On 2020/5/27 下午7:27, David Sterba wrote: > On Wed, May 27, 2020 at 10:08:06AM +0800, Qu Wenruo wrote: >>> Changes since v2: >>> - Select CONFIG_CRYPTO_HMAC and CONFIG_KEYS (kbuild robot) >>> - Fix double free in error path >>> - Fix memory leak in error path >>> - Disallow nodatasum and nodatacow when authetication is use (Eric) >> >> Since we're disabling NODATACOW usages, can we also disable the >> following features? >> - v1 space cache >> V1 space cache uses NODATACOW file to store space cache, althouhg it >> has inline csum, but it's fixed to crc32c. So attacker can easily >> utilize this hole to mess space cache, and do some DoS attack. > > That's a good point. > > The v1 space cache will be phased out but it won't be in a timeframe > we'll get in the authentication. At this point we don't even have a way > to select v2 at mkfs time (it's work in progress though), so it would be > required to switch to v2 on the first mount. > >> - fallocate >> I'm not 100% sure about this, but since nodatacow is already a second >> class citizen in btrfs, maybe not supporting fallocate is not a >> strange move. > > Fallocate is a standard file operation, not supporting would be quite > strange. What's the problem with fallocate and authentication? > As said, I'm not that sure about preallocate, but that's the remaining user of nodatacow. Although it's a pretty common interface, but in btrfs it doesn't really make much sense. In case like fallocate then snapshot use case, there is really no benefit from writing into fallocated range. Not to mention the extra cross-ref check involved when writing into possible preallocated range. Thanks, Qu
Attachment:
signature.asc
Description: OpenPGP digital signature
