| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Feb 2007 18:07:41 -0600 From: Robert Hancock <hancockr@...w.ca> To: Tejun Heo <htejun@...il.com> Cc: linux-kernel <linux-kernel@...r.kernel.org>, linux-ide@...r.kernel.org, edmudama@...il.com, Nicolas.Mailhot@...oste.net Subject: Re: libata FUA revisited Tejun Heo wrote: >> On the NCQ side, I think it's pretty safe to assume that all >> controllers will handle it. Obviously I've verified it with sata_nv >> (at least that it doesn't blow up obviously), and the other two NCQ >> drivers we have, ahci and sata_sil24 just feed raw FIS data into the >> controller so there should be no issue with not supporting it. > > FWIW, ICH6/7/8 ahci's clear PMP field when transmitting FIS. The reason > why I'm hesitant is because there is no way to tell whether the FUA bit > got honored or ignored. With extra opcode, it's okay because barrier > explicitly fails but if NCQ FUA is not supported, it will succeed > silently as normal write. Everything will be okay generally but the > barrier is done incorrectly and on a really bad day it will lead to > journal corruption. Well, we should be able to determine that experimentally (at least on specific controllers) with a little test program that just writes little bits of data and fsyncs repeatedly (assuming that does in fact trigger FUAs currently..) If it runs faster than the drive could possibly be rewriting the physical disk then obviously the FUA bit is not getting through and/or not respected and we can blacklist FUA on that controller. Also, the FUA bit in the NCQ commands is in the device register, so it's not like the PMP fields where it's not used for anything else and so the controller messing with it wouldn't be otherwise noticed.. > > So, actually, I was thinking about *always* using the non-NCQ FUA > opcode. As currently implemented, FUA request is always issued by > itself, so NCQ doesn't make any difference there. So, I think it would > be better to turn on FUA on driver-by-driver basis whether the > controller supports NCQ or not. Unfortunately not all drives that support NCQ support the non-NCQ FUA commands (my Seagates are like this). There's definitely a potential advantage to FUA with NCQ - if you have non-synchronous accesses going on concurrently with synchronous ones, if you have to use non-NCQ FUA or flush cache commands, you have to wait for all the IOs of both types to drain out before you can issue the flush (since those can't be overlapped with the NCQ read/writes). And if you can only use flush cache, then you're forcing all the writes to be flushed including the non-synchronous ones you didn't care about. Whether or not the block layer currently exploits this I don't know, but it definitely could. > Well, I might be being too paranoid but silent FUA failure would be > really hard to diagnose if that ever happens (and I'm fairly certain > that it will on some firmwares). Well, there are also probably drives that ignore flush cache commands or fail to do other things that they should. There's only so far we can go in coping if the firmware authors are being retarded. If any drive is broken like that we should likely just blacklist NCQ on it entirely as obviously little thought or testing went into the implementation.. -- Robert Hancock Saskatoon, SK, Canada To email, remove "nospam" from hancockr@...pamshaw.ca Home Page: http://www.roberthancock.com/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists