From: David Sterba <dsterba@suse.cz>
To: Qu Wenruo <wqu@suse.com>
Cc: linux-btrfs@vger.kernel.org
Subject: Re: [PATCH] btrfs: tree-checker: add btrfs dev extent checks
Date: Wed, 14 Aug 2024 01:32:35 +0200 [thread overview]
Message-ID: <20240813233235.GX25962@suse.cz> (raw)
In-Reply-To: <0d1da382-8cf1-480d-941a-9e01298e466f@suse.com>
On Wed, Aug 14, 2024 at 08:47:40AM +0930, Qu Wenruo wrote:
> > Looks like we missed some simple tree item checks indeed.
>
> The original idea is, we have btrfs_verify_dev_extents() at mount time,
> thus it's enough to reject bad dev extents, and no need for tree-checker
> for dev-extents.
>
> But this method doesn't prevent bitflip from sneaking in during runtime.
Yeah, the tree-checker is run before commit too, so the mount checks
won't catch that.
> So in the long run, our sanity checks should:
>
> - Do cross-checks at mount time for critical infrastructure
> To prevent corruption sneaking in undetected.
At mount we can afford to do more than the tree-checker can do in the
single leaf, like matching the dev extents and block groups.
> - Do in-leaf checks at tree-checker
> To prevent corruption reach storage.
>
> - Do extra read-time cross-checks
> Just like the dir item checks we did.
Some values have a clear range, or a constraint like alignment to a
sectorsize. Beyond that I think it's quite limited, we can't read other
leaves but maybe other checks against existing in-memory structures can
be done. An example, a block group item is consistent but overlaps with
one in the tree. Similar to what you do in this patch, but the bg is
already handled because of how the data is tracked. The tree-checker
coverage is pretty good so it's hard to find what else to cross-check.
next prev parent reply other threads:[~2024-08-13 23:32 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-11 5:50 [PATCH] btrfs: tree-checker: add btrfs dev extent checks Qu Wenruo
2024-08-13 23:11 ` David Sterba
2024-08-13 23:17 ` Qu Wenruo
2024-08-13 23:32 ` David Sterba [this message]
2024-08-15 5:17 ` Anand Jain
2024-08-15 12:25 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240813233235.GX25962@suse.cz \
--to=dsterba@suse.cz \
--cc=linux-btrfs@vger.kernel.org \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox