Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp27338380rwd; Tue, 4 Jul 2023 01:18:41 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7CJxJ4vj8nKLnuciGxqCuKsvCXtNd6rqym7sigWg+f7fng0IcmWp997zXR6KglbaXqMH4s X-Received: by 2002:a05:620a:2a02:b0:767:2919:f38f with SMTP id o2-20020a05620a2a0200b007672919f38fmr17130996qkp.10.1688458721049; Tue, 04 Jul 2023 01:18:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688458721; cv=none; d=google.com; s=arc-20160816; b=Uz0OlnYF0M1nydDQaVAiO2079sWeaN0ggpUhFOia+jiqKY0Dh0BLQJs4LGjYAR9FnG EYifRLuRgSbL2oyMajbsQuv3GhLDqLelKQFdZfdLnAMRW+44w1Bqj51rQe2yG3BNrxhM OFoAMZn0/U9yHLNf5/Gf0vFrF8eUAlEEWvjPr8kUXun3WTYYYnfiIFcpetm4qwR+5Nlr NcaHWFVEsfHUccpydoL7yqU8w5C6fftKXJvH4tns8R3xDWFhSQI5FmhN2J/jvtmfkLW1 BSP2QVmWjF8qX5xi3QmEKcA+R4ty4MQa+jXZGYkJrcUxaAxIi7fMsA6dRWJnxBWH4Gok nfng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=+HLEhyMz8craTsn3to7RUK9ThuIC3AHRSWlUj4z7344=; fh=dZYXyRPpCT2oIstWyoZ2onTLvO32LYtvYYM2uogOFwg=; b=j64cW/LdpViYHcoZCE1dIARmEAvG8CWS/hkw3nn33Ne+IvlbhlW7G54WeRbpN6U2fG B0wmh6bi8x/aW6SFX/IA7kSF9fkYUGDqkX2EL9pKA1gyVHtzjCPo+HQ013/6EBlw3HPA siapHS2Emxw6/FigTfH7KcfQG+/bWVL5H9e2bYZfONejlOTwZ9SbutJNWH2o/2ZSc8h9 /rpHwdUft3emcjKtfNirRMilsv9tRLgufrNGAJ8vVDw3Zyg+NHdG3h+Gge561YysWGex K1ipgkmzQXXhzbGL3o6RXMWnsNnvk0swKA83JxLoWhFRTLEBo1CeBd1OW4EyP5cUw5DR iVVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=QOZlBm5n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ay33-20020a056a00302100b00674ff6d1b1esi17761215pfb.42.2023.07.04.01.18.25; Tue, 04 Jul 2023 01:18:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=QOZlBm5n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230395AbjGDIHC (ORCPT + 99 others); Tue, 4 Jul 2023 04:07:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231497AbjGDIG4 (ORCPT ); Tue, 4 Jul 2023 04:06:56 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BBE03E52 for ; Tue, 4 Jul 2023 01:06:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1688457967; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+HLEhyMz8craTsn3to7RUK9ThuIC3AHRSWlUj4z7344=; b=QOZlBm5nQ1ELENzzj98yrI9WeTUu4blKV9qYDEt+6ItWYW8V3zz2Mg9XuieFrjl6WPXxS6 LGEKUNZgwChvougSux4cHS6IVxZxjiN/waEcnFL3FWXDH/Y1u/QkGjax6eul6Wf0pXR36+ CuZHLv6dkJuILn8JpzSoCnMFOt85tXE= Received: from mail-il1-f199.google.com (mail-il1-f199.google.com [209.85.166.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-330-9unCqCBPNYCjeygbu0XE7g-1; Tue, 04 Jul 2023 04:06:06 -0400 X-MC-Unique: 9unCqCBPNYCjeygbu0XE7g-1 Received: by mail-il1-f199.google.com with SMTP id e9e14a558f8ab-345e7434a79so26020355ab.1 for ; Tue, 04 Jul 2023 01:06:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688457965; x=1691049965; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+HLEhyMz8craTsn3to7RUK9ThuIC3AHRSWlUj4z7344=; b=CHHIYytuEqrZo87Q86DSBiZRHgzxTp7hk2/vPQtGy2UYUSWc7/yn9AboodJ5a/l72Y 7mCswQ0dOr+jkeiZeTd9dvn0CHXAdzuKmwD/on/+6nBixtMnojc6uguQs/BwI/I4z4TO 0Qwe7DHjK3RBIZAmqy8ewLbZa+9QaI/rRrIgferjnXSW+ROLcoN3F3JFCCXA7TCXyTMY /0uj/oegiCFYojUF6LvwgSISO+CWcAqqqy2gv+VxZ/a6bADUP5wGoWmv1yf8HO2+LGXE DuT5AW7m/2LdSx82ek23ahNnaFp64W9sdC96zPyw2yi+3Li/m7ex7ux3wWLkds7Wwl6Q UtSw== X-Gm-Message-State: ABy/qLa4C7pXAlR2HARdGR+HwatgDJ1Zpfh2Zz0s6CyxyFnsbeGKnSQd 5UzJneMw3cD0J1sl8GmQj4HslqvX66o2SoLCnQA858euipmSRuy391lrlBekyYt4ui1p1T162mD 4rNSh1rSQU4qvokNVKA12HZXWSEyy4nAeiJ5ZrYjFLLya4f20w78= X-Received: by 2002:a92:ce84:0:b0:345:83d6:6020 with SMTP id