[f2fs-dev] Using secure erase in f2fs

[f2fs-dev] Using secure erase in f2fs

[Mikhail Novosyolov via Linux-f2fs-devel]

Hello, f2fs developers!

I saw commit 9af846486d781a63 "f2fs: add F2FS_IOC_SEC_TRIM_FILE ioctl" in Linux kernel
https://github.com/torvalds/linux/commit/9af846486d781a63de025a5f502c515268e48790#

I saw usage of it in Android only
https://android.googlesource.com/platform/system/vold/+/master/secdiscard.cpp

Do I understand correctly that userspace code decides himself where the region to erase starts and when to call that ioctl?

I am interested in it to implement realtime secure erase - overwriting files with zeros or random data (I am not interestied in sending a discard/trim command) - when files are deleted or are removed completely.
This code seems to be a good solution of this problem, but the problem is that kernel cannot trigger it by itself.

I think it should be possible to call this from another part of f2fs when a file is being edited or unlinked, but I am not sure from where exactly.

F2FS has background housekeeping, it would be nice if it could issue secure trim in the background.

Also, I am not sure that it will work with symlinks correctly, for example.

Please give a direction.



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] Using secure erase in f2fs

[Mikhail Novosyolov via Linux-f2fs-devel]

02.12.2020 21:24, Mikhail Novosyolov пишет:
> Hello, f2fs developers!
>
> I saw commit 9af846486d781a63 "f2fs: add F2FS_IOC_SEC_TRIM_FILE ioctl" in Linux kernel
> https://github.com/torvalds/linux/commit/9af846486d781a63de025a5f502c515268e48790#
>
> I saw usage of it in Android only
> https://android.googlesource.com/platform/system/vold/+/master/secdiscard.cpp
>
> Do I understand correctly that userspace code decides himself where the region to erase starts and when to call that ioctl?
>
> I am interested in it to implement realtime secure erase - overwriting files with zeros or random data (I am not interestied in sending a discard/trim command) - when files are deleted or are removed completely.
> This code seems to be a good solution of this problem, but the problem is that kernel cannot trigger it by itself.
What if do something like this?

diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 7d8578401267..1e72ac27bfdf 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -1166,6 +1166,10 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi,
                     SECTOR_FROM_BLOCK(start),
                     SECTOR_FROM_BLOCK(len),
                     GFP_NOFS, 0, &bio);
+        __blkdev_issue_write_zeroes(bdev,
+                    SECTOR_FROM_BLOCK(start),
+                    SECTOR_FROM_BLOCK(len),
+                    GFP_NOFS, 0, &bio);
 submit:
         if (err) {
             spin_lock_irqsave(&dc->lock, flags);

after of before __blkdev_issue_discard()?

Is it safe to fill the region which is being discarded with zeroes?

Will it work and will it fit with background housekeeping and discard queue?

>
> I think it should be possible to call this from another part of f2fs when a file is being edited or unlinked, but I am not sure from where exactly.
>
> F2FS has background housekeeping, it would be nice if it could issue secure trim in the background.
>
> Also, I am not sure that it will work with symlinks correctly, for example.
>
> Please give a direction.
>


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] Using secure erase in f2fs

[Daeho Jeong]

Hi Mikhail,

As you noticed, f2fs already sends discard commands on released blocks.
Do you want to fill the blocks with zero data, instead of sending
discard commands?

2020년 12월 3일 (목) 오전 4:24, Mikhail Novosyolov via Linux-f2fs-devel
<linux-f2fs-devel@lists.sourceforge.net>님이 작성:
>
> 02.12.2020 21:24, Mikhail Novosyolov пишет:
> > Hello, f2fs developers!
> >
> > I saw commit 9af846486d781a63 "f2fs: add F2FS_IOC_SEC_TRIM_FILE ioctl" in Linux kernel
> > https://github.com/torvalds/linux/commit/9af846486d781a63de025a5f502c515268e48790#
> >
> > I saw usage of it in Android only
> > https://android.googlesource.com/platform/system/vold/+/master/secdiscard.cpp
> >
> > Do I understand correctly that userspace code decides himself where the region to erase starts and when to call that ioctl?
> >
> > I am interested in it to implement realtime secure erase - overwriting files with zeros or random data (I am not interestied in sending a discard/trim command) - when files are deleted or are removed completely.
> > This code seems to be a good solution of this problem, but the problem is that kernel cannot trigger it by itself.
> What if do something like this?
>
> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
> index 7d8578401267..1e72ac27bfdf 100644
> --- a/fs/f2fs/segment.c
> +++ b/fs/f2fs/segment.c
> @@ -1166,6 +1166,10 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi,
>                      SECTOR_FROM_BLOCK(start),
>                      SECTOR_FROM_BLOCK(len),
>                      GFP_NOFS, 0, &bio);
> +        __blkdev_issue_write_zeroes(bdev,
> +                    SECTOR_FROM_BLOCK(start),
> +                    SECTOR_FROM_BLOCK(len),
> +                    GFP_NOFS, 0, &bio);
>  submit:
>          if (err) {
>              spin_lock_irqsave(&dc->lock, flags);
>
> after of before __blkdev_issue_discard()?
>
> Is it safe to fill the region which is being discarded with zeroes?
>
> Will it work and will it fit with background housekeeping and discard queue?
>
> >
> > I think it should be possible to call this from another part of f2fs when a file is being edited or unlinked, but I am not sure from where exactly.
> >
> > F2FS has background housekeeping, it would be nice if it could issue secure trim in the background.
> >
> > Also, I am not sure that it will work with symlinks correctly, for example.
> >
> > Please give a direction.
> >
>
>
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] Using secure erase in f2fs

[Mikhail Novosyolov via Linux-f2fs-devel]

3 декабря 2020 г. 2:41:14 GMT+03:00, Daeho Jeong <daeho43@gmail.com> пишет:
>Hi Mikhail,
>
>As you noticed, f2fs already sends discard commands on released blocks.
>Do you want to fill the blocks with zero data, instead of sending
>discard commands?

Yes, I want to fill the blocks with zero data for multiple times (2 times, for example), because there are some governmental rules which require to do this.

I think it does not make much sense on flash memory and HDDs with SMR and other too clever microcontrollers, but it can theoretically still have sense probably.

Also, I think, sending a discard commamd after zeroing blocks will be still useful because it is what the memory controller is taught to deal with.

Thanks for replying!

>
>2020년 12월 3일 (목) 오전 4:24, Mikhail Novosyolov via Linux-f2fs-devel
><linux-f2fs-devel@lists.sourceforge.net>님이 작성:
>>
>> 02.12.2020 21:24, Mikhail Novosyolov пишет:
>> > Hello, f2fs developers!
>> >
>> > I saw commit 9af846486d781a63 "f2fs: add F2FS_IOC_SEC_TRIM_FILE
>ioctl" in Linux kernel
>> >
>https://github.com/torvalds/linux/commit/9af846486d781a63de025a5f502c515268e48790#
>> >
>> > I saw usage of it in Android only
>> >
>https://android.googlesource.com/platform/system/vold/+/master/secdiscard.cpp
>> >
>> > Do I understand correctly that userspace code decides himself where
>the region to erase starts and when to call that ioctl?
>> >
>> > I am interested in it to implement realtime secure erase -
>overwriting files with zeros or random data (I am not interestied in
>sending a discard/trim command) - when files are deleted or are removed
>completely.
>> > This code seems to be a good solution of this problem, but the
>problem is that kernel cannot trigger it by itself.
>> What if do something like this?
>>
>> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
>> index 7d8578401267..1e72ac27bfdf 100644
>> --- a/fs/f2fs/segment.c
>> +++ b/fs/f2fs/segment.c
>> @@ -1166,6 +1166,10 @@ static int __submit_discard_cmd(struct
>f2fs_sb_info *sbi,
>>                      SECTOR_FROM_BLOCK(start),
>>                      SECTOR_FROM_BLOCK(len),
>>                      GFP_NOFS, 0, &bio);
>> +        __blkdev_issue_write_zeroes(bdev,
>> +                    SECTOR_FROM_BLOCK(start),
>> +                    SECTOR_FROM_BLOCK(len),
>> +                    GFP_NOFS, 0, &bio);
>>  submit:
>>          if (err) {
>>              spin_lock_irqsave(&dc->lock, flags);
>>
>> after of before __blkdev_issue_discard()?
>>
>> Is it safe to fill the region which is being discarded with zeroes?
>>
>> Will it work and will it fit with background housekeeping and discard
>queue?
>>
>> >
>> > I think it should be possible to call this from another part of
>f2fs when a file is being edited or unlinked, but I am not sure from
>where exactly.
>> >
>> > F2FS has background housekeeping, it would be nice if it could
>issue secure trim in the background.
>> >
>> > Also, I am not sure that it will work with symlinks correctly, for
>example.
>> >
>> > Please give a direction.
>> >
>>
>>
>> _______________________________________________
>> Linux-f2fs-devel mailing list
>> Linux-f2fs-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

-- 
Простите за краткость, создано в K-9 Mail.


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel