From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EBA6EC433E0 for ; Wed, 27 May 2020 11:28:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CADAE206DF for ; Wed, 27 May 2020 11:28:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728570AbgE0L2Z (ORCPT ); Wed, 27 May 2020 07:28:25 -0400 Received: from mx2.suse.de ([195.135.220.15]:52592 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728568AbgE0L2Z (ORCPT ); Wed, 27 May 2020 07:28:25 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 78A6EAE17; Wed, 27 May 2020 11:28:26 +0000 (UTC) Received: by ds.suse.cz (Postfix, from userid 10065) id D5E36DA72D; Wed, 27 May 2020 13:27:25 +0200 (CEST) Date: Wed, 27 May 2020 13:27:25 +0200 From: David Sterba To: Qu Wenruo Cc: Johannes Thumshirn , linux-fsdevel@vger.kernel.org, linux-btrfs@vger.kernel.org, Eric Biggers , Richard Weinberger , Johannes Thumshirn Subject: Re: [PATCH v3 0/3] Add file-system authentication to BTRFS Message-ID: <20200527112725.GA18421@suse.cz> Reply-To: dsterba@suse.cz Mail-Followup-To: dsterba@suse.cz, Qu Wenruo , Johannes Thumshirn , linux-fsdevel@vger.kernel.org, linux-btrfs@vger.kernel.org, Eric Biggers , Richard Weinberger , Johannes Thumshirn References: <20200514092415.5389-1-jth@kernel.org> <5663c6ca-87d4-8a98-3338-e9a077f4c82f@gmx.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5663c6ca-87d4-8a98-3338-e9a077f4c82f@gmx.com> User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Wed, May 27, 2020 at 10:08:06AM +0800, Qu Wenruo wrote: > > Changes since v2: > > - Select CONFIG_CRYPTO_HMAC and CONFIG_KEYS (kbuild robot) > > - Fix double free in error path > > - Fix memory leak in error path > > - Disallow nodatasum and nodatacow when authetication is use (Eric) > > Since we're disabling NODATACOW usages, can we also disable the > following features? > - v1 space cache > V1 space cache uses NODATACOW file to store space cache, althouhg it > has inline csum, but it's fixed to crc32c. So attacker can easily > utilize this hole to mess space cache, and do some DoS attack. That's a good point. The v1 space cache will be phased out but it won't be in a timeframe we'll get in the authentication. At this point we don't even have a way to select v2 at mkfs time (it's work in progress though), so it would be required to switch to v2 on the first mount. > - fallocate > I'm not 100% sure about this, but since nodatacow is already a second > class citizen in btrfs, maybe not supporting fallocate is not a > strange move. Fallocate is a standard file operation, not supporting would be quite strange. What's the problem with fallocate and authentication?