Btrfs for mere mortals: inode allocation

It’s known that btrfs behaves differently from other Linux filesystems. There are some fascinating aspects of how btrfs manages its internal structures and how common tools are not prepared to handle it. This goal of this post is to demystify why ext4 can report the number of available inodes while btrfs always reports 0: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 $ file ext4....

April 25, 2022 · 19 min · Marcos Paulo de Souza

Btrfs: Resolving the logical-resolve

Tools like fsck and smartctl are usually used when something bad happens on your disk. But, what if such tools have a problem and also need to be fixed? Well, that’s what we are going to see today. The command btrfs inspect-internal logical-resolve, as stated in a previous post, is useful when the btrfs filesystem reports a problem related to data consistency, for example: 1 2 [2349645.383479] BTRFS error (device sda): bdev /dev/sda errs: wr 0, rd 0, flush 0, corrupt 19, gen 0 [2349645....

February 27, 2021 · 4 min · Marcos Paulo de Souza

btrfs: Differentiating bind mounts on subvolumes

The btrfs inspect-internal logical-resolve command is used to find a file related to a logical-address. This can be useful when btrfs reports a corruption at an specific logical address, making it easy for the user to find the corrupted file. But, for all current users of openSUSE/SUSE Enterprise Linux, this command was failing as shown below: 1 2 btrfs inspect-internal logical-resolve 5085913088 / ERROR: cannot access '//@/home': No such file or directory An openSUSE/SLE installation would create a set of subvolumes, starting from /@....

February 16, 2021 · 6 min · Marcos Paulo de Souza

btrfs: making "send" more "capable"

The send/receive is a feature from btrfs where you can generate a stream of changes between two snapshots and then apply to any btrfs system, being a different disk on the host or over the network. The receive feature receives a stream of data, applying the it in the filesystem. As the stream can be a file, it’s easy even to transfer the output of send over the network and receive in the other side....

May 14, 2020 · 6 min · Marcos Paulo de Souza

New btrfs feature: Delete subvolumes using subvolume ids

Btrfs is a very versatile filesystem, and it has a lot of features that don’t exist in any other mainline Linux filesystem. One of the key features of btrfs is the concept of subvolumes. A subvolume can be compared to a disk partition since each subvolume can contain it’s own filesystem tree and size limits. When created, subvolumes are shown as directories in the directory they were created. Creating a subvolume is as easy as creating a directory:...

January 23, 2020 · 3 min · Marcos Paulo de Souza

Kernel Adventures: Enabling VPD Pages for USB Storage Devices in sysfs

After chasing the problem of rotational sysfs property of USB flash drives, I started to check another sysfs attributes of USB storage devices, and I noted two missing attributes: vpd_pg80 and vpd_pg83. As explained here, VPD pages contain data related to the device. In special, page 80 is Unit Serial Number (sn) and page 83 is Device Information (di), which are present in any SCSI device that complies with SPC-2 or later....

August 16, 2019 · 5 min · Marcos Paulo de Souza

Kernel Adventures: Are USB Sticks Rotational Devices?

A while ago I’ve found this kernel bug entry about USB mass storage being shown as a rotational device. This is wrong because a USB stick is a flash device, and does not rotate. About rotational devices Let’s take a minute to discuss about the evolution from disk to flash storage. Older storage devices, HDD in this example, were called Disk Storage because these devices recorded data into one or more rotating disks....

August 7, 2019 · 7 min · Marcos Paulo de Souza

NO_NEW_PRIVS: avoiding privilege escalation

Proposed in 2012, the NO_NEW_PRIVS flag made possible to any process to avoid privilege escalation when this behavior is not desired. After the flag is set, it persists across execve, clone and fork syscalls, and cannot be cleared. This can help you to avoid exploitation of vulnerable software, since the attacker will be running as an ordinary user. The NO_NEW_PRIVS flag is already beeng used by some projects that try to make the running environment more secure, specially container engines and sandbox applications....

May 22, 2018 · 3 min · Marcos Paulo de Souza