lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <02524ece-956f-f5d8-fb21-adc4e5617dc6@linux.alibaba.com>
Date:   Wed, 24 May 2023 16:26:25 +0800
From:   Gao Xiang <hsiangkao@...ux.alibaba.com>
To:     Giuseppe Scrivano <gscrivan@...hat.com>
Cc:     Alexander Larsson <alexl@...hat.com>,
        Mike Snitzer <snitzer@...nel.org>,
        Du Rui <durui@...ux.alibaba.com>, dm-devel@...hat.com,
        linux-kernel@...r.kernel.org, Alasdair Kergon <agk@...hat.com>
Subject: Re: dm overlaybd: targets mapping OverlayBD image

Hi Giuseppe,

On 2023/5/24 01:11, Giuseppe Scrivano wrote:
> Gao Xiang <hsiangkao@...ux.alibaba.com> writes:
> 

...

>> Agreed, I hope you guys could actually sit down and evaluate a proper
>> solution on the next OCI v2, currently I know there are:
>>
>>   - Composefs
>>   - (e)stargz   https://github.com/containerd/stargz-snapshotter
>>   - Nydus       https://github.com/containerd/nydus-snapshotter
>>   - OverlayBD   https://github.com/containerd/accelerated-container-image
>>   - SOCI        https://github.com/awslabs/soci-snapshotter
>>   - Tarfs
>>   - (maybe even more..)
>>
>> Honestly, I do think OSTree/Composefs is the best approach for now for
>> deduplication and page cache sharing (due to kernel limitation of page
>> cache sharing and overlayfs copyup limitation).  I'm too tired of
>> container image stuffs honestly.  Too much unnecessary manpower waste.
> 
> for a file-based storage model, I am not sure a new format would really
> buy us much or it can be significantly different.
> 
> Without a proper support from the kernel, a new format would still need
> to create the layout overlay expects, so it won't be much different than
> what we have now.

I've seen lot efforts on this, for example,
https://docs.google.com/presentation/d/1lBKVrYzm9JEYuw-gIEsrcePSK0jL1Boe/edit#slide=id.p22

Merging the writable layer and read-only layers with overlayfs is
feasible. I mean, at least for composefs model on backing XFS/btrfs, we
could merge these layers with overlayfs so that I guess reflink could
be done to avoid full copyup as well?  I do think that's a net win.

> 
> The current OCI format, with some tweaks like (e)stargz or zstd:chunked,
> already make its content addressable and a client can retrieve only the
> subset of the files that are needed.  At the same time we maintain the
> simplicity of a tarball and it won't break existing clients.

(e)stargz or zstd:chunked still needs to be converted by the publisher
and not all exist OCI images are stored in this way.  But apart from
detailed comparsion, disk mapping image approaches seems really a
drawback at least on my side.

Anyway, I think it's what OCIv2 would like to eventually address
anyway.

> 
> IMO, the most interesting problem is how to store these images locally
> and how the kernel can help with that.

I think composefs model can do both sides. But I'm not sure the final
conclusion, I tend to leave it to the OCI guys.

> 
> The idea behind composefs is to replace the existing storage model used
> for overlay, where each layer has its own directory, with a single
> directory where all the files are stored by their checksum.  The
> expected layout then is recreated at runtime.

Yes, what I'd like to say, without finer page cache sharing mechanism,
the composefs way sounds better to me honestly to the whole system.

Thanks,
Gao Xiang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