Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp3473647rwb; Sun, 30 Jul 2023 08:20:53 -0700 (PDT) X-Google-Smtp-Source: APBJJlHeNYZpz/cv8ILnxRutsPKbQ/djwH4Nku4sGN6SX7fhyTfHE1+oH1TilKMyGWamT69pYAxH X-Received: by 2002:a05:6a00:2d23:b0:67f:d4e2:3dd7 with SMTP id fa35-20020a056a002d2300b0067fd4e23dd7mr8637748pfb.21.1690730453499; Sun, 30 Jul 2023 08:20:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690730453; cv=none; d=google.com; s=arc-20160816; b=N/VMMM6hdWLOrA0/yftVppw8sL8yNV6Al2oYdQXI55ca+NIxXKLN0F14Ah15bt5FsA sCj+0xZglyjK7Qq6mLS5DdHFP1aqivhLLmVP18r0lQEjFYpjUpais8LQEv7tWRCEmxkY D6FfjmovKLTDTXSkiMAWuRr7rJ1I++1gb3NPl2ejlMz9bUkit4Z3+8mR1wezjjVIE5h/ UDfZjG82wKmqNpgss4OYJtzEfpll5dJ2hmhBsP4dneEG+SfE+4MY6zb8wTm5h18lIVN1 TH0x7qhr8R2uD+TYglzseT4GUnQkpdfQSff2qs1RCs8aOczchSII80tRTAFlT7rs45sa pdEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:subject:user-agent:mime-version:date:message-id; bh=N0rKEVpannXCuxfT2tE46nEvZ6/SiEs62GEq+X7khCg=; fh=tYwJa1WUi+6bAp69wjabvYTSqrJSe4PvCs92dpiUCv0=; b=euyF7Nm5aNW2VngKzJiOAypAmHTLjRXDZ3GaRG92jCmu6geAE+03Ys5154M0kW5ANs jQrRLGorIkDB+6VlvexQ+tzGYj7vMc9l9J2hiPcVq7DIJ5sikOqjT5IDaT4vEn67Q1jw 6/XMpejpr2SPExba/pghqjaHvpLTkJUNVoxXQQUPEX58VhsbXcGxpVeUOvE79LBt/ZX0 7l6lxB1K41pmyqPa5DogRX4XDZuEzrz89e1CDR3NblVSyMPy/nslzVH3/xIEjKzyCXF6 f6r0JNbEgI8KMFctsfM06sUyVv+4c7+z1bkJtTxoX38AZH/eG0rvYkD+v4BESo7Hhwea ro0g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s6-20020a63b406000000b00564514df654si3011pgf.895.2023.07.30.08.20.41; Sun, 30 Jul 2023 08:20:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229989AbjG3Ohb (ORCPT + 99 others); Sun, 30 Jul 2023 10:37:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45328 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229854AbjG3Oh2 (ORCPT ); Sun, 30 Jul 2023 10:37:28 -0400 Received: from out30-111.freemail.mail.aliyun.com (out30-111.freemail.mail.aliyun.com [115.124.30.111]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 767C4E46 for ; Sun, 30 Jul 2023 07:37:24 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R211e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018045192;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=7;SR=0;TI=SMTPD_---0VoW-1km_1690727840; Received: from 192.168.75.41(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0VoW-1km_1690727840) by smtp.aliyun-inc.com; Sun, 30 Jul 2023 22:37:21 +0800 Message-ID: Date: Sun, 30 Jul 2023 22:37:19 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH v2] erofs: deprecate superblock checksum feature To: =?UTF-8?Q?Thomas_Wei=c3=9fschuh?= Cc: Jingbo Xu , chao@kernel.org, huyue2@coolpad.com, linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org, Karel Zak References: <20230717112703.60130-1-jefflexu@linux.alibaba.com> <9299dd4c-c2da-4ed1-8979-87fa44c68f77@t-8ch.de> From: Gao Xiang In-Reply-To: <9299dd4c-c2da-4ed1-8979-87fa44c68f77@t-8ch.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-10.0 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,NICE_REPLY_A,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2023/7/30 22:28, Thomas Weißschuh wrote: > Hi Gao! > > On 2023-07-30 22:01:11+0800, Gao Xiang wrote: >> On 2023/7/30 21:31, Thomas Weißschuh wrote: >>> On 2023-07-17 19:27:03+0800, Jingbo Xu wrote: >>>> Later we're going to try the self-contained image verification. >>>> The current superblock checksum feature has quite limited >>>> functionality, instead, merkle trees can provide better protection >>>> for image integrity. >>> >>> The crc32c checksum is also used by libblkid to gain more confidence >>> in its filesystem detection. >>> I guess a merkle tree would be much harder to implement. >>> >>> This is for example used by the mount(8) cli program to allow mounting >>> of devices without explicitly needing to specify a filesystem. >>> >>> Note: libblkid tests for EROFS_FEATURE_SB_CSUM so at least it won't >>> break when the checksum is removed. > >> I'm not sure if we could switch EROFS_FEATURE_SB_CSUM to a simpler >> checksum instead (e.g. just sum each byte up if both >> EROFS_FEATURE_SB_CSUM and COMPAT_XATTR_FILTER bits are set, or >> ignore checksums completely at least in the kernel) if the better >> filesystem detection by using sb chksum is needed (not sure if other >> filesystems have sb chksum or just do magic comparsion)? > > Overloading EROFS_FEATURE_SB_CSUM in combination with > COMPAT_XATTR_FILTER would break all existing deployments of libblkid, so > it's not an option. I think for libblkid, you could still use: EROFS_FEATURE_SB_CSUM is not set, don't check anything; EROFS_FEATURE_SB_CSUM only is set, check with crc32c; EROFS_FEATURE_SB_CSUM | COMPAT_XATTR_FILTER (or some other bit) is set, check with a simpler hash? > > All other serious and halfway modern filesystems do have superblock > checksums which are also checked by libblkid. > >> The main problem here is after xattr name filter feature is added >> (xxhash is generally faster than crc32c), there could be two >> hard-depended hashing algorithms, this increases more dependency >> especially for embededed devices. > > From libblkid side nothing really speaks against a simpler checksum. > XOR is easy to implement and xxhash is already part of libblkid for > other filesystems. > > The drawbacks are: > * It would need a completely new feature bit in erofs. > * Old versions of libblkid could not validate checksums on newer > filesystems. just checking magic for Old versions of libblkid will cause false positive in which extent? Thanks, Gao Xiang