From: Theodore Ts'o <tytso@mit.edu>
To: George Spelvin <linux@horizon.com>
Cc: thomas_reardon@hotmail.com, linux-ext4@vger.kernel.org
Subject: Re: [RFC] mke2fs -E hash_alg=siphash: any interest?
Date: Mon, 22 Sep 2014 13:09:03 -0400 [thread overview]
Message-ID: <20140922170903.GC4572@thunk.org> (raw)
In-Reply-To: <20140922023105.16748.qmail@ns.horizon.com>
On Sun, Sep 21, 2014 at 10:31:05PM -0400, George Spelvin wrote:
>
> Yes. It's the standard hash collision attack: if someone can force too
> many hash collisions, they can force the hash tree to have pessimal
> performance, including excessive disk space allocation in an attempt to
> split directory pages.
>
> In fact, I'm not sure if the code copes with more than 4096 bytes of
> directory entry with a single hash value or it will cause some sort of
> error.
It does cope correctly, but it means that we degrade to doing a linear
search. At one point we had a test where we forced the hash algorithm
to always return "42" to check those code paths.
The real problem is that the htree implementation only supports a tree
dpeth of at most two levels, and it doesn't support collapsing the
tree to reduce space after deleting a large number of files.
The first would require making a compatibility-impacting change; the
second one would not necessarily require that, but it's also not
entirely trivial. We've gotten away with not making any changes here,
partially because using a keyed hash allows us to avoid intentional
attempts to hit those corner cases.
If someone was interested in doing some work in that space, there is
definitely room where we could improve there.
Cheers,
- Ted
next prev parent reply other threads:[~2014-09-22 17:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-21 9:53 [RFC] mke2fs -E hash_alg=siphash: any interest? George Spelvin
2014-09-21 17:55 ` Theodore Ts'o
2014-09-21 21:04 ` linux
2014-09-21 22:08 ` TR Reardon
2014-09-22 2:31 ` George Spelvin
2014-09-22 17:09 ` Theodore Ts'o [this message]
2014-09-22 23:14 ` George Spelvin
2014-09-22 1:17 ` Theodore Ts'o
2014-09-23 22:25 ` Andreas Dilger
2014-09-23 23:00 ` George Spelvin
2014-09-23 23:22 ` Theodore Ts'o
2014-09-24 0:37 ` George Spelvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140922170903.GC4572@thunk.org \
--to=tytso@mit.edu \
--cc=linux-ext4@vger.kernel.org \
--cc=linux@horizon.com \
--cc=thomas_reardon@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).