All of lore.kernel.org
 help / color / mirror / Atom feed
From: Omar Sandoval <osandov@osandov.com>
To: Qu Wenruo <quwenruo.btrfs@gmx.com>
Cc: dsterba@suse.cz, Qu Wenruo <wqu@suse.com>,
	"linux-btrfs@vger.kernel.org" <linux-btrfs@vger.kernel.org>
Subject: Re: Seed device is broken, again.
Date: Fri, 25 Feb 2022 11:18:23 -0800	[thread overview]
Message-ID: <YhkrfyzmCgOGG+5n@relinquished.localdomain> (raw)
In-Reply-To: <56a6fe34-7556-c6c3-68da-f3ada22bd5ba@gmx.com>

On Fri, Feb 25, 2022 at 09:36:32PM +0800, Qu Wenruo wrote:
> 
> 
> On 2022/2/25 19:47, David Sterba wrote:
> > On Fri, Feb 25, 2022 at 06:08:20PM +0800, Qu Wenruo wrote:
> > > Hi,
> > > 
> > > The very basic seed device usage is broken again:
> > > 
> > > 	mkfs.btrfs -f $dev1 > /dev/null
> > > 	btrfstune -S 1 $dev1
> > > 	mount $dev1 $mnt
> > > 	btrfs dev add $dev2 $mnt
> > > 	umount $mnt
> > > 
> > > 
> > > I'm not sure how many guys are really using seed device.
> > > 
> > > But I see a lot of weird operations, like calling a definite write
> > > operation (device add) on a RO mounted fs.
> > 
> > That's how the seeding device works, in what way would you want to do
> > the ro->rw change?
> 
> In progs-only, so that in kernel we can make dev add ioctl as a real RW
> operation, not adding an exception for dev add.
> 
> > 
> > > Can we make at least the seed sprouting part into btrfs-progs instead?
> > 
> > How? What do you mean? This is an in kernel operation that is done on a
> > mounted filesystem, progs can't do that.
> 
> Why not?
> 
> Progs has the same ability to read-write the fs, I see no reason why we
> shouldn't do it in user space.
> 
> We're just adding a device, update related trees (which will only be
> written to the new device). I see no special reason why it can't be done
> in user space.
> 
> Furthermore, the ability to add device in user space can be a good
> safenet for some ENOSPC space.
> 
> > 
> > > And can seed device even support the upcoming extent-tree-v2?
> > 
> > I should, it operates on the device level.
> > 
> > > Personally speaking I prefer to mark seed device deprecated completely.
> > 
> > If we did that with every feature some developer does not like we'd have
> > nothing left you know. Seeding is a documented usecase, as long as it
> > works it's fine to have it available.
> 
> A documented usecase doesn't mean it can't be deprecated.
> 
> Furthermore, a documented use case doesn't validate the use case itself.
> 
> So, please tell me when did you use seed device last time?
> Or anyone in the mail list, please tell me some real world usecase for
> seed devices.
> 
> I did remember some planned use case like a way to use seed device as a
> VM/container template, but no, it doesn't get much attention.
> 
> 
> I'm not asking for deprecate the feature just because I don't like it.
> 
> This feature is asking for too many exceptions, from the extra
> fs_devices hack (we have in fact two fs_devices, one for rw devices, one
> for seed only), to the dev add ioctl.
> 
> But the little benefit is not really worthy for the cost.

We use seed devices in production. The use case is for servers where we
don't want to persist any sensitive data. The seed device contains a
basic boot environment, then we sprout it with a dm-crypt device and
throw away the encryption key. This ensures that nothing sensitive can
ever be recovered. We previously did this with overlayfs, but seed
devices ended up working better for reasons I don't remember.

Davide Cavalca also told me that "Fedora is also interested in
leveraging seed devices down the road. e.g. doing seed/sprout for cloud
provisioning, and using seed devices for OEM factory recovery on
laptops."

There are definitely hacks we need to fix for seed devices, but there
are valid use cases and we can't just deprecate it.

  reply	other threads:[~2022-02-25 19:18 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-25 10:08 Seed device is broken, again Qu Wenruo
2022-02-25 11:39 ` Filipe Manana
2022-02-25 11:47 ` David Sterba
2022-02-25 13:36   ` Qu Wenruo
2022-02-25 19:18     ` Omar Sandoval [this message]
2022-02-27 23:56       ` Qu Wenruo
2022-02-28  2:01         ` Anand Jain
2022-02-28  2:35           ` Qu Wenruo
2022-02-28  3:24             ` Anand Jain
2022-02-28  3:27               ` Qu Wenruo
2022-02-28 18:40                 ` David Sterba
2022-03-01  0:13                   ` Qu Wenruo
2022-03-01  1:49                     ` Chris Murphy
2022-03-01 17:09                     ` David Sterba
2022-03-02  0:00                       ` Qu Wenruo
2022-03-01  1:44             ` Chris Murphy
2022-03-02 10:09   ` Neal Gompa
2022-02-25 12:00 ` Nikolay Borisov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YhkrfyzmCgOGG+5n@relinquished.localdomain \
    --to=osandov@osandov.com \
    --cc=dsterba@suse.cz \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=quwenruo.btrfs@gmx.com \
    --cc=wqu@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.