lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20131206124525.GB13931@orion.maiolino.org> Date: Fri, 6 Dec 2013 10:45:27 -0200 From: Carlos Maiolino <cmaiolino@...hat.com> To: linux-ext4@...r.kernel.org Subject: Re: xfs over thin provisioning talk Hi Ted. > > For those interested, the slides can be downloaded here: > > http://people.redhat.com/~cmaiolin/talks/XFS-dmthin.pdf > > Hi Carlos, > > Thanks for sending these slides. They are very interesting indeed. > > Lukas mentioned that you had run some tests using ext4 and it didn't > do well at all using dm-thin? Given that we're not doing proper raid > strip alignment in our allocation decisions, that's not too > surprising, but it would be useful if there are other things that we > should do in order to do a better job working with dm-thin drives. > Ted, my apologies, when I ran the tests over ext4, I didn't save the results since I wasn't going to compare ext4 and xfs, and I really didn't think about it might be useful. > One other question --- in your conclusion you say: > > Bypassing block zeroing while provisioning blocks adds a significant > boost to the dm-thin performance, but, it can induce a security > breach, at the risk of exposing stale data > > This might be true if you are directly giving dm-thin volumes to > mutually suspicious VM's with different trust boundaries. But if you > trust the file system, and the dm-thin devices are mediated by the a > file system running in the same context as the dm-thin volumes, there > wouldn't be any security issue, correct? > Yes, you're correct, if you trust who is using the block device and it's not 'public' like you said (a block device given to a VM, like a public VM host , amazon for example), there is no security issue. Although, dm-thin should have an algorithm to bypass the block device zeroing step in case you're writing a whole block. But, at the time of my talk, it was buggy :) > Cheers, > > - Ted > -- > To unsubscribe from this list: send the line "unsubscribe linux-ext4" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Carlos -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists