On Wed, Jan 31, 2018 at 07:03:16PM -0500, Theodore Ts'o wrote: > On Wed, Jan 31, 2018 at 12:41:13PM -0800, James Bottomley wrote: > > > Like fscrypto, where most of the code is in fs/crypto, most of the > > > fs-verity will be in fs/verity. There will be minimal hooks in a > > > particular file system, so if another file system wants to play, then > > > can do so relatively easily. > > > > OK, sounds good ... I notice, now I look, that fscrypt uses xattrs > > (albeit hidden under the covers of get/set_context), will dm-verity use > > the same trick or do people really need space in the inode? > > I assume you mean fs-verity above, and no, we aren't going to use > xattrs because the Merkle tree won't fit in the xattr. So the plan > was to put the fs-verity header, the PKCS7 signature, and the Merkle > tree after i_size (rounded to a blocksize boundary). Remember, the > fs-verity case we only worry about the read-ony case. I think putting valid data beyond EOF is going to be problematic for many filesystems. Getting things like truncate right are hard enough without having to special case a bunch of new functionality that specifically allows IO access beyond EOF. Indeed, how does "truncate isize but leave special data behind" work and what's the userspace API to drive it? And how does it interact with all the page cache code that checks for page->index beyond EOF to detect a truncated page that should not be accessed? There's also further complications for filesystems like XFS e.g. how do we tell the difference between valid data beyond EOF and speculative allocation (done by delalloc) beyond EOF that contains no data and can be removed if it is not written to in a short while? This just seems like a horrible can of worms to me and is not something we should be building generic infrastructure around. Just how big do these merkle trees get, anyway? > As I stated above, we need to put the Merkle tree after i_size anyway, > so the current plan doesn't use xattrs at all. Xattr storage space is > also precious (especially if you are trying to keep all of the xattrs No it's not. xattr space is specifically designed for uses like this, and if you have to take an extra IO to read it then that's the cost of storing large chunks of non-userdata data on a file. You;ve got to take extra IOs to read the merkle tree if it's stored beyond EOF anyway, so it doesn't matter if we take extra IOs to read it from an xattr.... Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
