lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140507213704.GA8923@birch.djwong.org> Date: Wed, 7 May 2014 14:37:04 -0700 From: "Darrick J. Wong" <darrick.wong@...cle.com> To: Lukáš Czerner <lczerner@...hat.com> Cc: tytso@....edu, linux-ext4@...r.kernel.org Subject: Re: [PATCH 16/37] libext2fs: support allocating uninit blocks in bmap2() On Wed, May 07, 2014 at 12:02:30PM +0200, Lukáš Czerner wrote: > On Tue, 6 May 2014, Darrick J. Wong wrote: > > > Date: Tue, 6 May 2014 12:59:38 -0700 > > From: Darrick J. Wong <darrick.wong@...cle.com> > > To: Lukáš Czerner <lczerner@...hat.com> > > Cc: tytso@....edu, linux-ext4@...r.kernel.org > > Subject: Re: [PATCH 16/37] libext2fs: support allocating uninit blocks in > > bmap2() > > > > On Tue, May 06, 2014 at 05:45:01PM +0200, Lukáš Czerner wrote: > > > On Thu, 1 May 2014, Darrick J. Wong wrote: > > > > > > > Date: Thu, 01 May 2014 16:14:07 -0700 > > > > From: Darrick J. Wong <darrick.wong@...cle.com> > > > > To: tytso@....edu, darrick.wong@...cle.com > > > > Cc: linux-ext4@...r.kernel.org > > > > Subject: [PATCH 16/37] libext2fs: support allocating uninit blocks in bmap2() > > > > > > > > In order to support fallocate, we need to be able to have > > > > ext2fs_bmap2() allocate blocks and put them into uninitialized > > > > extents. There's a flag to do this in the extent code, but it's not > > > > exposed to the bmap2 interface, so plumb that in. Eventually fuse2fs > > > > or somebody will use it. > > > > > > > > Signed-off-by: Darrick J. Wong <darrick.wong@...cle.com> > > > > --- > > > > lib/ext2fs/bmap.c | 24 ++++++++++++++++++++++-- > > > > lib/ext2fs/ext2fs.h | 1 + > > > > lib/ext2fs/mkjournal.c | 17 +++++++++++++++++ > > > > 3 files changed, 40 insertions(+), 2 deletions(-) > > > > > > > > > > > > diff --git a/lib/ext2fs/bmap.c b/lib/ext2fs/bmap.c > > > > index c1d0e6f..a4dc8ef 100644 > > > > --- a/lib/ext2fs/bmap.c > > > > +++ b/lib/ext2fs/bmap.c > > > > @@ -72,6 +72,11 @@ static _BMAP_INLINE_ errcode_t block_ind_bmap(ext2_filsys fs, int flags, > > > > block_buf + fs->blocksize, &b); > > > > if (retval) > > > > return retval; > > > > + if (flags & BMAP_UNINIT) { > > > > + retval = ext2fs_zero_blocks2(fs, b, 1, NULL, NULL); > > > > + if (retval) > > > > + return retval; > > > > + } > > > > > > > > #ifdef WORDS_BIGENDIAN > > > > ((blk_t *) block_buf)[nr] = ext2fs_swab32(b); > > > > @@ -214,10 +219,13 @@ static errcode_t extent_bmap(ext2_filsys fs, ext2_ino_t ino, > > > > errcode_t retval = 0; > > > > blk64_t blk64 = 0; > > > > int alloc = 0; > > > > + int set_flags; > > > > + > > > > + set_flags = bmap_flags & BMAP_UNINIT ? EXT2_EXTENT_SET_BMAP_UNINIT : 0; > > > > > > > > if (bmap_flags & BMAP_SET) { > > > > retval = ext2fs_extent_set_bmap(handle, block, > > > > - *phys_blk, 0); > > > > + *phys_blk, set_flags); > > > > return retval; > > > > } > > > > retval = ext2fs_extent_goto(handle, block); > > > > @@ -254,7 +262,7 @@ got_block: > > > > alloc++; > > > > set_extent: > > > > retval = ext2fs_extent_set_bmap(handle, block, > > > > - blk64, 0); > > > > + blk64, set_flags); > > > > if (retval) { > > > > ext2fs_block_alloc_stats2(fs, blk64, -1); > > > > return retval; > > > > @@ -345,6 +353,12 @@ errcode_t ext2fs_bmap2(ext2_filsys fs, ext2_ino_t ino, struct ext2_inode *inode, > > > > goto done; > > > > } > > > > > > > > + if ((bmap_flags & BMAP_SET) && (bmap_flags & BMAP_UNINIT)) { > > > > + retval = ext2fs_zero_blocks2(fs, *phys_blk, 1, NULL, NULL); > > > > + if (retval) > > > > + goto done; > > > > + } > > > > + > > > > if (block < EXT2_NDIR_BLOCKS) { > > > > if (bmap_flags & BMAP_SET) { > > > > b = *phys_blk; > > > > @@ -360,6 +374,12 @@ errcode_t ext2fs_bmap2(ext2_filsys fs, ext2_ino_t ino, struct ext2_inode *inode, > > > > retval = ext2fs_alloc_block(fs, b, block_buf, &b); > > > > if (retval) > > > > goto done; > > > > + if (bmap_flags & BMAP_UNINIT) { > > > > + retval = ext2fs_zero_blocks2(fs, b, 1, NULL, > > > > + NULL); > > > > + if (retval) > > > > + goto done; > > > > + } > > > > inode_bmap(inode, block) = b; > > > > blocks_alloc++; > > > > *phys_blk = b; > > > > diff --git a/lib/ext2fs/ext2fs.h b/lib/ext2fs/ext2fs.h > > > > index 599c972..819a14a 100644 > > > > --- a/lib/ext2fs/ext2fs.h > > > > +++ b/lib/ext2fs/ext2fs.h > > > > @@ -527,6 +527,7 @@ typedef struct ext2_icount *ext2_icount_t; > > > > */ > > > > #define BMAP_ALLOC 0x0001 > > > > #define BMAP_SET 0x0002 > > > > +#define