On Wed, May 13, 2020 at 12:36:18PM +1000, Dave Chinner wrote:
>
> Topic: Deprecating V4 On-disk Format
>
> Scope:
> Long term life cycle planning
> Supporting old filesystems with new kernels.
> Unfixable integrity issues in v4 format.
> Reducing feature matrix for testing
>
> Proposal:
>
> The CRC-enabled V5 format has been the upstream default format now
> since commit 566ebd5ae5fa ("mkfs: default to CRC enabled
> filesystems") dated May 11 2015 (5 years ago!) and released in
> xfsprogs v3.2.3. It is the default in all major distros, and has
> been for some time.
>
> We know that the v4 format has unfixable integrity issues apart from
> the obvious lack of CRCs and self-describing metadata structures; it
> has race conditions in log recovery realted to inode creation and
> other such issues that could only be solved with an on-disk format
> change of some kind. We are not adding new features to v4 formats,
> so anyone wanting to use new XFS features must use v5 format
> filesystems.
>
> We also know that the number of v4 filesysetms in production is
> slowly decreasing as systems are replaced as part of the natural
> life cycle of production systems.
>
> All this adds up to the realisation that existing v4 filesystems are
> effectively in the "Maintenance Mode" era of the software life
> cycle. The next stage in the life cycle is "Phasing Out" before we
> drop support for it altogether, also know around here as
> "deprecated" which is a sign that support will "soon" cease.
>
> I'd like to move the v4 format to the "deprecated" state as a signal
> to users that it should really not be considered viable for new
> systems. New systems running modern kernels and userspace should
> all be using the v5 format, so this mostly only affects existing
> filesystems.
>
> Note: I am not proposing that we drop support for the v4 format any
> time soon. What I am proposing is an "end of lifecycle" tag similar
> to the way we use EXPERIMENTAL to indicate that the functionality is
> available but we don't recommend it for production systems yet.
>
> Hence what I am proposing is that we introduce a DEPRECATED alert at
> mount time to inform users that the functionality exists, but it
> will not be maintained indefinitely into the future. For distros
> with a ten year support life, this means that a near-future release
> will pick up the DEPRECATED tag but still support the filesystem for
> the support life of that release. A "future +1" release may not
> support the v4 format at all.
/me regrets that he is frequently failing to clear enough space out of
his schedule to respond to all of these adequately. But here goes,
random thoughts at 23:23. :/
> Discussion points:
>
> - How practical is this?
Well, we've killed off old features before... v1 inodes, v2 directories,
etc. So clearly this can be done, given enough preparation time.
And we probably ought to do it, before we start to resemble the ext4
quota nightmare.
> - What should we have mkfs do when directed to create a v4 format
> filesystem?
It probably ought to print a warning...
That said, way back when we were arguing with the syzbot people, one of
us suggested that we hide V4 behind a CONFIG_XFS_DEPRECATED=y option, so
that people who want to harden their kernel against the unfixable
structural problems in the V4 format could effectively lose V4 support
early. Maybe we should add that for a few years?
> - How long before we decide to remove v4 support from the upstream
> kernel and tools? 5 years after deprecation? 10 years?
That probably depends a lot on how much our respective employers want to
keep those old XFSes going. Some of our customers are about ready to
certify that they can support their distro defaults changing from ext3
to XFS v4, but those folks have support contracts that won't terminate
until whenever the so^Hun goes out.
--D
>
> Cheers,
>
> Dave.
> --
> Dave Chinner
> david@xxxxxxxxxxxxx
