Re: Do no harm: Data loss from new (bookworm2trixie) discard=async default

To: Nicholas D Steeves <sten@debian.org>, debian-boot@lists.debian.org, debian-kernel@lists.debian.org
Subject: Re: Do no harm: Data loss from new (bookworm2trixie) discard=async default
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
Date: Sun, 11 May 2025 14:55:33 +0200
Message-id: <[🔎] c225627f-624d-44ef-803c-17e6cb1e02de@plouf.fr.eu.org>
In-reply-to: <[🔎] 87v7q8ibl5.fsf@navis.mail-host-address-is-not-set>
References: <[🔎] 87v7q8ibl5.fsf@navis.mail-host-address-is-not-set>

On 10/05/2025 at 20:07, Nicholas D Steeves wrote:


An ultra-brief history: many SSDs including various Samsungs, and if I
remember correctly many drives with old SandForce controllers have
broken discard=async.

Correct me if I am wrong, but my understanding is that these SSDs have abroken *queued TRIM* feature. discard=sync and discard=async are btrfsfeatures and both use queued TRIM if supported by the SSD (and notblackisted by the kernel) or non-queued TRIM otherwise.

Linux-6.2 started enabling discard=async by default (at least for
btrfs),

To be clear for everyone: without an explicit discard mount option, thedefault for btrfs is now to enable discard in asynchronous mode(discard=async) instead of disabling discard (nodiscard). Explicit"discard" still enables discard in synchronous mode, (discard=sync).Explicit "nodiscard" is now needed to disable discard.

and deductively this appears to necessarily harm many users of
at least pre2011-to-2014 SSDs.  Does Linux-6.12.x, for trixie, have
sufficient quirk coverage to make the new default safe, and fall to back
to discard=sync for affected hardware?  Alternatively, has our kernel
been patched to maintain bookworm's 6.2.x behaviour of discard=sync?

As I understand it, it is not the asynchronous mode which may cause dataloss with non-blacklisted broken TRIM but rather the discard option as awhole.

Security conscious users maintain that it presents a security risk when
a filesystem issues discards to the underlying LUKS layer.  Are we going
to start doing this by default for trixie, or are we still going to
block it at the dm-crypt layer?

The Debian installer already enables discard by default on encrypteddevices since buster. The "discard" option is available for mostfilesystem types which support it (btrfs, ext4, FAT, HFS+, XFS) but isnot enabled by default. JFS supports it since Linux 3.7 but this is notmentioned in mount(8). It is not available for swap.

The Calamares installer may have different defaults. The packagecalamares-settings-debian has a file /etc/calamares/modules/fstab.confwhich contains:


ssdExtraMountOptions:
    ext4: discard
    jfs: discard
    xfs: discard
    swap: discard
    btrfs: discard,compress=lzo

Also the fstrim systemd service is enabled and triggered once a week bydefault. Is it safer than online discard with broken TRIM ? If yes, cananyone explain why ?

Reply to:

References:
- Do no harm: Data loss from new (bookworm2trixie) discard=async default
  - From: Nicholas D Steeves <sten@debian.org>

Prev by Date: Bug#1105000: installation-reports: Install media device disappears during install, reappears unmounted, failing install
Next by Date: Bug#1105000: installation-reports: Install media device disappears during install, reappears unmounted, failing install
Previous by thread: Do no harm: Data loss from new (bookworm2trixie) discard=async default
Next by thread: reassign 1105085 to installation-reports
Index(es):
- Date
- Thread