From nobody Tue Apr 5 13:17:53 2022 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A90591A9B570 for ; Tue, 5 Apr 2022 13:18:37 +0000 (UTC) (envelope-from darius@dons.net.au) Received: from midget.dons.net.au (2403-5800-5200-4700-225-90ff-fe47-39b4.ip6.aussiebb.net [IPv6:2403:5800:5200:4700:225:90ff:fe47:39b4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "dons.net.au", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KXpB26X4cz3qDN for ; Tue, 5 Apr 2022 13:18:33 +0000 (UTC) (envelope-from darius@dons.net.au) Received: from midget.dons.net.au (localhost [127.0.0.1]) by midget.dons.net.au (8.17.1/8.16.1) with ESMTPS id 235DI86a073998 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Tue, 5 Apr 2022 22:48:17 +0930 (ACST) (envelope-from darius@dons.net.au) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dons.net.au; s=default; t=1649164701; bh=p1dQ5vMYW5dfuJrR8rIeqVXvL3gi3jsEUX3Pn0YOR3E=; h=From:Date:Subject:To; b=tF+OCrNqm60sA649oyxQVq+2QfPaW21I01UQ4mkT4W4dAi1EXIymwygvDxmrcx0Rf 1rMXfwZgSBoRz3DW6ztxeli6CnuaC7J53EH0he9x9ljkjkvF+TOTKBC3qn3qMUaRbG 4ONEhGmVZzebCmwLHTvl4B8MYPrzHOlDsFQiei5I= Received: (from mailnull@localhost) by midget.dons.net.au (8.17.1/8.16.1/Submit) id 235DHs5M073988 for ; Tue, 5 Apr 2022 22:47:54 +0930 (ACST) (envelope-from darius@dons.net.au) X-MIMEDefang-Relay-0ce1a11234c790b6ab6410cd70c6fdb820520472: 2403:5800:5200:4700:911c:5511:b47e:d9d Received: from smtpclient.apple (2403-5800-5200-4700-911c-5511-b47e-d9d.ip6.aussiebb.net [2403:5800:5200:4700:911c:5511:b47e:d9d]) by 2403-5800-5200-4700-225-90ff-fe47-39b4.ip6.aussiebb.net (envelope-sender ) (MIMEDefang) with ESMTP id 235DHrYU073985; Tue, 05 Apr 2022 22:47:53 +0930 From: "Daniel O'Connor" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\)) Date: Tue, 5 Apr 2022 22:47:53 +0930 Subject: PEFS and advisory locking on ZFS Message-Id: <03F69985-51A4-4A35-801C-CFC7B40B766D@dons.net.au> To: freebsd-hackers X-Mailer: Apple Mail (2.3696.80.82.1.1) X-Spam-Score: 0.7 () No, score=0.7 required=5.0 tests=KHOP_HELO_FCRDNS, PDS_RDNS_DYNAMIC_FP,RDNS_DYNAMIC,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, T_SPF_PERMERROR autolearn=no autolearn_force=no version=3.4.5 X-Scanned-By: MIMEDefang 2.83 on 10.0.2.1 X-Rspamd-Queue-Id: 4KXpB26X4cz3qDN X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=dons.net.au header.s=default header.b=tF+OCrNq; dmarc=pass (policy=quarantine) header.from=dons.net.au; spf=pass (mx1.freebsd.org: domain of darius@dons.net.au designates 2403:5800:5200:4700:225:90ff:fe47:39b4 as permitted sender) smtp.mailfrom=darius@dons.net.au X-Spamd-Result: default: False [-3.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[dons.net.au:s=default]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[dons.net.au:+]; DMARC_POLICY_ALLOW(-0.50)[dons.net.au,quarantine]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+mx]; MLMMJ_DEST(0.00)[freebsd-hackers]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:4764, ipnet:2403:5800::/32, country:AU]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Hi, I maintain the PEFS port/project (https://github.com/freebsd-pefs/pefs/) = which is an encrypted file system which transparently runs on top of = other file systems. I've updated it to work OK however someone has discovered that if it's = running on top of ZFS then locking doesn't work, >1 process can own a = lock (as tested with lockf) It FreeBSD 13.1-RC1 (tested with releng/13.1-n250053-6fe29001573 GENERIC = arm64) - when testing on -current (14.0-CURRENT #1 main-3468cd95c) it = does work. I tried implemented VOP_ADVLOCK but it didn't help (not really = surprising but still). The test is pretty simple, if /testtank is ZFS, then: # Create crypto FS sudo mkdir -p /testtank/test/pefs echo test123 >keyfile sudo pefs addchain -fZj keyfile /testtank/test/pefs # Mount it and add the key sudo pefs mount /testtank/test/pefs /testtank/test/pefs sudo pefs addkey -cj keyhole /testtank/test/pefs # Test locking sudo lockf -k -t 0 /testtank/test/pefs/lock sleep 5 & sudo lockf -k -t 0 /testtank/test/pefs/lock echo foo When it's working the second lockf will print: lockf: /testtank/test/pefs/lock: already locked ZFS itself is fine, the lock test passes if PEFS isn't mounted, and on = the same version PEFS on UFS works fine also. I plan on bisecting it but if anyone has a suggestion I'm all ears. Thanks. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum