+1 for all your changes with the following comments in addition...
On Mon, 2016-09-19 at 17:27 +0200, David Sterba wrote: > That's more like a usecase, thats out of the scope of the tabular > overview. But we have an existing page UseCases that I'd like to > transform to a more structured and complete overview of usceases of > various features, so the UUID collisions would build on top of that > with > "and this could hapen if ...". Well I don't agree here and see it basically like Austin. It's not that these UUID collisions can only happen in special circumstances but plain normal situations that always used to work with probably literally each and every fs. (So much for the accidental corruptions). And an attack is probably never "usecase dependant"... it always depends on the attacker. And since that seems to be a pretty real attack vector, I'd also say it's mandatory to quite clearly warn about that deficiency... TBH, I'm rather surprised that this situation seems to be kinda "accepted". I had a chat with CM recently and he implied things might be solved with encryption. While this is probably the case for at least some of the described problems, it rather seems like a workaround: - why making btrfs-encryption mandatory for devices who have partially secured access (e.g. where a systemdisk with btrfs is not physically accessible but a USB port is) - what about users that rather want to use block device encryption instead of fs-level-encryption? > > - in-band dedupe > > deduped are IIRC not bitwise compared by the kernel before de- > > duping, > > as it's the case with offline dedupe. > > Even if this is considered safe by the community... I think users > > should be told. > Only features merged are reflected. And the out-of-band dedupe does > full > memcpy. See btrfs_cmp_data() called from btrfs_extent_same(). Ah,... I kinda thought it was already merged ... possibly got confused by the countless patch iterations of it ;) > > - btrfs check --repair (and others?) > > Telling people that this may often cause more harm than good. > I think userspace tools do not belong to the overview. Well... I wouldn't mind if there was a btrfs-progs status page... (and both link each other). OTOH,... the user probably wants one central point where all relevant info can be found... and not again having to dig through n websites. > > - even mounting a fs ro, may cause it to be changed > > This would go to the UseCases Fine for me. > > > > > - DB/VM-image like IO patterns + nodatacow + (!)checksumming > > + (auto)defrag + snapshots > > a) > > People typically may have the impression: > > btrfs = checksummed => als is guaranteed to be "valid" (or at > > least > > noticed) > > However this isn't the case for nodatacow'ed files, which in turn > > is > > kinda "mandatory" for DB/VM-image like IO patterns, cause > > otherwise > > these would fragment to heavily (see (b). > > Unless claimed by some people, none of the major DBs or VM-image > > formats do general checksumming on their own, most even don't > > support > > it, some that do wouldn't do it without app-support and few > > "just" > > don't do it per default. > > Thus one should bump people to this situation and that they may > > not > > get this "correctness" guarantee here. > > b) > > IIRC, it doesn't even help to simply not use nodatacow on such > > files > > and using auto-defrag instead to countermeasure the fragmenting, > > as > > that one doesn't perform too well on large files. > > Same. Fine for me either... you already said above you would mention the nodatacow=>no-checksumming=>no-verification-and-no-raid-repair in the general section... this is enough for that place. > > For specific features: > > - Autodefrag > > - didn't that also cause reflinks to be broken up? > > No and never had. Absolutely sure? One year ago, I was told that at first too so I started using it, but later on some (IIRC) developer said auto-defrag would also suffer from it. > > - RAID* > > No userland tools for monitoring/etc. > > That's a usability bug. Well it is and it will probably go away sooner or later... but the unaware user may not really realise that he actually has to take care on this by himself for now. So I though it would be helpful to have it added. Best wishes, Chris.
Description: S/MIME cryptographic signature