lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 15 Jan 2020 11:54:20 +0800
From:   Qu Wenruo <>
To:     David Howells <>,,,,,,,,,
Subject: Re: Problems with determining data presence by examining extents?

On 2020/1/15 上午12:48, David Howells wrote:
> Again with regard to my rewrite of fscache and cachefiles:
> I've got rid of my use of bmap()!  Hooray!
> However, I'm informed that I can't trust the extent map of a backing file to
> tell me accurately whether content exists in a file because:
>  (a) Not-quite-contiguous extents may be joined by insertion of blocks of
>      zeros by the filesystem optimising itself.  This would give me a false
>      positive when trying to detect the presence of data.

At least for btrfs, only unaligned extents get padding zeros.

But I guess other fs could do whatever they want to optimize themselves.

>  (b) Blocks of zeros that I write into the file may get punched out by
>      filesystem optimisation since a read back would be expected to read zeros
>      there anyway, provided it's below the EOF.  This would give me a false
>      negative.

I know some qemu disk backend has such zero detection.
But not btrfs. So this is another per-fs based behavior.

And problem (c):

(c): A multi-device fs (btrfs) can have their own logical address mapping.
Meaning the bytenr returned makes no sense to end user, unless used for
that fs specific address space.

This is even more trickier when considering single device btrfs.
It still utilize the same logical address space, just like all multiple
disks btrfs.

And it completely possible for a single 1T btrfs has logical address
mapped beyond 10T or even more. (Any aligned bytenr in the range [0,
U64_MAX) is valid for btrfs logical address).

You won't like this case either.
(d): Compressed extents
One compressed extent can represents more data than its on-disk size.

Furthermore, current fiemap interface hasn't considered this case, thus
there it only reports in-memory size (aka, file size), no way to
represent on-disk size.

And even more bad news:
(e): write time dedupe
Although no fs known has implemented it yet (btrfs used to try to
support that, and I guess XFS could do it in theory too), you won't
known when a fs could get such "awesome" feature.

Where your write may be checked and never reach disk if it matches with
existing extents.

This is a little like the zero-detection-auto-punch.

> Is there some setting I can use to prevent these scenarios on a file - or can
> one be added?

I guess no.

> Without being able to trust the filesystem to tell me accurately what I've
> written into it, I have to use some other mechanism.  Currently, I've switched
> to storing a map in an xattr with 1 bit per 256k block, but that gets hard to
> use if the file grows particularly large and also has integrity consequences -
> though those are hopefully limited as I'm now using DIO to store data into the
> cache.

Would you like to explain why you want to know such fs internal info?

> If it helps, I'm downloading data in aligned 256k blocks and storing data in
> those same aligned 256k blocks, so if that makes it easier...
> David

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists