21.06.2017 16:41, Austin S. Hemmelgarn пишет: > On 2017-06-21 08:43, Christoph Anton Mitterer wrote: >> On Wed, 2017-06-21 at 16:45 +0800, Qu Wenruo wrote: >>> Btrfs is always using device ID to build up its device mapping. >>> And for any multi-device implementation (LVM,mdadam) it's never a >>> good >>> idea to use device path. >> >> Isn't it rather the other way round? Using the ID is bad? Don't you >> remember our discussion about using leaked UUIDs (or accidental >> collisions) for all kinds of attacks? > Both are bad for different reasons. For the particular case of sanely > handling transient storage failures (device disappears then reappears), > you can't do it with a path in /dev (which is what most people mean when > they say device path), and depending on how the hardware failed and the > specifics of the firmware, you may not be able to do it with a > hardware-level device path, but you can do it with a device ID assuming > you sanely verify the ID. Right now, BTRFS is not sanely checking the > ID (it only verifies the UUID's in the FS itself, it should also be > checking hardware-level identifiers like WWN).
Which is not enough too; if device dropped off array and reappeared later we need to be able to declare it stale, even if it has exactly the same UUID and WWN and whatever hardware identifier is used. So we need some generation number to be able to do it. Incidentally MD does have them and compares generation numbers to decide whether device can be assimilated. -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
