1.. SPDX-License-Identifier: GPL-2.0 2 3====================================== 4EROFS - Enhanced Read-Only File System 5====================================== 6 7Overview 8======== 9 10EROFS filesystem stands for Enhanced Read-Only File System. It aims to form a 11generic read-only filesystem solution for various read-only use cases instead 12of just focusing on storage space saving without considering any side effects 13of runtime performance. 14 15It is designed to meet the needs of flexibility, feature extendability and user 16payload friendly, etc. Apart from those, it is still kept as a simple 17random-access friendly high-performance filesystem to get rid of unneeded I/O 18amplification and memory-resident overhead compared to similar approaches. 19 20It is implemented to be a better choice for the following scenarios: 21 22 - read-only storage media or 23 24 - part of a fully trusted read-only solution, which means it needs to be 25 immutable and bit-for-bit identical to the official golden image for 26 their releases due to security or other considerations and 27 28 - hope to minimize extra storage space with guaranteed end-to-end performance 29 by using compact layout, transparent file compression and direct access, 30 especially for those embedded devices with limited memory and high-density 31 hosts with numerous containers. 32 33Here are the main features of EROFS: 34 35 - Little endian on-disk design; 36 37 - Block-based distribution and file-based distribution over fscache are 38 supported; 39 40 - Support multiple devices to refer to external blobs, which can be used 41 for container images; 42 43 - 4KiB block size and 32-bit block addresses for each device, therefore 44 16TiB address space at most for now; 45 46 - Two inode layouts for different requirements: 47 48 ===================== ============ ====================================== 49 compact (v1) extended (v2) 50 ===================== ============ ====================================== 51 Inode metadata size 32 bytes 64 bytes 52 Max file size 4 GiB 16 EiB (also limited by max. vol size) 53 Max uids/gids 65536 4294967296 54 Per-inode timestamp no yes (64 + 32-bit timestamp) 55 Max hardlinks 65536 4294967296 56 Metadata reserved 8 bytes 18 bytes 57 ===================== ============ ====================================== 58 59 - Support extended attributes as an option; 60 61 - Support POSIX.1e ACLs by using extended attributes; 62 63 - Support transparent data compression as an option: 64 LZ4 and MicroLZMA algorithms can be used on a per-file basis; In addition, 65 inplace decompression is also supported to avoid bounce compressed buffers 66 and page cache thrashing. 67 68 - Support chunk-based data deduplication and rolling-hash compressed data 69 deduplication; 70 71 - Support tailpacking inline compared to byte-addressed unaligned metadata 72 or smaller block size alternatives; 73 74 - Support merging tail-end data into a special inode as fragments. 75 76 - Support large folios for uncompressed files. 77 78 - Support direct I/O on uncompressed files to avoid double caching for loop 79 devices; 80 81 - Support FSDAX on uncompressed images for secure containers and ramdisks in 82 order to get rid of unnecessary page cache. 83 84 - Support file-based on-demand loading with the Fscache infrastructure. 85 86The following git tree provides the file system user-space tools under 87development, such as a formatting tool (mkfs.erofs), an on-disk consistency & 88compatibility checking tool (fsck.erofs), and a debugging tool (dump.erofs): 89 90- git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git 91 92Bugs and patches are welcome, please kindly help us and send to the following 93linux-erofs mailing list: 94 95- linux-erofs mailing list <linux-erofs@lists.ozlabs.org> 96 97Mount options 98============= 99 100=================== ========================================================= 101(no)user_xattr Setup Extended User Attributes. Note: xattr is enabled 102 by default if CONFIG_EROFS_FS_XATTR is selected. 103(no)acl Setup POSIX Access Control List. Note: acl is enabled 104 by default if CONFIG_EROFS_FS_POSIX_ACL is selected. 105cache_strategy=%s Select a strategy for cached decompression from now on: 106 107 ========== ============================================= 108 disabled In-place I/O decompression only; 109 readahead Cache the last incomplete compressed physical 110 cluster for further reading. It still does 111 in-place I/O decompression for the rest 112 compressed physical clusters; 113 readaround Cache the both ends of incomplete compressed 114 physical clusters for further reading. 115 It still does in-place I/O decompression 116 for the rest compressed physical clusters. 117 ========== ============================================= 118dax={always,never} Use direct access (no page cache). See 119 Documentation/filesystems/dax.rst. 120dax A legacy option which is an alias for ``dax=always``. 121device=%s Specify a path to an extra device to be used together. 122fsid=%s Specify a filesystem image ID for Fscache back-end. 123=================== ========================================================= 124 125Sysfs Entries 126============= 127 128Information about mounted erofs file systems can be found in /sys/fs/erofs. 129Each mounted filesystem will have a directory in /sys/fs/erofs based on its 130device name (i.e., /sys/fs/erofs/sda). 131(see also Documentation/ABI/testing/sysfs-fs-erofs) 132 133On-disk details 134=============== 135 136Summary 137------- 138Different from other read-only file systems, an EROFS volume is designed 139to be as simple as possible:: 140 141 |-> aligned with the block size 142 ____________________________________________________________ 143 | |SB| | ... | Metadata | ... | Data | Metadata | ... | Data | 144 |_|__|_|_____|__________|_____|______|__________|_____|______| 145 0 +1K 146 147All data areas should be aligned with the block size, but metadata areas 148may not. All metadatas can be now observed in two different spaces (views): 149 150 1. Inode metadata space 151 152 Each valid inode should be aligned with an inode slot, which is a fixed 153 value (32 bytes) and designed to be kept in line with compact inode size. 154 155 Each inode can be directly found with the following formula: 156 inode offset = meta_blkaddr * block_size + 32 * nid 157 158 :: 159 160 |-> aligned with 8B 161 |-> followed closely 162 + meta_blkaddr blocks |-> another slot 163 _____________________________________________________________________ 164 | ... | inode | xattrs | extents | data inline | ... | inode ... 165 |________|_______|(optional)|(optional)|__(optional)_|_____|__________ 166 |-> aligned with the inode slot size 167 . . 168 . . 169 . . 170 . . 171 . . 172 . . 173 .____________________________________________________|-> aligned with 4B 174 | xattr_ibody_header | shared xattrs | inline xattrs | 175 |____________________|_______________|_______________| 176 |-> 12 bytes <-|->x * 4 bytes<-| . 177 . . . 178 . . . 179 . . . 180 ._______________________________.______________________. 181 | id | id | id | id | ... | id | ent | ... | ent| ... | 182 |____|____|____|____|______|____|_____|_____|____|_____| 183 |-> aligned with 4B 184 |-> aligned with 4B 185 186 Inode could be 32 or 64 bytes, which can be distinguished from a common 187 field which all inode versions have -- i_format:: 188 189 __________________ __________________ 190 | i_format | | i_format | 191 |__________________| |__________________| 192 | ... | | ... | 193 | | | | 194 |__________________| 32 bytes | | 195 | | 196 |__________________| 64 bytes 197 198 Xattrs, extents, data inline are followed by the corresponding inode with 199 proper alignment, and they could be optional for different data mappings. 200 _currently_ total 5 data layouts are supported: 201 202 == ==================================================================== 203 0 flat file data without data inline (no extent); 204 1 fixed-sized output data compression (with non-compacted indexes); 205 2 flat file data with tail packing data inline (no extent); 206 3 fixed-sized output data compression (with compacted indexes, v5.3+); 207 4 chunk-based file (v5.15+). 208 == ==================================================================== 209 210 The size of the optional xattrs is indicated by i_xattr_count in inode 211 header. Large xattrs or xattrs shared by many different files can be 212 stored in shared xattrs metadata rather than inlined right after inode. 213 214 2. Shared xattrs metadata space 215 216 Shared xattrs space is similar to the above inode space, started with 217 a specific block indicated by xattr_blkaddr, organized one by one with 218 proper align. 219 220 Each share xattr can also be directly found by the following formula: 221 xattr offset = xattr_blkaddr * block_size + 4 * xattr_id 222 223:: 224 225 |-> aligned by 4 bytes 226 + xattr_blkaddr blocks |-> aligned with 4 bytes 227 _________________________________________________________________________ 228 | ... | xattr_entry | xattr data | ... | xattr_entry | xattr data ... 229 |________|_____________|_____________|_____|______________|_______________ 230 231Directories 232----------- 233All directories are now organized in a compact on-disk format. Note that 234each directory block is divided into index and name areas in order to support 235random file lookup, and all directory entries are _strictly_ recorded in 236alphabetical order in order to support improved prefix binary search 237algorithm (could refer to the related source code). 