BMAP_UNINIT 0x0004 > > > > > > > > /* > > > > * Returned flags from ext2fs_bmap > > > > diff --git a/lib/ext2fs/mkjournal.c b/lib/ext2fs/mkjournal.c > > > > index 884d9c0..ecc3912 100644 > > > > --- a/lib/ext2fs/mkjournal.c > > > > +++ b/lib/ext2fs/mkjournal.c > > > > @@ -174,6 +174,23 @@ errcode_t ext2fs_zero_blocks2(ext2_filsys fs, blk64_t blk, int num, > > > > return ENOMEM; > > > > memset(buf, 0, fs->blocksize * STRIDE_LENGTH); > > > > } > > > > + > > > > + /* Try discard, if it zeroes data... */ > > > > + if (io_channel_discard_zeroes_data(fs->io)) { > > > > + memset(buf + fs->blocksize, 0, fs->blocksize); > > > > + retval = io_channel_discard(fs->io, blk, num); > > > > + if (retval) > > > > + goto skip_discard; > > > > + retval = io_channel_read_blk64(fs->io, blk, 1, buf); > > > > + if (retval) > > > > + goto skip_discard; > > > > + if (memcmp(buf, buf + fs->blocksize, fs->blocksize) == 0) > > > > + return 0; > > > > + /* Hah! Discard doesn't zero! */ > > > > + fs->io->flags &= ~CHANNEL_FLAGS_DISCARD_ZEROES; > > > > + } > > > > +skip_discard: > > > > > > You did not mention that in the description, but this is actually a > > > problem. The reason is that discard might not be reliable on some > > > devices. This has been discussed several times and I am not the only > > > one who've seen that even if the device itself says that it will > > > return zeroes from discarded regions sometimes it might return data. > > > > I agree that the storage not living up to the interface it advertises is a > > problem, hence the verification step that will unset the io channel flag if it > > finds that the device is lying. > > > > On the other hand, I wonder if this ought to be abstracted away in an > > io_channel_zero() call that takes care of figuring out if it can do a zeroing > > discard or if it has to write a block of zeroes. > > > > Or, are you worried that a discard and immediate re-read will appear to work, > > but that a later re-read will return non-zero data? > > Yes I am, because we know that it sometimes behaves unpredictably > and this is one of the things that might just happen. Even though I > have not seen this exact case I've seen the opposite where right > after discard I've read non zero values but later it actually > returned zeroes. > > So I would much rather not rely on discard here because you might > expose stale data on indirect files and there is no way to turn this > optimization off. Fair enough. > > > > > I would rather avoid this kind of optimization. However if the > > > underlying "device" is a loop device then it will be reliable if > > > it's supported. Also if then underlying "device" is a image then we > > > can just simply use punch hole. > > > > But static whitelisting is also problematic -- what if the storage device is an > > AHCI (or virtio-scsi) disk in QEMU that's ultimately backed by a file that we > > can punch_hole? How do we distinguish that from an SSD hooked up to SATA > > hardware? > > We do not. We can only do that if we know we're sitting on a file. > It is really unfortunate, but I think that there is a limitation in > how we can use discard. > > However we could use write same which should help on devices which > supports it and on the fs images because QEMU will convert that to > zero range (at least on xfs since ext4 implementation is quite new). > However I have no idea what is the interface to do that. Hrmm, I guess it would be the BLKZEROOUT ioctl for block devices? Inside the kernel it appears to be wired up to WRITE_SAME with a zero buffer or just a regular WRITE with a lot of zero pages attached. For regular files, punch hole (or zero range) seems to be fine. I think. This ought to get moved into a separate IO manager routine. --D > > -Lukas > > > > > In the qemu emulated AHCI case we ought to be able to zeroing discard, if > > advertised. I thought it was a reasonable compromise to trust that it works > > and verify the results afterward. > > > > --D > > > > > > Thanks! > > > -Lukas > > > > > > > + > > > > /* OK, do the write loop */ > > > > j=0; > > > > while (j < num) { > > > > > > > > -- > > > > To unsubscribe from this list: send the line "unsubscribe linux-ext4" in > > > > the body of a message to majordomo@...r.kernel.org > > > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-ext4" in > > the body of a message to majordomo@...r.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists