On Tue, Dec 12, 2017 at 08:50:15 +0800, Qu Wenruo wrote: > Even without snapshot, things can easily go crazy. > > This will write 128M file (max btrfs file extent size) and write it to disk. > # xfs_io -f -c "pwrite 0 128M" -c "sync" /mnt/btrfs/file > > Then, overwrite the 1~128M range. > # xfs_io -f -c "pwrite 1M 127M" -c "sync" /mnt/btrfs/file > > Guess your real disk usage, it's 127M + 128M = 255M. > > The point here, if there is any reference of a file extent, the whole > extent won't be freed, even it's only 1M of a 128M extent.
OK, /this/ is scary. I guess nocow prevents this behaviour? I have +C chatted the file eating my space and it ceased. > Are you pre-allocating the file before write using tools like dd? I have no idea, this could be checked in source of http://pam-abl.sourceforge.net/ But this is plain Berkeley DB (5.3 in my case)... which scarries me even more: $ rpm -q --what-requires 'libdb-5.2.so()(64bit)' 'libdb-5.3.so()(64bit)' | wc -l 14 # ipoldek desc -B db5.3 Package: db5.3-5.3.28.0-4.x86_64 Required(by): apache1-base, apache1-mod_ssl, apr-util-dbm-db, bogofilter, c-icap, c-icap-srv_url_check, courier-authlib, courier-authlib-authuserdb, courier-imap, courier-imap-common, cyrus-imapd, cyrus-imapd-libs, cyrus-sasl, cyrus-sasl-sasldb, db5.3-devel, db5.3-utils, dnshistory, dsniff, evolution-data-server, evolution-data-server-libs, exim, gda-db, ggz-server, heimdal-libs-common, hotkeys, inn, inn-libs, isync, jabberd, jigdo, jigdo-gtk, jnettop, libetpan, libgda3, libgda3-devel, libhome, libqxt, libsolv, lizardfs-master, maildrop, moc, mutt, netatalk, nss_updatedb, ocaml-dbm, opensips, opensmtpd, pam-pam_abl, pam-pam_ccreds, perl-BDB, perl-BerkeleyDB, perl-BerkeleyDB, perl-DB_File, perl-URPM, perl-cyrus-imapd, php4-dba, php52-dba, php53-dba, php54-dba, php55-dba, php56-dba, php70-dba, php70-dba, php71-dba, php71-dba, php72-dba, php72-dba, postfix, python-bsddb, python-modules, python3-bsddb3, redland, ruby-modules, sendmail, squid-session_acl, squid-time_quota_acl, squidGuard, subversion-libs, swish-e, tomoe-svn, webalizer-base, wwwcount OK, not much of user-applications here, as they mostly use sqlite. I wonder how this one db-library behaves: $ find . -name \*.sqlite | xargs ls -gGhS | head -n1 -rw-r--r-- 1 15M 2017-12-08 12:14 ./.mozilla/firefox/vni9ojqi.default/extension-data/ublock0.sqlite $ ~/fiemap ./.mozilla/firefox/*.default/extension-data/ublock0.sqlite | head -n1 File ./.mozilla/firefox/vni9ojqi.default/extension-data/ublock0.sqlite has 128 extents: At least every $HOME/{.{,c}cache,tmp} should be +C... > And if possible, use nocow for this file. Actually, this should be officially advised to use +C for entire /var tree and every other tree that might be exposed for hostile write patterns, like /home or /tmp (if held on btrfs). I'd say, that from security point of view the nocow should be default, unless specified for mount or specific file... Currently, if I mount with nocow, there is no way to whitelist trusted users or secure location, and until btrfs-specific options could be handled per subvolume, there is really no alternative. -- Tomasz Pala <go...@pld-linux.org> -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html