From owner-freebsd-fs@FreeBSD.ORG  Wed Mar  6 08:30:03 2013
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 5A431C33;
 Wed,  6 Mar 2013 08:30:03 +0000 (UTC) (envelope-from lev@FreeBSD.org)
Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru
 [IPv6:2a01:4f8:131:60a2::2])
 by mx1.freebsd.org (Postfix) with ESMTP id 1DCC99B8;
 Wed,  6 Mar 2013 08:30:03 +0000 (UTC)
Received: from lion.home.serebryakov.spb.ru (unknown
 [IPv6:2001:470:923f:1:9421:367:9d7d:512b])
 (Authenticated sender: lev@serebryakov.spb.ru)
 by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPA id 1DE504AC57;
 Wed,  6 Mar 2013 12:29:55 +0400 (MSK)
Date: Wed, 6 Mar 2013 12:29:52 +0400
From: Lev Serebryakov <lev@FreeBSD.org>
Organization: FreeBSD Project
X-Priority: 3 (Normal)
Message-ID: <92952324.20130306122952@serebryakov.spb.ru>
To: Don Lewis <truckman@FreeBSD.org>
Subject: Re: Panic in ffs_valloc (Was: Unexpected SU+J inconsistency AGAIN --
 please, don't shift topic to ZFS!)
In-Reply-To: <201303060823.r268NNor015235@gw.catspoiler.org>
References: <958644234.20130306105205@serebryakov.spb.ru>
 <201303060823.r268NNor015235@gw.catspoiler.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-5
Content-Transfer-Encoding: quoted-printable
Cc: mckusick@mckusick.com, freebsd-fs@FreeBSD.org
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: lev@FreeBSD.org
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2013 08:30:03 -0000

Hello, Don.
You wrote 6 =DC=D0=E0=E2=D0 2013 =D3., 12:23:23:

>> DL> When growing a file, the data *must* be written before writing the b=
lock
>> DL> pointer that points to it.  If this ordering isn't obeyed, then a sy=
stem
>> DL> crash that occurs between the block pointer write and the data write
>> DL> would result in the file containing whatever garbage was in the data
>> DL> block.  That garbage could be the confidential contents of some other
>> DL> user's previously deleted file.
>>  It  is why confidential data should be zeored-out before file deletion
>>  :)
DL> Performance when deleting multi-gigabyte, low-value files would kind of
DL> suck if we did that ...
 It  should  be  application-level decision. And user-level, really :)
 Yes,  I'm  paranoid,  and  delete  all  sensitive  data  with special
 software,  which  does  several  passes  of writing zeroes, ones and
 random garbage :)

--=20
// Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>