r4-20020a92ce84000000b0034583d66020mr12999348ilo.21.1688457965098; Tue, 04 Jul 2023 01:06:05 -0700 (PDT) X-Received: by 2002:a92:ce84:0:b0:345:83d6:6020 with SMTP id r4-20020a92ce84000000b0034583d66020mr12999343ilo.21.1688457964852; Tue, 04 Jul 2023 01:06:04 -0700 (PDT) MIME-Version: 1.0 References: <20230621083209.116024-1-jefflexu@linux.alibaba.com> <74a8a369-c3b0-b338-fa8f-fdd7c252efaf@linux.alibaba.com> In-Reply-To: <74a8a369-c3b0-b338-fa8f-fdd7c252efaf@linux.alibaba.com> From: Alexander Larsson Date: Tue, 4 Jul 2023 10:05:53 +0200 Message-ID: Subject: Re: [RFC 0/2] erofs: introduce bloom filter for xattr To: Jingbo Xu Cc: hsiangkao@linux.alibaba.com, chao@kernel.org, huyue2@coolpad.com, linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 4, 2023 at 7:56=E2=80=AFAM Jingbo Xu wrote: > > > > On 7/3/23 3:25 PM, Alexander Larsson wrote: > > > > > Can't you just add a magic constant to the seed? Then we can come up > > with one that gives a good spread and hardcode that. > > > > I tried Alex's proposal of making a constant magic as part of the seed li= ke: > > ``` > xxh32(name, strlen(name), SEED_MAGIC + index) > ``` > > >> where `index` represents the index of corresponding predefined name > >> prefix (e.g. EROFS_XATTR_INDEX_USER), while `name` represents the name > >> after stripping the above predefined name prefix (e.g. > >> "overlay.metacopy" for "user.overlay.metacopy") > > > I tried SEED_MAGIC in range [0, UINT32_MAX], trying to find a constant > magic giving a best spread. > > There are totally 30 commonly used xattrs and 32 bits could be mapped > into. I failed to find the most perfect constant magic which maps these > 30 xattrs to exactly 30 bits with no conflict. > > Later I can only select a magic from those that 1) maps 30 xattrs into > 29 bits (with one conflict) and 2) at least xattrs like selinux, ima, > evm, apparmor are unconflicted to each other. Following are all > candidates and the conflicted xattrs: > > ``` > seed: 745a51e > bit 29: user.overlay.opaque, security.selinux, > > seed: fb08ad9 > bit 10: user.overlay.impure, system.posix_acl_access, > > seed: 11aa6c32 > bit 19: user.overlay.redirect, security.SMACK64MMAP, > > seed: 1438d503 > bit 10: trusted.overlay.protattr, security.ima, > > seed: 14ccea75 > bit 30: user.overlay.upper, security.ima, > > seed: 1d6a0d15 > bit 31: trusted.overlay.upper, user.overlay.metacopy, > > seed: 25bbe08f > bit 31: trusted.overlay.metacopy, user.overlay.metacopy, > > seed: 2649da2a > bit 6: user.overlay.nlink, security.SMACK64TRANSMUTE, > > seed: 2b9180b2 > bit 29: user.overlay.impure, security.evm, > > seed: 2c5d7862 > bit 16: user.overlay.upper, system.posix_acl_default, > > seed: 322040a6 > bit 17: trusted.overlay.impure, user.overlay.metacopy, > > seed: 328bcb8c > bit 30: user.overlay.opaque, security.evm, > > seed: 35afc469 > bit 3: trusted.overlay.opaque, user.overlay.origin, > > seed: 435bed25 > bit 4: trusted.overlay.upper, security.SMACK64MMAP, > > seed: 43a853af > bit 3: trusted.overlay.protattr, security.selinux, > > seed: 4930f511 > bit 22: trusted.overlay.origin, security.SMACK64, > > seed: 4acdce1d > bit 21: user.overlay.opaque, security.selinux, > > seed: 4fc5f2b0 > bit 24: user.overlay.redirect, system.posix_acl_default, > > seed: 50632396 > bit 6: security.SMACK64, system.posix_acl_access, > > seed: 535f6351 > bit 3: system.posix_acl_access, user.mime_type, > > seed: 56f4306e > bit 9: user.overlay.redirect, security.SMACK64MMAP, > > seed: 637e2bd9 > bit 22: trusted.overlay.upper, security.evm, > > seed: 6ab57b38 > bit 9: trusted.overlay.upper, user.overlay.metacopy, > > seed: 7113bd57 > bit 19: trusted.overlay.redirect, security.SMACK64, > > seed: 753e3f24 > bit 6: user.overlay.redirect, security.SMACK64EXEC, > > seed: 81883030 > bit 0: trusted.overlay.upper, security.SMACK64IPOUT, > > seed: 835f9f14 > bit 27: security.SMACK64EXEC, system.posix_acl_access, > > seed: 938fbb78 > bit 28: user.overlay.upper, security.apparmor, > > seed: 953bb3e9 > bit 30: user.overlay.protattr, system.posix_acl_access, > > seed: 962ccd7f > bit 29: trusted.overlay.nlink, security.SMACK64IPOUT, > > seed: 9fff798e > bit 3: user.overlay.nlink, user.mime_type, > > seed: a2e324eb > bit 28: trusted.overlay.nlink, user.overlay.impure, > > seed: a6e00cef > bit 26: user.overlay.opaque, security.SMACK64TRANSMUTE, > > seed: ae26aaa9 > bit 0: trusted.overlay.metacopy, user.overlay.impure, > > seed: b2172573 > bit 14: trusted.overlay.upper, security.ima, > > seed: b5917739 > bit 8: trusted.overlay.protattr, user.overlay.impure, > > seed: c01a4919 > bit 22: trusted.overlay.nlink, user.overlay.upper, > > seed: c1fa0c0a > bit 19: security.SMACK64TRANSMUTE, user.mime_type, > > seed: cbd314d7 > bit 6: trusted.overlay.upper, security.SMACK64IPOUT, > > seed: cc6dd8ee > bit 2: trusted.overlay.nlink, user.overlay.upper, > > seed: cc922efd > bit 3: trusted.overlay.opaque, user.overlay.opaque, > > seed: cd478c17 > bit 6: trusted.overlay.metacopy, user.overlay.metacopy, > > seed: d35be1c8 > bit 9: trusted.overlay.protattr, security.SMACK64MMAP, > > seed: d3914458 > bit 1: trusted.overlay.redirect, security.SMACK64IPIN, > > seed: f3251337 > bit 7: user.overlay.opaque, security.SMACK64IPOUT, > > seed: f37d8900 > bit 9: trusted.overlay.impure, user.overlay.protattr, > > seed: fafd6c93 > bit 0: security.SMACK64, user.mime_type, > > seed: fcd35cbb > bit 3: trusted.overlay.upper, user.overlay.redirect, > > seed: fe2e058a > bit 14: user.overlay.impure, user.mime_type, > ``` > > > Among all these candidates, I would prefer the following three > candidates as for each inode the same xattr of overlayfs family xattrs, > e.g. "overlay.metacopy", can not be prefixed with "trusted." and "user." > at the same time. Well, they *can* be the same at the same time, it just doesn't make much sense, so it seems very unlikely. I agree that these make sense, if the kernel is looking for user.overlay.metacopy, it would be in an userxattr mounted overlayfs layer, and it would be very unlikely that it had a trusted metacopy xattr, so there won't be any false negatives causing us to do a full look up. > ``` > seed: 25bbe08f > bit 31: trusted.overlay.metacopy, user.overlay.metacopy, > > seed: cc922efd > bit 3: trusted.overlay.opaque, user.overlay.opaque, > > seed: cd478c17 > bit 6: trusted.overlay.metacopy, user.overlay.metacopy, > ``` > > > Any other idea? Any of these three is good to me. I don't have any ideas directly related to this. However, semi-related, it would be really cool if fuse supported the same approach for xattr lookup. I.e. if lookup could add a bloom filter value as part of the inode data, then we could avoid a kernel<->fusefs-d transition for negative xattrs lookups. --=20 =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D Alexander Larsson Red Hat, Inc alexl@redhat.com alexander.larsson@gmail.com