From owner-freebsd-geom@FreeBSD.ORG Sun Mar 8 23:05:38 2015 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B9F877C9 for ; Sun, 8 Mar 2015 23:05:38 +0000 (UTC) Received: from mail-we0-f177.google.com (mail-we0-f177.google.com [74.125.82.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5A3993CE for ; Sun, 8 Mar 2015 23:05:38 +0000 (UTC) Received: by wesp10 with SMTP id p10so1766255wes.11 for ; Sun, 08 Mar 2015 16:05:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=PRqGr8ut+2YDujD4tQlP8KRaGrKNzcNOqbOeMzeuzWY=; b=BQayhikh2GoaACFJ5PGqkQiO7AW+phc/c58UDQG9EZ/S+UNta9E446WAS3asnVnHrn KySG0YmvMerDcQoF11lA+jE+ItD4KgFCxsTsMfODSSrNijwopINBObBdbAoM4l9wGyA8 IwdXrqKhq1vuGOOBP7i9rIFQOIj+uQSOak97LjvC0cPalcv5SlvwU2BtqxbluI7pc9YC zpfBv1wt0UO3Otsto3243AqVtT6LLnLQ+29OYbpQkCugGLNgBsXLBrnginDK1vDMfOP8 Gx957FGalQTkr8eVO+zDBwLrLmNUQS6ikibcVlHpY192CHHIyCdTmJYvdsxipDB9HRU9 0F6A== X-Gm-Message-State: ALoCoQnvb4EQduCVAwSWAfgXzv4qfrBEaU8L8zbj4iXxAgciNbxuZk2UY0XQAIiPEwnB18nrorEv X-Received: by 10.180.184.230 with SMTP id ex6mr53718486wic.73.1425855936952; Sun, 08 Mar 2015 16:05:36 -0700 (PDT) Received: from [10.10.1.68] (82-69-141-170.dsl.in-addr.zen.co.uk. [82.69.141.170]) by mx.google.com with ESMTPSA id jy7sm44800703wid.22.2015.03.08.16.05.35 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Mar 2015 16:05:36 -0700 (PDT) Message-ID: <54FCD5B9.3090101@multiplay.co.uk> Date: Sun, 08 Mar 2015 23:05:29 +0000 From: Steven Hartland User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: "Matthew D. Fuller" Subject: Re: RFC: Pass TRIM through GELI References: <20150308000131.GP1742@over-yonder.net> <54FC4E99.4080202@multiplay.co.uk> <20150308223552.GR1742@over-yonder.net> <54FCCFC3.4000007@multiplay.co.uk> <20150308225046.GS1742@over-yonder.net> In-Reply-To: <20150308225046.GS1742@over-yonder.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-geom@freebsd.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2015 23:05:38 -0000 On 08/03/2015 22:50, Matthew D. Fuller wrote: > On Sun, Mar 08, 2015 at 10:40:03PM +0000 I heard the voice of > Steven Hartland, and lo! it spake thus: >> Given GEIL is all about security translating the delete to a noop >> results in a pretty serious security issue I would say as it will >> leave data which he user intended to be removed present on the >> device. > But we're not translating it to anything; we're just passing it along. > Certainly in my testing (Virtualbox-provided ada0, which doesn't TRIM, > and md(4), which does) ufs and zfs seem to get the message just fine. > If a poorly-behaved filesystem ignores the "I don't support that" > message from our provider (SSD, hard drive, md(4), whatever), wouldn't > it ignore us just the same? IIRC ufs doesn't support TRIM by default, it needs to be manually enabled. ZFS deals with the case and only enables TRIM on devices that enable it, by detecting the not supported error and disabling it for said devices. GELI is kind of different though given is use, I'm sure users of it would expect delete to leave no trace of the data which was there, which is what I was under the impression it does, correct me if I'm wrong? If that assumption is correct the altering is to do nothing if the underlying device doesn't support delete would be a concern. Regards Steve