On Fri, Jun 25, 2021 at 09:16:15AM -0700, Linus Torvalds wrote: > On Thu, Jun 24, 2021 at 8:38 PM Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote: > > > > Does it make any kind of sense to talk about doing this for buffered I/O, > > given that we can't generate them for (eg) mmaped files? > > Sure we can. > > Or rather, some people might very well like to do it even for mutable > data. In fact, _especially_ for mutable data. > > You might want to do things like "write out the state I verified just > a moment ago", and if it has changed since then, you *want* the result > to be invalid because the checksums no longer match - in case somebody > else changed the data you used for the state calculation and > verification in the meantime. It's very much why you'd want a separate > checksum in the first place. > > Yeah, yeah, you can - and people do - just do things like this with a > separate checksum. But if you know that the filesystem has internal > checksumming support _anyway_, you might want to use it, and basically > say "use this checksum, if the data doesn't match when I read it back > I want to get an IO error". > > (The "data doesn't match" _could_ be just due to DRAM corruption etc, > of course. Some people care about things like that. You want > "verified" filesystem contents - it might not be about security, it > might simply be about "I have validated this data and if it's not the > same data any more it's useless and I need to re-generate it"). > > Am I a big believer in this model? No. Portability concerns (across > OS'es, across filesystems, even just across backups on the same exact > system) means that even if we did this, very few people would use it. > > People who want this end up using an external checksum instead and do > it outside of and separately from the actual IO, because then they can > do it on existing systems. > > So my argument is not "we want this". My argument is purely that some > buffered filesystem IO case isn't actually any different from the > traditional "I want access to the low-level sector hardware checksum > data". The use cases are basically exactly the same. > > Of course, basically nobody does that hw sector checksum either, for > all the same reasons, even if it's been around for decades. > > So my "checksum metadata interface" is not something I'm a big > believer in, but I really don't think it's really all _that_ different > from the whole "compressed format interface" that this whole patch > series is about. They are pretty much the same thing in many ways. I see the similarity in the sense that we basically want to pass some extra metadata down with the read or write. So then do we want to add preadv3/pwritev3 for encoded I/O now so that checksums can use it in the future? The encoding metadata could go in this "struct io_how", either directly or in a separate structure with a pointer in "struct io_how". It could get messy with compat syscalls.
