Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp136178pxb; Thu, 2 Sep 2021 00:14:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwW7jSM0A6Fs8i7JioQHN2JzuWJSQORGBZ4d5m0YQT8a/UlFs00MPZuAGSnhggaDf2vNuOs X-Received: by 2002:a17:906:fc10:: with SMTP id ov16mr2259991ejb.300.1630566893209; Thu, 02 Sep 2021 00:14:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630566893; cv=none; d=google.com; s=arc-20160816; b=Z56tK9mhjhTwJ5fFOJmmQFSEA4l0AVqfx9f8/Z828MuYEir6MwEIOwQ6bEixv9PG5/ 2fZC5Sk4FN6Cnz+70mUb+BrQSLfxwmn3HLR4VTqSNfsIkbe07FwuxsrLvKb0Z4Tl4bR1 Xwr7cn2OEMv+QT3LiWrCjmefCO33JVnJ0O6zZni6vxCe67ZIDGxZVOIQXr2WZ7ICI0qP KnMGT/Wvjl8RVDIbjso5bbfyNsAa7cGinZbrDjd1m/vhkPkNLT4/biVlTa0ZtY4ODh6Q LmAM8jZjYCOxpPGKDTS3mjshS8qCruRz/jJET8LTr/YjMTKXA9P2W8XkRCVLmjxgl6/6 ox1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=yxQ+B6Ukg3zVw5HXezCpBfzdJ1y5rPw/KWlf+grn+dg=; b=abitbJ3xNny+Vpmjx4twpkVkItOs++gko1LaQaH6PiA0yxsnIp/kLGJsGcA3eGjMT8 qpm07Hua0aHTmn9azOxgUJW1FZwY0gs3739ffDep7awq70V3yveZhOYCm9eVgopndxYZ 9UCPZ2OIoZyUyoqPxYTpH8pxZQ9Q9mu44ineLifCU8upetTYJZKpBYqmOMRjnsm1KWIl JW8ggfEpCD/Bgl2Zt8zf6Aj0OGAgAPC7628aNAb+MNuscX9kw4HA+pZSGKFACPnu06Uh I8LE3mfMu7tu3jrLRP+V2pQ+YwLSNApbEyKA7j/o+8Q/A8GbG1Q8Q95C9Bl39fvw4mrS UjtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=VHn7btuB; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v26si956388ejk.700.2021.09.02.00.14.01; Thu, 02 Sep 2021 00:14:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=VHn7btuB; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242504AbhIBHNt (ORCPT + 99 others); Thu, 2 Sep 2021 03:13:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242126AbhIBHNs (ORCPT ); Thu, 2 Sep 2021 03:13:48 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F3332C061575; Thu, 2 Sep 2021 00:12:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=yxQ+B6Ukg3zVw5HXezCpBfzdJ1y5rPw/KWlf+grn+dg=; b=VHn7btuBVz0pJrn8OzQp/B1KIV xpWh4PZNldgBonL4GfApypUMafAalZYJ/u1O8p3bRl9Re9LTEKZDUSXNtUMhc78s2yjy+vzXaBCd1 O+J96YyqMmXO6Hbn+bLCnVRz4bmjUM9TJCpIQfz1/zNc87V6uUsdcqe8AgbDIXHBRnxLFH5Rv4cIG WNvLEDFXtcYecPVuYBGWkK9kOcr5M8R/RHwQeNsyZqXHGXidlkrHg7UhBY7oAaZVzXf9ZPb/rRhQR pubn7JB+D2UWxzv/kFhrKSJi0xu+e9nlsJWS7vfwKDzgcJ0s8VRVhL/0vwhZvZ/zigfLCBusF4Kly OyJuhwdg==; Received: from hch by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1mLgso-003CwG-LW; Thu, 02 Sep 2021 07:11:48 +0000 Date: Thu, 2 Sep 2021 08:11:34 +0100 From: Christoph Hellwig To: "J. Bruce Fields" Cc: Christoph Hellwig , NeilBrown , Chuck Lever , linux-nfs@vger.kernel.org, Josef Bacik , linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v2] BTRFS/NFSD: provide more unique inode number for btrfs export Message-ID: References: <162995209561.7591.4202079352301963089@noble.neil.brown.name> <162995778427.7591.11743795294299207756@noble.neil.brown.name> <163010550851.7591.9342822614202739406@noble.neil.brown.name> <163038594541.7591.11109978693705593957@noble.neil.brown.name> <20210901152251.GA6533@fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210901152251.GA6533@fieldses.org> X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, Sep 01, 2021 at 11:22:51AM -0400, J. Bruce Fields wrote: > It's stronger than "a little more entropy". We know enough about how > the numbers being XOR'd grow to know that collisions are only going to > happen in some extreme use cases. (If I understand correctly.) Do we know that a malicious attacker can't reproduce the collisions? Because that is the case to worry about. > > into the inode number is a good enough band aid (and I strongly > > disagree with that), do it inside btrfs for every place they report > > the inode number. There is nothing NFS-specific about that. > > Neil tried something like that: > > https://lore.kernel.org/linux-nfs/162761259105.21659.4838403432058511846@noble.neil.brown.name/ > > "The patch below, which is just a proof-of-concept, changes > btrfs to report a uniform st_dev, and different (64bit) st_ino > in different subvols." > > (Though actually you're proposing keeping separate st_dev?) No, I'm not suggestion to keep a separate st_dev in that case. So the above scheme looks like the most reasonable (or least unreasonable) of the approaches I've seen so far. I have to admit I've only noticed it now given how deep it was hidden in a thread that I only followed bit while on vacation. > I looked back through a couple threads to try to understand why we > couldn't do that (on new filesystems, with a mkfs option to choose new > or old behavior) and still don't understand. But the threads are long. > > There are objections to a new mount option (which seem obviously wrong; > this should be a persistent feature of the on-disk filesystem). Yes. Anything like this needs to be persisted. But a mount option might still be a reasonable way to set that persistent flag.