summaryrefslogtreecommitdiffstats
path: root/fs/xfs/xfs_buf_item.h
diff options
context:
space:
mode:
authorDave Chinner <dchinner@redhat.com>2013-04-03 07:11:28 +0200
committerBen Myers <bpm@sgi.com>2013-04-27 19:58:53 +0200
commitd2e448d5fdebdcda93ed171339a3d864f65c227e (patch)
tree1d0681b4bf9fd79a38de7f1a1b3328e9dd89db74 /fs/xfs/xfs_buf_item.h
parentxfs: split remote attribute code out (diff)
downloadlinux-d2e448d5fdebdcda93ed171339a3d864f65c227e.tar.xz
linux-d2e448d5fdebdcda93ed171339a3d864f65c227e.zip
xfs: add CRC protection to remote attributes
There are two ways of doing this - the first is to add a CRC to the remote attribute entry in the attribute block. The second is to treat them similar to the remote symlink, where each fragment has it's own header and identifies fragment location in the attribute. The problem with the CRC in the remote attr entry is that we cannot identify the owner of the metadata from the metadata blocks themselves, or where the blocks fit into the remote attribute. The down side to this approach is that we never know when the attribute has been read from disk or not and so we have to verify it every time it is read, and we must calculate it during the create transaction and log it. We do not log CRCs for any other metadata, and so this creates a unique set of coherency problems that, in general, are best avoided. Adding an identifying header to each allocated block allows us to identify each fragment and where in the attribute it is located. It enables us to rebuild the remote attribute from just the raw blocks containing the attribute. It also provides us to do per-block CRCs verification at IO time rather than during the transaction context that creates it or every time it is read into a user buffer. Hence it avoids all the problems that an external, logged CRC has, and provides all the benefits of self identifying metadata. The only complexity is that we have to add a header per fragment, and we don't know how many fragments will be needed prior to allocations. If we take the symlink example, the header is 56 bytes and hence for a 4k block size filesystem, in the worst case 16 headers requires 1 extra block for the 64k attribute data. For 512 byte filesystems the worst case is an extra block for every 9 fragments (i.e. 16 extra blocks in the worse case). This will be very rare and so it's not really a major concern. Because allocation is done in two steps - the first finds a hole large enough in the attribute file, the second does the allocation - we only need to find a hole big enough for a worst case allocation. We only need to allocate enough extra blocks for number of headers required by the fragments, and we can calculate that as we go.... Hence it really only makes sense to use the same model as for symlinks - it doesn't add that much complexity, does not require an attribute tree format change, and does not require logging calculated CRC values. Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
Diffstat (limited to 'fs/xfs/xfs_buf_item.h')
0 files changed, 0 insertions, 0 deletions