From: Eric Sandeen <sandeen@sandeen.net>
To: hal@deer-run.com, linux-xfs@vger.kernel.org
Subject: Re: [PATCH] xfs_db: add blockget -L option
Date: Mon, 14 May 2018 22:14:20 -0500 [thread overview]
Message-ID: <3ae25107-7242-a645-c0f7-784f35ed3e79@sandeen.net> (raw)
In-Reply-To: <20180510213636.GA5045@deer-run.com>
On 5/10/18 4:36 PM, hal@deer-run.com wrote:
> From: Hal Pomeranz <hal@deer-run.com>
>
> Allow blockget on a mounted file system or "dirty" file system image
> with pending log entries-- by simply ignoring the log. This makes
> xfs_db more useful for forensics where we are often dealing with these
> types of images. Flushing log entries to disk by mounting/unmounting
> the file system would allow us to use blockget, but would make changes
> to the file system state which are not desirable in forensics contexts.
>
> Signed-off-by: Hal Pomeranz <hal@deer-run.com>
Well, I'm back on the fence about this one; I know I steered you in
this direction, but after talking to dchinner a bit, he raised some valid
concerns about adding an option which essentially makes the tool behave
in unpredictable ways (by trying to traverse an inconsistent filesystem).
I had jumped to the conclusion that the usecase was for examining an
offline filesystem image without needing to perturb it by replaying the
log; Dave pointed out that you're talking about using this on a live
filesystem, and even baking this behavior into other higher level tools.
That kind of opened my eyes to all the ways this can go wrong. :(
Thus spake Dave:
> IMO, the only thing worse than not having a forensic tool for a
> specific job is having a forensic tool provided by a trusted toolkit
> whose results are unreliable and cannot be trusted....
...
> I'd suggest, in that case, that you limit it's use to off-line or
> read-only snapshots of online filesystems? This would mean that the
> results of xfs_db operations (while eceedingly slow) will be
> reliable.
And in both of those cases, you won't need to ignore a dirty log.
Especially with teh express stated purpose of examining live
filesystems, I really hate to give you this much rope.
Stuff like parent pointers and fsmap are (eventually) going to give
you a much better way to achieve what (I think) you want, here.
-Eric
next prev parent reply other threads:[~2018-05-15 3:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-10 21:36 [PATCH] xfs_db: add blockget -L option hal
2018-05-15 3:14 ` Eric Sandeen [this message]
2018-05-15 4:27 ` Hal Pomeranz
2018-05-15 5:27 ` Dave Chinner
2018-05-15 14:14 ` Eric Sandeen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ae25107-7242-a645-c0f7-784f35ed3e79@sandeen.net \
--to=sandeen@sandeen.net \
--cc=hal@deer-run.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.