common/cryptfs: Adapt integrity dev formatting #521
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k0ch4lo
force-pushed
the
cryptfs_zero_calloc
branch
3 times, most recently
from
c8d1d4f to
5dd1b9e
Compare
quitschbo
reviewed
Feb 19, 2025
k0ch4lo
force-pushed
the
cryptfs_zero_calloc
branch
2 times, most recently
from
a10403d to
f57ae88
Compare
MPeisl
reviewed
Feb 20, 2025
common/cryptfs.c
Outdated
| close(fd); | ||
|
|
||
| if (0 != cryptfs_write_zeros(crypto_blkdev, fs_size * 512)) { | ||
| WARN("Failed to format volume %s using calloc, falling back to sendfile", |
There was a problem hiding this comment.
change this from sendfile to file_copy. file_copy will also use its fallback, as /dev/zero is not support by sendfile ;)
There was a problem hiding this comment.
file_copy needs to be adapted for use with /dev/zero in future commits, switched to existing implementation as fallback
common/cryptfs.c
Outdated
| WARN("Failed to format volume %s using calloc, falling back to sendfile", | ||
| crypto_blkdev); | ||
|
|
||
| if (0 > file_copy("/dev/zero", crypto_blkdev, fs_size * 512, fs_size * 512, |
There was a problem hiding this comment.
this should be file_copy("/dev/zero", crypto_blkdev, count: fs_size, bs: 512, 0)
There was a problem hiding this comment.
see above, switched to existing implementation as fallback
common/cryptfs.c
Outdated
|
|
||
| if (0 > file_copy("/dev/zero", crypto_blkdev, fs_size * 512, fs_size * 512, | ||
| 0)) { | ||
| ERROR("Failed to format volume %s using sendfile", crypto_blkdev); |
quitschbo
reviewed
Feb 20, 2025
k0ch4lo
force-pushed
the
cryptfs_zero_calloc
branch
10 times, most recently
from
ed8fd88 to
21fb254
Compare
quitschbo
reviewed
Feb 24, 2025
daemon/main.c
Outdated
|
|
||
| if (!cmld_is_hostedmode_active()) { | ||
| SYNC_INFO() | ||
| } |
There was a problem hiding this comment.
provide an atexit() handler and put this
block into that wrapper. Otherwise, sync is done before all containers have been stopped
and not at termination of cmld. Additionally, remove all other SYNC_INFO in signal handlers and main().
There was a problem hiding this comment.
sounds good, switched to atexit
quitschbo
requested changes
Feb 24, 2025
scd/scd.c
Outdated
| @@ -80,6 +80,8 @@ scd_sigterm_cb(UNUSED int signum, UNUSED event_signal_t *sig, UNUSED void *data) | |||
| logf_unregister(scd_logfile_handler); | |||
| logf_file_close(scd_logfile_p); | |||
| } | |||
|
|
|||
| SYNC_INFO() | |||
There was a problem hiding this comment.
same as for cmld, just register an atexit handler
k0ch4lo
force-pushed
the
cryptfs_zero_calloc
branch
from
21fb254 to
48a1789
Compare
This commit leverages a buffer allocated via calloc's copy-on-write-based approach together with the fd_write implementation in common/fd.c implementation to increase the speed of initial formatting while not requiring a large amount of physical memory. Signed-off-by: Felix Wruck <[email protected]>
This commit adds an attempt to sync fds after write operatins via fsync. As fsync is not possible on all file types, e.g. on procfs pseudo files, failed attempts to rsync are not treated as error. Signed-off-by: Felix Wruck <[email protected]>
This commit adapts the the fd_write function in common/fd.{.c,.h} to use ssize_t
consistently for input parameters and the return value to prevent overflows.
Signed-off-by: Felix Wruck <[email protected]>
k0ch4lo
force-pushed
the
cryptfs_zero_calloc
branch
3 times, most recently
from
70a1970 to
59c0a79
Compare
This commit syncs file systems before the cmld exists to ensure all pending file system operations are properly completed. Signed-off-by: Felix Wruck <[email protected]>
This commit syncs file systems before the cmld exists to ensure all pending file system operations are properly completed. Signed-off-by: Felix Wruck <[email protected]>
This commit adds proper checks for the return value of fsync. Signed-off-by: Felix Wruck <[email protected]>
k0ch4lo
force-pushed
the
cryptfs_zero_calloc
branch
from
59c0a79 to
6ec974a
Compare
quitschbo
approved these changes
Feb 25, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR leverages a buffer allocated via calloc's copy-on-write-based approach together with the fd_write implementation in common/fd.c implementation to increase the speed of initial formatting while not requiring a large amount of physical memory.