238 239:: 240 241 ___________________________ 242 / | 243 / ______________|________________ 244 / / | nameoff1 | nameoffN-1 245 ____________.______________._______________v________________v__________ 246 | dirent | dirent | ... | dirent | filename | filename | ... | filename | 247 |___.0___|____1___|_____|___N-1__|____0_____|____1_____|_____|___N-1____| 248 \ ^ 249 \ | * could have 250 \ | trailing '\0' 251 \________________________| nameoff0 252 Directory block 253 254Note that apart from the offset of the first filename, nameoff0 also indicates 255the total number of directory entries in this block since it is no need to 256introduce another on-disk field at all. 257 258Chunk-based files 259----------------- 260In order to support chunk-based data deduplication, a new inode data layout has 261been supported since Linux v5.15: Files are split in equal-sized data chunks 262with ``extents`` area of the inode metadata indicating how to get the chunk 263data: these can be simply as a 4-byte block address array or in the 8-byte 264chunk index form (see struct erofs_inode_chunk_index in erofs_fs.h for more 265details.) 266 267By the way, chunk-based files are all uncompressed for now. 268 269Data compression 270---------------- 271EROFS implements fixed-sized output compression which generates fixed-sized 272compressed data blocks from variable-sized input in contrast to other existing 273fixed-sized input solutions. Relatively higher compression ratios can be gotten 274by using fixed-sized output compression since nowadays popular data compression 275algorithms are mostly LZ77-based and such fixed-sized output approach can be 276benefited from the historical dictionary (aka. sliding window). 277 278In details, original (uncompressed) data is turned into several variable-sized 279extents and in the meanwhile, compressed into physical clusters (pclusters). 280In order to record each variable-sized extent, logical clusters (lclusters) are 281introduced as the basic unit of compress indexes to indicate whether a new 282extent is generated within the range (HEAD) or not (NONHEAD). Lclusters are now 283fixed in block size, as illustrated below:: 284 285 |<- variable-sized extent ->|<- VLE ->| 286 clusterofs clusterofs clusterofs 287 | | | 288 _________v_________________________________v_______________________v________ 289 ... | . | | . | | . ... 290 ____|____._________|______________|________.___ _|______________|__.________ 291 |-> lcluster <-|-> lcluster <-|-> lcluster <-|-> lcluster <-| 292 (HEAD) (NONHEAD) (HEAD) (NONHEAD) . 293 . CBLKCNT . . 294 . . . 295 . . . 296 _______._____________________________.______________._________________ 297 ... | | | | ... 298 _______|______________|______________|______________|_________________ 299 |-> big pcluster <-|-> pcluster <-| 300 301A physical cluster can be seen as a container of physical compressed blocks 302which contains compressed data. Previously, only lcluster-sized (4KB) pclusters 303were supported. After big pcluster feature is introduced (available since 304Linux v5.13), pcluster can be a multiple of lcluster size. 305 306For each HEAD lcluster, clusterofs is recorded to indicate where a new extent 307starts and blkaddr is used to seek the compressed data. For each NONHEAD 308lcluster, delta0 and delta1 are available instead of blkaddr to indicate the 309distance to its HEAD lcluster and the next HEAD lcluster. A PLAIN lcluster is 310also a HEAD lcluster except that its data is uncompressed. See the comments 311around "struct z_erofs_vle_decompressed_index" in erofs_fs.h for more details. 312 313If big pcluster is enabled, pcluster size in lclusters needs to be recorded as 314well. Let the delta0 of the first NONHEAD lcluster store the compressed block 315count with a special flag as a new called CBLKCNT NONHEAD lcluster. It's easy 316to understand its delta0 is constantly 1, as illustrated below:: 317 318 __________________________________________________________ 319 | HEAD | NONHEAD | NONHEAD | ... | NONHEAD | HEAD | HEAD | 320 |__:___|_(CBLKCNT)_|_________|_____|_________|__:___|____:_| 321 |<----- a big pcluster (with CBLKCNT) ------>|<-- -->| 322 a lcluster-sized pcluster (without CBLKCNT) ^ 323 324If another HEAD follows a HEAD lcluster, there is no room to record CBLKCNT, 325but it's easy to know the size of such pcluster is 1 lcluster as well. 326 327Since Linux v6.1, each pcluster can be used for multiple variable-sized extents, 328therefore it can be used for compressed data deduplication. 329