On Fri, Jun 25, 2021 at 02:07:59PM -0700, Omar Sandoval wrote: > On Fri, Jun 25, 2021 at 09:16:15AM -0700, Linus Torvalds wrote: > > On Thu, Jun 24, 2021 at 8:38 PM Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote: > > > > > > Does it make any kind of sense to talk about doing this for buffered I/O, > > > given that we can't generate them for (eg) mmaped files? > > > > Sure we can. > > > > Or rather, some people might very well like to do it even for mutable > > data. In fact, _especially_ for mutable data. > > > > You might want to do things like "write out the state I verified just > > a moment ago", and if it has changed since then, you *want* the result > > to be invalid because the checksums no longer match - in case somebody > > else changed the data you used for the state calculation and > > verification in the meantime. It's very much why you'd want a separate > > checksum in the first place. > > > > Yeah, yeah, you can - and people do - just do things like this with a > > separate checksum. But if you know that the filesystem has internal > > checksumming support _anyway_, you might want to use it, and basically > > say "use this checksum, if the data doesn't match when I read it back > > I want to get an IO error". > > > > (The "data doesn't match" _could_ be just due to DRAM corruption etc, > > of course. Some people care about things like that. You want > > "verified" filesystem contents - it might not be about security, it > > might simply be about "I have validated this data and if it's not the > > same data any more it's useless and I need to re-generate it"). > > > > Am I a big believer in this model? No. Portability concerns (across > > OS'es, across filesystems, even just across backups on the same exact > > system) means that even if we did this, very few people would use it. > > > > People who want this end up using an external checksum instead and do > > it outside of and separately from the actual IO, because then they can > > do it on existing systems. > > > > So my argument is not "we want this". My argument is purely that some > > buffered filesystem IO case isn't actually any different from the > > traditional "I want access to the low-level sector hardware checksum > > data". The use cases are basically exactly the same. > > > > Of course, basically nobody does that hw sector checksum either, for > > all the same reasons, even if it's been around for decades. > > > > So my "checksum metadata interface" is not something I'm a big > > believer in, but I really don't think it's really all _that_ different > > from the whole "compressed format interface" that this whole patch > > series is about. They are pretty much the same thing in many ways. > > I see the similarity in the sense that we basically want to pass some > extra metadata down with the read or write. So then do we want to add > preadv3/pwritev3 for encoded I/O now so that checksums can use it in the > future? The encoding metadata could go in this "struct io_how", either > directly or in a separate structure with a pointer in "struct io_how". > It could get messy with compat syscalls. Ping. What's the path forward here? At this point, it seems like an ioctl is the path of least resistance.
