| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Apr 2015 11:06:00 -0400 From: Theodore Ts'o <tytso@....edu> To: Joseph Qi <joseph.qi@...wei.com> Cc: linux-ext4@...r.kernel.org Subject: Re: Issue in ext4 rename On Fri, Apr 03, 2015 at 05:57:25PM +0800, Joseph Qi wrote: > Hi Ted, > Thanks very much for your quick and detailed reply. > Yes, currently it will behave as RO, or PANIC or CONT based on the > mounted options. > You suggested a way to make sure the allocation cannot fail. > I am wondering if we can omit this handle when commit, for example, > introducing a way that invalids the handle in jbd2. Not really, because we've already started modifying data structures at this point; hence my comment that in order to do this we would have to implement a fairly heavyweight transaction rollback scheme. For eample, we could make every single ext4_journal_get_write_access() allocate a 4k page to store a copy of the 4k buffer we were about to modify, so in case some other ext4_journal_get_write_access() failed, we could roll back the handle. But that inceases the amount of memory required for each transaction by an order of magnitude --- and worse, what if some other handle needs to modify the same block? We couldn't let that handle proceed until the first handle was stopped. So we would trash performance *and* use more memory, making memory allocation and memory pressures worse. In other words, the cure is worse than the disease; much worse. Best regards, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists