From: Christoph Hellwig <hch@lst.de>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: Andrey Albershteyn <aalbersh@redhat.com>,
Christoph Hellwig <hch@lst.de>,
linux-xfs@vger.kernel.org, david@fromorbit.com,
Andrey Albershteyn <aalbersh@kernel.org>
Subject: Re: [RFC] Directly mapped xattr data & fs-verity
Date: Thu, 9 Jan 2025 08:44:03 +0100 [thread overview]
Message-ID: <20250109074403.GA18326@lst.de> (raw)
In-Reply-To: <20250109073908.GL1387004@frogsfrogsfrogs>
On Wed, Jan 08, 2025 at 11:39:08PM -0800, Darrick J. Wong wrote:
> > >
> > > Maybe we can used it for $HANDWAVE is not a good idea.
> >
> > > Hash based verification works poorly for mutable files, so we'd
> > > rather have a really good argument for that.
> >
> > hmm, why? Not sure I have an understanding of this
>
> Me neither. I can see how you might design file data block checksumming
> to be basically an array of u32 crc[nblocks][2]. Then if you turned on
> stable folios for writeback, the folio contents can't change so you can
> compute the checksum of the new data, run a transaction to set
> crc[nblock][0] to the old checksum; crc[nblock][1] to the new checksum;
> and only then issue the writeback bio.
Are you (plural) talking about hash based integrity protection ala
fsverity or checksums. While they look similar in some way those are
totally different things! If we're talking about "simple" data
checksums both post-EOF data blocks and xattrs are really badly wrong,
as the checksum need to be assigned with the physical block due to
reflinks, not the file. The natural way to implement them for XFS
if we really wanted them would be a new per-AG/RTG metabtree that
is indexed by the agblock/rgblock.
> But I don't think that works if you crash. At least one of the
> checksums might be right if the device doesn't tear the write, but that
> gets us tangled up in the untorn block writes patches. If the device
> does not guarantee untorn writes, then you probably have to do it the
> way the other checksumming fses do it -- write to a new location, then
> run a transaction to store the checksum and update the file mapping.
Yes. That's why for data checksums you'd always need to either write
out of place (as with the pending zoned allocator) or work with intent /
intent done items. That's assuming you can't offload the atomicy to the
device by uisng T10 PI or at least per-block metadata that stores the
checksum. Which would also remove the need for any new file system
data struture, but require enterprise hardware that supports PI or
metadata.
next prev parent reply other threads:[~2025-01-09 7:44 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-29 13:33 [RFC] Directly mapped xattr data & fs-verity Andrey Albershteyn
2024-12-29 13:35 ` [PATCH] xfs: direct mapped xattrs design documentation Andrey Albershteyn
2025-01-07 1:41 ` Darrick J. Wong
2025-01-07 10:24 ` Andrey Albershteyn
2024-12-29 13:36 ` [PATCH 0/2] Introduce iomap interface to work with regions beyond EOF Andrey Albershteyn
2024-12-29 13:36 ` [PATCH 1/2] iomap: add iomap_writepages_unbound() to write " Andrey Albershteyn
2024-12-29 17:54 ` kernel test robot
2024-12-29 21:36 ` kernel test robot
2024-12-29 13:36 ` [PATCH 2/2] iomap: introduce iomap_read/write_region interface Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 00/14] Direct mapped extended attribute data Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 01/14] iomap: add wrapper to pass readpage_ctx to read path Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 02/14] iomap: add read path ioends for filesystem read verification Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 03/14] iomap: introduce IOMAP_F_NO_MERGE for non-mergable ioends Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 04/14] xfs: add incompat directly mapped xattr flag Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 05/14] libxfs: add xfs_calc_chsum() Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 06/14] libxfs: pass xfs_sb to xfs_attr3_leaf_name_remote() Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 07/14] xfs: introduce XFS_DA_OP_EMPTY Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 08/14] xfs: introduce workqueue for post read processing Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 09/14] xfs: add interface to set CRC on leaf attributes Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 10/14] xfs: introduce XFS_ATTRUPDATE_FLAGS operation Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 11/14] xfs: add interface for page cache mapped remote xattrs Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 12/14] xfs: parse both remote attr name on-disk formats Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 13/14] xfs: do not use xfs_attr3_rmt_hdr for remote value blocks for dxattr Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 14/14] xfs: enalbe XFS_SB_FEAT_INCOMPAT_DXATTR Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 00/24] fsverity integration for XFS based on direct mapped xattrs Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 01/24] fs: add FS_XFLAG_VERITY for verity files Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 02/24] fsverity: pass tree_blocksize to end_enable_verity() Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 03/24] fsverity: add tracepoints Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 04/24] fsverity: pass the new tree size and block size to ->begin_enable_verity Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 05/24] fsverity: expose merkle tree geometry to callers Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 06/24] fsverity: report validation errors back to the filesystem Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 07/24] fsverity: flush pagecache before enabling verity Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 08/24] iomap: integrate fs-verity verification into iomap's read path Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 09/24] xfs: use an empty transaction to protect xfs_attr_get from deadlocks Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 10/24] xfs: don't let xfs_bmap_first_unused overflow a xfs_dablk_t Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 11/24] xfs: add attribute type for fs-verity Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 12/24] xfs: add fs-verity ro-compat flag Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 13/24] xfs: add inode on-disk VERITY flag Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 14/24] xfs: initialize fs-verity on file open and cleanup on inode destruction Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 15/24] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 16/24] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 17/24] xfs: add fs-verity support Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 18/24] xfs: add writeback page mapping for fs-verity Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 19/24] xfs: use merkle tree offset as attr hash Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 20/24] xfs: add fs-verity ioctls Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 21/24] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 22/24] xfs: check and repair the verity inode flag state Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 23/24] xfs: report verity failures through the health system Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 24/24] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
2025-01-06 15:42 ` [RFC] Directly mapped xattr data & fs-verity Christoph Hellwig
2025-01-06 19:50 ` Darrick J. Wong
2025-01-06 20:56 ` Andrey Albershteyn
2025-01-07 16:50 ` Christoph Hellwig
2025-01-08 9:20 ` Andrey Albershteyn
2025-01-09 6:12 ` Christoph Hellwig
2025-01-09 7:39 ` Darrick J. Wong
2025-01-09 7:44 ` Christoph Hellwig [this message]
2025-01-09 17:03 ` Darrick J. Wong
2025-01-13 9:16 ` Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250109074403.GA18326@lst.de \
--to=hch@lst.de \
--cc=aalbersh@kernel.org \
--cc=aalbersh@redhat.com \
--cc=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox