From: "Lukáš Czerner" <lczerner@redhat.com>
To: "Theodore Ts'o" <tytso@mit.edu>
Cc: Dave Chinner <david@fromorbit.com>, JP Abgrall <jpa@google.com>,
Eric Sandeen <sandeen@redhat.com>,
linux-ext4@vger.kernel.org, Geremy Condra <gcondra@google.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] ext4: Add support for SFITRIM, an ioctl for secure FITRIM.
Date: Tue, 17 Jun 2014 15:00:40 +0200 (CEST) [thread overview]
Message-ID: <alpine.LFD.2.00.1406171449000.2148@localhost.localdomain> (raw)
In-Reply-To: <20140617124629.GA13868@thunk.org>
[-- Attachment #1: Type: TEXT/PLAIN, Size: 2345 bytes --]
On Tue, 17 Jun 2014, Theodore Ts'o wrote:
> Date: Tue, 17 Jun 2014 08:46:29 -0400
> From: Theodore Ts'o <tytso@mit.edu>
> To: Lukáš Czerner <lczerner@redhat.com>
> Cc: Dave Chinner <david@fromorbit.com>, JP Abgrall <jpa@google.com>,
> Eric Sandeen <sandeen@redhat.com>, linux-ext4@vger.kernel.org,
> Geremy Condra <gcondra@google.com>,
> "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
> Subject: Re: [PATCH] ext4: Add support for SFITRIM,
> an ioctl for secure FITRIM.
>
> On Tue, Jun 17, 2014 at 01:55:26PM +0200, Lukáš Czerner wrote:
> >
> > I definitely agree with Dave here it is an ugly API hack. Fallocate
> > seems much more suitable for this.
> >
> > New flag FALLOC_FL_ISSUE_DISCARD which would work with
> > FALLOC_FL_PUNCH_HOLE, FALLOC_FL_ZERO_RANGE and possibly
> > FALLOC_FL_COLLAPSE_RANGE might actually be useful.
>
> I agree it would be useful to have an FL_ISSUE_DISCARD (and while
> we're at it, FL_ISSUE_SECDISCARD) as an fallocate flag. That doesn't
> obviate the usefulness of a BLKDISCARD ioctl for ext4 files, though.
>
> Something else that might be useful, and perhaps more appropriate for
> the Android use case, is to add a SECDISCARD flag to the unlinkat(2)
> system call. That way, people who want to do a "discard and then
> unlink" don't have to be forced to do an open(2), fallocate(2),
> close(2), and only *then* the unlink(2) system call.
What is the difference between -o discard mount option ? I guess
that this way you can do it selectively on certain files, but I
wonder how useful it is going to be anyway ?
Nevertheless, I think that there is a conclusion that there is no
"security" to be had with file system and SECDISCARD. And no secure
erase with this type of interface would be "secure" enough.
If they are ok with only best effort, then we can have FISTRIM ioctl
which would use the same internal file system functionality as
FITRIM but we would add a flag to be able to call sb_issue_discard()
with BLKDEV_DISCARD_SECURE flag, disable the optimization to skip
already discarded groups and call sync on the file system before we
start doing any actuall work. I wish I added flags to the FITRIM
ioctl when I created it...
If we do this though we should not add word "security" anywhere for
the use to see :)
-Lukas
>
> Cheers,
>
> - Ted
>
next prev parent reply other threads:[~2014-06-17 13:00 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1402625647-31439-1-git-send-email-jpa@google.com>
2014-06-13 2:36 ` [PATCH] ext4: Add support for SFITRIM, an ioctl for secure FITRIM Eric Sandeen
2014-06-13 3:02 ` JP Abgrall
2014-06-13 3:12 ` Eric Sandeen
2014-06-13 3:19 ` JP Abgrall
2014-06-13 3:24 ` Eric Sandeen
2014-06-13 4:37 ` JP Abgrall
2014-06-13 3:15 ` Dave Chinner
2014-06-13 3:30 ` Dave Chinner
2014-06-13 4:37 ` JP Abgrall
2014-06-13 5:07 ` Dave Chinner
2014-06-13 14:20 ` Theodore Ts'o
2014-06-13 14:31 ` Theodore Ts'o
2014-06-13 19:44 ` JP Abgrall
2014-06-13 19:57 ` Eric Sandeen
2014-06-13 20:12 ` JP Abgrall
2014-06-13 23:41 ` Theodore Ts'o
2014-06-14 0:46 ` JP Abgrall
2014-06-17 2:49 ` Dave Chinner
2014-06-17 11:27 ` Theodore Ts'o
2014-06-17 11:55 ` Lukáš Czerner
2014-06-17 12:46 ` Theodore Ts'o
2014-06-17 13:00 ` Lukáš Czerner [this message]
2014-06-17 13:54 ` Theodore Ts'o
2014-06-17 17:53 ` JP Abgrall
2014-06-18 9:33 ` Lukáš Czerner
2014-06-18 21:51 ` JP Abgrall
2014-06-19 8:10 ` Lukáš Czerner
2014-06-18 22:06 ` Theodore Ts'o
2014-06-19 0:36 ` Dave Chinner
2014-06-19 8:15 ` Lukáš Czerner
2014-06-20 2:44 ` Martin K. Petersen
2014-06-19 8:33 ` Lukáš Czerner
2014-06-17 17:35 ` JP Abgrall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.00.1406171449000.2148@localhost.localdomain \
--to=lczerner@redhat.com \
--cc=david@fromorbit.com \
--cc=gcondra@google.com \
--cc=jpa@google.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sandeen@redhat.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).