From: Goswin von Brederlow <goswin-v-b@web.de>
To: Chris Worley <worleys@gmail.com>
Cc: Goswin von Brederlow <goswin-v-b@web.de>,
LKML <linux-kernel@vger.kernel.org>,
linux-ext4@vger.kernel.org
Subject: Re: zero out blocks of freed user data for operation a virtual machine environment
Date: Tue, 26 May 2009 12:22:38 +0200 [thread overview]
Message-ID: <87ab50p3ip.fsf@frosties.localdomain> (raw)
In-Reply-To: <f3177b9e0905251023n762b815akace1ae34e643458e@mail.gmail.com> (Chris Worley's message of "Mon, 25 May 2009 11:23:05 -0600")
Chris Worley <worleys@gmail.com> writes:
> On Mon, May 25, 2009 at 7:14 AM, Goswin von Brederlow <goswin-v-b@web.de>
> wrote:
>
>
> Thomas Glanzmann <thomas@glanzmann.de> writes:
>
> > Hello Ted,
> >
> >> Yes, it does, sb_issue_discard(). So if you wanted to hook into
> this
> >> routine with a function which issued calls to zero out blocks, it
> >> would be easy to create a private patch.
> >
> > that sounds good because it wouldn't only target the most used
> > filesystem but every other filesystem that uses the interface as
> well.
> > Do you think that a tunable or configurable patch has a chance to
> hit
> > upstream as well?
> >
> > Thomas
>
>
>
>
> I could imagine a device mapper target that eats TRIM commands and
> writes out zeroes instead. That should be easy to maintain outside
> or
> inside the upstream kernel source.
>
>
> Why bother with a time-consuming performance-draining operation? There are
> devices that already support TRIM/discard commands today, and once you discard
> a block, it's completely irretrievable (you'll just get back zeros if you try
> to read that block w/o writing it after the discard).
> Chris
Because you have one of the billions of devices that don't.
Because, iirc, the specs say nothing about getting back zeros.
Because someone could read the raw data from disk and recover your
state secrets.
Because loopback don't support TRIM and compression of the image file
is much better with zeroes.
Because on a crypted device TRIM would show how much of the device is
in used while zeroing out (before crypting) would result in random
data.
Because it is fun?
So many reasons.
MfG
Goswin
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-05-26 10:22 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-24 17:00 zero out blocks of freed user data for operation a virtual machine environment Thomas Glanzmann
2009-05-24 17:15 ` Arjan van de Ven
2009-05-24 17:39 ` Thomas Glanzmann
2009-05-25 12:03 ` Theodore Tso
2009-05-25 12:34 ` Thomas Glanzmann
2009-05-25 13:14 ` Goswin von Brederlow
2009-05-25 14:01 ` Thomas Glanzmann
[not found] ` <f3177b9e0905251023n762b815akace1ae34e643458e@mail.gmail.com>
2009-05-25 17:26 ` Chris Worley
2009-05-26 10:22 ` Goswin von Brederlow [this message]
2009-05-26 16:52 ` Chris Worley
2009-05-28 19:27 ` Goswin von Brederlow
2009-05-25 3:29 ` David Newall
2009-05-25 5:26 ` Thomas Glanzmann
2009-05-25 7:48 ` Ron Yorston
2009-05-25 10:50 ` Thomas Glanzmann
2009-05-25 12:06 ` Theodore Tso
2009-05-25 21:19 ` Bill Davidsen
2009-05-26 4:45 ` Thomas Glanzmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ab50p3ip.fsf@frosties.localdomain \
--to=goswin-v-b@web.de \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=worleys@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox