btrfs-progs: receive: retry encoded_write on EPERM

Message ID	8c2e537199608a446d5f97ea0dda319d2b9c0dad.1719937610.git.boris@bur.io (mailing list archive)
State	New
Headers	show Received: from fhigh7-smtp.messagingengine.com (fhigh7-smtp.messagingengine.com [103.168.172.158]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 21FF41BC06B for <linux-btrfs@vger.kernel.org>; Tue, 2 Jul 2024 16:28:31 +0000 (UTC) Feedback-ID: i083147f8:Fastmail From: Boris Burkov <boris@bur.io> To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH] btrfs-progs: receive: retry encoded_write on EPERM Date: Tue, 2 Jul 2024 09:27:49 -0700 Message-ID: <8c2e537199608a446d5f97ea0dda319d2b9c0dad.1719937610.git.boris@bur.io> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	btrfs-progs: receive: retry encoded_write on EPERM \| expand btrfs-progs: receive: retry encoded_write on EPERM

Message ID

8c2e537199608a446d5f97ea0dda319d2b9c0dad.1719937610.git.boris@bur.io (mailing list archive)

State

New

Headers

Feedback-ID: i083147f8:Fastmail
From: Boris Burkov <boris@bur.io>
To: linux-btrfs@vger.kernel.org,
	kernel-team@fb.com
Subject: [PATCH] btrfs-progs: receive: retry encoded_write on EPERM
Date: Tue,  2 Jul 2024 09:27:49 -0700
Message-ID: 
 <8c2e537199608a446d5f97ea0dda319d2b9c0dad.1719937610.git.boris@bur.io>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

btrfs-progs: receive: retry encoded_write on EPERM | expand

Commit Message

Boris Burkov July 2, 2024, 4:27 p.m. UTC

encoded_write fails if we run without CAP_SYS_ADMIN, but the decompress
and write fallback could succeed if we are running with write
permissions on the file. Therefore, it is helpful to fall back on EPERM
as well. While this will increase the "silent failure" rate of encoded
writes, we do have the verbose log in place to debug that while setting
up a receive workflow that expects encoded_write.

Signed-off-by: Boris Burkov <boris@bur.io>
---
 cmds/receive.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Josef Bacik July 2, 2024, 5:12 p.m. UTC | #1

On Tue, Jul 02, 2024 at 09:27:49AM -0700, Boris Burkov wrote:
> encoded_write fails if we run without CAP_SYS_ADMIN, but the decompress
> and write fallback could succeed if we are running with write
> permissions on the file. Therefore, it is helpful to fall back on EPERM
> as well. While this will increase the "silent failure" rate of encoded
> writes, we do have the verbose log in place to debug that while setting
> up a receive workflow that expects encoded_write.
> 
> Signed-off-by: Boris Burkov <boris@bur.io>

Reviewed-by: Josef Bacik <josef@toxicpanda.com>

Thanks,

Josef

Qu Wenruo July 3, 2024, 7:28 a.m. UTC | #2

在 2024/7/3 01:57, Boris Burkov 写道:
> encoded_write fails if we run without CAP_SYS_ADMIN, but the decompress
> and write fallback could succeed if we are running with write
> permissions on the file. Therefore, it is helpful to fall back on EPERM
> as well. While this will increase the "silent failure" rate of encoded
> writes, we do have the verbose log in place to debug that while setting
> up a receive workflow that expects encoded_write.
>
> Signed-off-by: Boris Burkov <boris@bur.io>

Reviewed-by: Qu Wenruo <wqu@suse.com>

Thanks,
Qu

> ---
>   cmds/receive.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/cmds/receive.c b/cmds/receive.c
> index 412bc8afe..9101e8ccf 100644
> --- a/cmds/receive.c
> +++ b/cmds/receive.c
> @@ -1285,7 +1285,8 @@ static int process_encoded_write(const char *path, const void *data, u64 offset,
>   		if (ret >= 0)
>   			return 0;
>   		/* Fall back for these errors, fail hard for anything else. */
> -		if (errno != ENOSPC && errno != ENOTTY && errno != EINVAL) {
> +		if (errno != ENOSPC && errno != ENOTTY &&
> +		    errno != EINVAL && errno != EPERM) {
>   			ret = -errno;
>   			error("encoded_write: writing to %s failed: %m", path);
>   			return ret;

David Sterba July 3, 2024, 11:20 p.m. UTC | #3

On Tue, Jul 02, 2024 at 09:27:49AM -0700, Boris Burkov wrote:
> encoded_write fails if we run without CAP_SYS_ADMIN, but the decompress
> and write fallback could succeed if we are running with write
> permissions on the file. Therefore, it is helpful to fall back on EPERM
> as well. While this will increase the "silent failure" rate of encoded
> writes, we do have the verbose log in place to debug that while setting
> up a receive workflow that expects encoded_write.

I'm not sure this is good to have the fallback by default. There's
option --force-decompress so it needs to be user's choice to avoid
encoded writes. Otherwise if I have a stream with encoded data and
receive it I expect to be as close to the original as possible.

Once there's encryption implemented the fallback will interfere with
availability of the key.

The problem with automatic fallback is that it cannot be disabled and it
does not fail so user can't know that it's been silenly not encoded
written.

Whether a steram contains an encoded write cannot be known upfront, I
think we should add more options how to handle the encoded write.
Modes like 'always', 'fallback'.

The code change itself is simple, this is about defining the expected
use cases.

diff --git a/cmds/receive.c b/cmds/receive.c
index 412bc8afe..9101e8ccf 100644
--- a/cmds/receive.c
+++ b/cmds/receive.c
@@ -1285,7 +1285,8 @@  static int process_encoded_write(const char *path, const void *data, u64 offset,
 		if (ret >= 0)
 			return 0;
 		/* Fall back for these errors, fail hard for anything else. */
-		if (errno != ENOSPC && errno != ENOTTY && errno != EINVAL) {
+		if (errno != ENOSPC && errno != ENOTTY &&
+		    errno != EINVAL && errno != EPERM) {
 			ret = -errno;
 			error("encoded_write: writing to %s failed: %m", path);
 			return ret;

btrfs-progs: receive: retry encoded_write on EPERM

Commit Message

Comments

Patch