| Message ID | 20200910224842.GR7955@magnolia (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2] xfs: deprecate the V4 format | expand |
On Thu, Sep 10, 2020 at 03:48:42PM -0700, Darrick J. Wong wrote: > From: Darrick J. Wong <darrick.wong@oracle.com> > > The V4 filesystem format contains known weaknesses in the on-disk format > that make metadata verification diffiult. In addition, the format will > does not support dates past 2038 and will not be upgraded to do so. > Therefore, we should start the process of retiring the old format to > close off attack surfaces and to encourage users to migrate onto V5. > > Therefore, make XFS V4 support a configurable option. For the first > period it will be default Y in case some distributors want to withdraw > support early; for the second period it will be default N so that anyone > who wishes to continue support can do so; and after that, support will > be removed from the kernel. > > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> > --- > v2: define what is a V4 filesystem, update the administrator guide > --- Seems reasonable to me... > Documentation/admin-guide/xfs.rst | 20 ++++++++++++++++++++ > fs/xfs/Kconfig | 23 +++++++++++++++++++++++ > fs/xfs/xfs_mount.c | 11 +++++++++++ > 3 files changed, 54 insertions(+) > > diff --git a/Documentation/admin-guide/xfs.rst b/Documentation/admin-guide/xfs.rst > index f461d6c33534..68d69733a1df 100644 > --- a/Documentation/admin-guide/xfs.rst > +++ b/Documentation/admin-guide/xfs.rst > @@ -210,6 +210,25 @@ When mounting an XFS filesystem, the following options are accepted. > inconsistent namespace presentation during or after a > failover event. > > +Deprecation of V4 Format > +======================== > + > +The V4 filesystem format lacks certain features that are supported by > +the V5 format, such as metadata checksumming, strengthened metadata > +verification, and the ability to store timestamps past the year 2038. > +Because of this, the V4 format is deprecated. All users should upgrade > +by backing up their files, reformatting, and restoring from the backup. > + > +Administrators and users can detect a V4 filesystem by running xfs_info > +against a filesystem mountpoint and checking for a string beginning with > +"crc=". If the string "crc=0" is found, or no "crc=" string is found, > +the filesystem is a V4 filesystem. > + > +The deprecation will take place in two parts. Support for mounting V4 > +filesystems can now be disabled at kernel build time via Kconfig option. > +The option will default to yes until September 2025, at which time it > +will be changed to default to no. In September 2030, support will be > +removed from the codebase entirely. > > Deprecated Mount Options > ======================== > @@ -217,6 +236,7 @@ Deprecated Mount Options > =========================== ================ > Name Removal Schedule > =========================== ================ > +Mounting with V4 filesystem September 2030 > =========================== ================ > > > diff --git a/fs/xfs/Kconfig b/fs/xfs/Kconfig > index e685299eb3d2..5970d0f77db9 100644 > --- a/fs/xfs/Kconfig > +++ b/fs/xfs/Kconfig > @@ -22,6 +22,29 @@ config XFS_FS > system of your root partition is compiled as a module, you'll need > to use an initial ramdisk (initrd) to boot. > > +config XFS_SUPPORT_V4 > + bool "Support deprecated V4 (crc=0) format" > + default y > + help > + The V4 filesystem format lacks certain features that are supported > + by the V5 format, such as metadata checksumming, strengthened > + metadata verification, and the ability to store timestamps past the > + year 2038. Because of this, the V4 format is deprecated. All users > + should upgrade by backing up their files, reformatting, and restoring > + from the backup. > + > + Administrators and users can detect a V4 filesystem by running > + xfs_info against a filesystem mountpoint and checking for a string > + beginning with "crc=". If the string "crc=0" is found, or no "crc=" > + string is found, the filesystem is a V4 filesystem. > + > + This option will become default N in September 2025. Support for the > + V4 format will be removed entirely in September 2030. Distributors > + can say N here to withdraw support earlier. > + > + To continue supporting the old V4 format (crc=0), say Y. > + To close off an attack surface, say N. > + > config XFS_QUOTA > bool "XFS Quota support" > depends on XFS_FS > diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c > index ed69c4bfda71..3678dfeecd64 100644 > --- a/fs/xfs/xfs_mount.c > +++ b/fs/xfs/xfs_mount.c > @@ -315,6 +315,17 @@ xfs_readsb( > goto release_buf; > } > > +#ifndef CONFIG_XFS_SUPPORT_V4 > + /* V4 support is undergoing deprecation. */ > + if (!xfs_sb_version_hascrc(sbp)) { > + if (loud) > + xfs_warn(mp, > + "Deprecated V4 format (crc=0) not supported by kernel."); > + error = -EINVAL; > + goto release_buf; > + } > +#endif > + Should we not have a (oneshot?) warning for systems that choose to continue to support and use v4 filesystems? ISTM that's the best way to ensure there's feedback on this change earlier rather than later, or otherwise encourage such users to reformat with v5 at the next available opportunity... BTW, any reason this is in xfs_readsb() vs. xfs_fc_fill_super() where we have various other version/feature checks and warnings? Brian > /* > * We must be able to do sector-sized and sector-aligned IO. > */ >
On Fri, Sep 11, 2020 at 07:31:58AM -0400, Brian Foster wrote: > On Thu, Sep 10, 2020 at 03:48:42PM -0700, Darrick J. Wong wrote: > > From: Darrick J. Wong <darrick.wong@oracle.com> > > > > The V4 filesystem format contains known weaknesses in the on-disk format > > that make metadata verification diffiult. In addition, the format will > > does not support dates past 2038 and will not be upgraded to do so. > > Therefore, we should start the process of retiring the old format to > > close off attack surfaces and to encourage users to migrate onto V5. > > > > Therefore, make XFS V4 support a configurable option. For the first > > period it will be default Y in case some distributors want to withdraw > > support early; for the second period it will be default N so that anyone > > who wishes to continue support can do so; and after that, support will > > be removed from the kernel. > > > > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> > > --- > > v2: define what is a V4 filesystem, update the administrator guide > > --- > > Seems reasonable to me... > > > Documentation/admin-guide/xfs.rst | 20 ++++++++++++++++++++ > > fs/xfs/Kconfig | 23 +++++++++++++++++++++++ > > fs/xfs/xfs_mount.c | 11 +++++++++++ > > 3 files changed, 54 insertions(+) > > > > diff --git a/Documentation/admin-guide/xfs.rst b/Documentation/admin-guide/xfs.rst > > index f461d6c33534..68d69733a1df 100644 > > --- a/Documentation/admin-guide/xfs.rst > > +++ b/Documentation/admin-guide/xfs.rst > > @@ -210,6 +210,25 @@ When mounting an XFS filesystem, the following options are accepted. > > inconsistent namespace presentation during or after a > > failover event. > > > > +Deprecation of V4 Format > > +======================== > > + > > +The V4 filesystem format lacks certain features that are supported by > > +the V5 format, such as metadata checksumming, strengthened metadata > > +verification, and the ability to store timestamps past the year 2038. > > +Because of this, the V4 format is deprecated. All users should upgrade > > +by backing up their files, reformatting, and restoring from the backup. > > + > > +Administrators and users can detect a V4 filesystem by running xfs_info > > +against a filesystem mountpoint and checking for a string beginning with > > +"crc=". If the string "crc=0" is found, or no "crc=" string is found, > > +the filesystem is a V4 filesystem. > > + > > +The deprecation will take place in two parts. Support for mounting V4 > > +filesystems can now be disabled at kernel build time via Kconfig option. > > +The option will default to yes until September 2025, at which time it > > +will be changed to default to no. In September 2030, support will be > > +removed from the codebase entirely. > > > > Deprecated Mount Options > > ======================== > > @@ -217,6 +236,7 @@ Deprecated Mount Options > > =========================== ================ > > Name Removal Schedule > > =========================== ================ > > +Mounting with V4 filesystem September 2030 > > =========================== ================ > > > > > > diff --git a/fs/xfs/Kconfig b/fs/xfs/Kconfig > > index e685299eb3d2..5970d0f77db9 100644 > > --- a/fs/xfs/Kconfig > > +++ b/fs/xfs/Kconfig > > @@ -22,6 +22,29 @@ config XFS_FS > > system of your root partition is compiled as a module, you'll need > > to use an initial ramdisk (initrd) to boot. > > > > +config XFS_SUPPORT_V4 > > + bool "Support deprecated V4 (crc=0) format" > > + default y > > + help > > + The V4 filesystem format lacks certain features that are supported > > + by the V5 format, such as metadata checksumming, strengthened > > + metadata verification, and the ability to store timestamps past the > > + year 2038. Because of this, the V4 format is deprecated. All users > > + should upgrade by backing up their files, reformatting, and restoring > > + from the backup. > > + > > + Administrators and users can detect a V4 filesystem by running > > + xfs_info against a filesystem mountpoint and checking for a string > > + beginning with "crc=". If the string "crc=0" is found, or no "crc=" > > + string is found, the filesystem is a V4 filesystem. > > + > > + This option will become default N in September 2025. Support for the > > + V4 format will be removed entirely in September 2030. Distributors > > + can say N here to withdraw support earlier. > > + > > + To continue supporting the old V4 format (crc=0), say Y. > > + To close off an attack surface, say N. > > + > > config XFS_QUOTA > > bool "XFS Quota support" > > depends on XFS_FS > > diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c > > index ed69c4bfda71..3678dfeecd64 100644 > > --- a/fs/xfs/xfs_mount.c > > +++ b/fs/xfs/xfs_mount.c > > @@ -315,6 +315,17 @@ xfs_readsb( > > goto release_buf; > > } > > > > +#ifndef CONFIG_XFS_SUPPORT_V4 > > + /* V4 support is undergoing deprecation. */ > > + if (!xfs_sb_version_hascrc(sbp)) { > > + if (loud) > > + xfs_warn(mp, > > + "Deprecated V4 format (crc=0) not supported by kernel."); > > + error = -EINVAL; > > + goto release_buf; > > + } > > +#endif > > + > > Should we not have a (oneshot?) warning for systems that choose to > continue to support and use v4 filesystems? ISTM that's the best way to > ensure there's feedback on this change earlier rather than later, or > otherwise encourage such users to reformat with v5 at the next available > opportunity... hm, yes. > BTW, any reason this is in xfs_readsb() vs. xfs_fc_fill_super() where we > have various other version/feature checks and warnings? no particular reason. i like the idea of moving this chunk over there. --d > Brian > > > /* > > * We must be able to do sector-sized and sector-aligned IO. > > */ > > >
diff --git a/Documentation/admin-guide/xfs.rst b/Documentation/admin-guide/xfs.rst index f461d6c33534..68d69733a1df 100644 --- a/Documentation/admin-guide/xfs.rst +++ b/Documentation/admin-guide/xfs.rst @@ -210,6 +210,25 @@ When mounting an XFS filesystem, the following options are accepted. inconsistent namespace presentation during or after a failover event. +Deprecation of V4 Format +======================== + +The V4 filesystem format lacks certain features that are supported by +the V5 format, such as metadata checksumming, strengthened metadata +verification, and the ability to store timestamps past the year 2038. +Because of this, the V4 format is deprecated. All users should upgrade +by backing up their files, reformatting, and restoring from the backup. + +Administrators and users can detect a V4 filesystem by running xfs_info +against a filesystem mountpoint and checking for a string beginning with +"crc=". If the string "crc=0" is found, or no "crc=" string is found, +the filesystem is a V4 filesystem. + +The deprecation will take place in two parts. Support for mounting V4 +filesystems can now be disabled at kernel build time via Kconfig option. +The option will default to yes until September 2025, at which time it +will be changed to default to no. In September 2030, support will be +removed from the codebase entirely. Deprecated Mount Options ======================== @@ -217,6 +236,7 @@ Deprecated Mount Options =========================== ================ Name Removal Schedule =========================== ================ +Mounting with V4 filesystem September 2030 =========================== ================ diff --git a/fs/xfs/Kconfig b/fs/xfs/Kconfig index e685299eb3d2..5970d0f77db9 100644 --- a/fs/xfs/Kconfig +++ b/fs/xfs/Kconfig @@ -22,6 +22,29 @@ config XFS_FS system of your root partition is compiled as a module, you'll need to use an initial ramdisk (initrd) to boot. +config XFS_SUPPORT_V4 + bool "Support deprecated V4 (crc=0) format" + default y + help + The V4 filesystem format lacks certain features that are supported + by the V5 format, such as metadata checksumming, strengthened + metadata verification, and the ability to store timestamps past the + year 2038. Because of this, the V4 format is deprecated. All users + should upgrade by backing up their files, reformatting, and restoring + from the backup. + + Administrators and users can detect a V4 filesystem by running + xfs_info against a filesystem mountpoint and checking for a string + beginning with "crc=". If the string "crc=0" is found, or no "crc=" + string is found, the filesystem is a V4 filesystem. + + This option will become default N in September 2025. Support for the + V4 format will be removed entirely in September 2030. Distributors + can say N here to withdraw support earlier. + + To continue supporting the old V4 format (crc=0), say Y. + To close off an attack surface, say N. + config XFS_QUOTA bool "XFS Quota support" depends on XFS_FS diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c index ed69c4bfda71..3678dfeecd64 100644 --- a/fs/xfs/xfs_mount.c +++ b/fs/xfs/xfs_mount.c @@ -315,6 +315,17 @@ xfs_readsb( goto release_buf; } +#ifndef CONFIG_XFS_SUPPORT_V4 + /* V4 support is undergoing deprecation. */ + if (!xfs_sb_version_hascrc(sbp)) { + if (loud) + xfs_warn(mp, + "Deprecated V4 format (crc=0) not supported by kernel."); + error = -EINVAL; + goto release_buf; + } +#endif + /* * We must be able to do sector-sized and sector-aligned IO. */