[systemd-devel] [PATCH 1/2] Revert patch 11689d2a which force the NOCOW attribute

Sun Apr 12 06:30:13 PDT 2015

On Sat, 11.04.15 14:29, Goffredo Baroncelli (kreijack at libero.it) wrote:

> Hi Lennart,
> 
> On 2015-04-08 23:12, Lennart Poettering wrote:
> >> --- a/src/journal/journalctl.c
> >> > +++ b/src/journal/journalctl.c
> >> > @@ -1290,7 +1290,7 @@ static int setup_keys(void) {
> >> >          size_t mpk_size, seed_size, state_size, i;
> >> >          uint8_t *mpk, *seed, *state;
> >> >          ssize_t l;
> >> > -        int fd = -1, r;
> >> > +        int fd = -1, r, attr = 0;
> >> >          sd_id128_t machine, boot;
> >> >          char *p = NULL, *k = NULL;
> >> >          struct FSSHeader h;
> >> > @@ -1385,9 +1385,13 @@ static int setup_keys(void) {
> >> >  
> >> >          /* Enable secure remove, exclusion from dump, synchronous
> >> >           * writing and in-place updating */
> >> > -        r = chattr_fd(fd, true, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL);
> >> > -        if (r < 0)
> >> > -                log_warning_errno(errno, "Failed to set file attributes: %m");
> >> > +        if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
> >> > +                log_warning_errno(errno, "FS_IOC_GETFLAGS failed: %m");
> >> > +
> >> > +        attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
> >> > +
> >> > +        if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
> >> > +                log_warning_errno(errno, "FS_IOC_SETFLAGS failed: %m");
> > This is unrelated, and should not be reverted at all.
> > 
> > Lennart
> 
> Ok, this was a my fault to revert this chunk; anyway I would like to
> know which is the purpose of the FS_NOCOW_FL flag here. If I read
> the code, the file is few hundred bytes long, so in BTRFS this would
> be stored in the metadata chunk, and I am not sure if FS_NOCOW_FL is
> honored at all...

The FSS key file stores a generation key that is replaced by the next
generation in regular intervals. The old key should be flushed out at
that time, forgotten, and non-recoverable (because otherwise the
concept of FSS would be pointless...). COW file systems have the
tendency of being bad at "fogetting" things... Hence we set a variety
of bits to tell the filesystem to really get rid of the data when we
rewrite the file, including NOCOW, to avoid that the file is copied
when we write a newer key into...

Also, even if some file systems don't understand some of the bits, we
still should pass all that are appropriate to ensure that we make this
as good as we can even on (future) file systems whose behaviour we
don't know yet... (Let's not forget that the FS_NOCOW_FL is generic,
and could even be implemented by a new file system, maybe ZFS. It's
not called FS_BTRFS_NOCOW_FL after all..)

Lennart

-- 
Lennart Poettering, Red Hat