| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Mar 2009 16:51:50 +0000 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Matthew Garrett <mjg59@...f.ucam.org> Cc: Theodore Tso <tytso@....edu>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, David Rees <drees76@...il.com>, Jesper Krogh <jesper@...gh.cc>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: Linux 2.6.29 On Fri, 27 Mar 2009 16:28:41 +0000 Matthew Garrett <mjg59@...f.ucam.org> wrote: > On Fri, Mar 27, 2009 at 04:15:53PM +0000, Alan Cox wrote: > > > To be honest I don't see your problem. Surely well designed desktop > > applications are already all using nice error handling, out of space and > > fsync aware interfaces in the gnome library that do all the work for them > > - "so they don't have to check for errors". > > The context was situations like errors on close() not occuring unless > you've fsync()ed first. I don't think that error case is sufficiently > common to warrant the cost of an fsync() on every single close, > especially since doing so would cripple any application that ever tried > to run on ext3. The fsync if you need to see all errors on close case has been true since before V7 unix. Its the normal default behaviour on these systems so anyone who assumes otherwise is just broken. There is a limit to the extent the OS can clean up after completely broken user apps. