ublock0.sqlite

$  ~/fiemap ./.mozilla/firefox/*.default/extension-data/ublock0.sqlite | head -n1
File ./.mozilla/firefox/vni9ojqi.default/extension-data/ublock0.sqlite has 128 extents:


At least every $HOME/{.{,c}cache,tmp} should be +C...

> And if possible, use nocow for this file.

Actually, this should be officially advised to use +C for entire /var tree and
every other tree that might be exposed for hostile write patterns, like /home
or /tmp (if held on btrfs).

I'd say, that from security point of view the nocow should be default,
unless specified for mount or specific file... Currently, if I mount
with nocow, there is no way to whitelist trusted users or secure
location, and until btrfs-specific options could be handled per
subvolume, there is really no alternative.


-- 
Tomasz Pala <gotar@pld-linux.org>