Hi guys,
Lukas told me that some guys here might be interested in a talk I did at LPC
2013 about XFS using dm-thin module.
For those interested, the slides can be downloaded here:
http://people.redhat.com/~cmaiolin/talks/XFS-dmthin.pdf
cheers
--
Carlos
On Mon, Dec 02, 2013 at 02:56:12PM -0200, Carlos Maiolino wrote:
> Hi guys,
>
> Lukas told me that some guys here might be interested in a talk I did at LPC
> 2013 about XFS using dm-thin module.
>
> For those interested, the slides can be downloaded here:
> http://people.redhat.com/~cmaiolin/talks/XFS-dmthin.pdf
Hi Carlos,
Thanks for sending these slides. They are very interesting indeed.
Lukas mentioned that you had run some tests using ext4 and it didn't
do well at all using dm-thin? Given that we're not doing proper raid
strip alignment in our allocation decisions, that's not too
surprising, but it would be useful if there are other things that we
should do in order to do a better job working with dm-thin drives.
One other question --- in your conclusion you say:
Bypassing block zeroing while provisioning blocks adds a significant
boost to the dm-thin performance, but, it can induce a security
breach, at the risk of exposing stale data
This might be true if you are directly giving dm-thin volumes to
mutually suspicious VM's with different trust boundaries. But if you
trust the file system, and the dm-thin devices are mediated by the a
file system running in the same context as the dm-thin volumes, there
wouldn't be any security issue, correct?
Cheers,
- Ted
Hi Ted.
> > For those interested, the slides can be downloaded here:
> > http://people.redhat.com/~cmaiolin/talks/XFS-dmthin.pdf
>
> Hi Carlos,
>
> Thanks for sending these slides. They are very interesting indeed.
>
> Lukas mentioned that you had run some tests using ext4 and it didn't
> do well at all using dm-thin? Given that we're not doing proper raid
> strip alignment in our allocation decisions, that's not too
> surprising, but it would be useful if there are other things that we
> should do in order to do a better job working with dm-thin drives.
>
Ted, my apologies, when I ran the tests over ext4, I didn't save the results
since I wasn't going to compare ext4 and xfs, and I really didn't think about it
might be useful.
> One other question --- in your conclusion you say:
>
> Bypassing block zeroing while provisioning blocks adds a significant
> boost to the dm-thin performance, but, it can induce a security
> breach, at the risk of exposing stale data
>
> This might be true if you are directly giving dm-thin volumes to
> mutually suspicious VM's with different trust boundaries. But if you
> trust the file system, and the dm-thin devices are mediated by the a
> file system running in the same context as the dm-thin volumes, there
> wouldn't be any security issue, correct?
>
Yes, you're correct, if you trust who is using the block device and it's not
'public' like you said (a block device given to a VM, like a public VM host
, amazon for example), there is no security issue.
Although, dm-thin should have an algorithm to bypass the block device zeroing
step in case you're writing a whole block. But, at the time of my talk, it was
buggy :)
> Cheers,
>
> - Ted
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Carlos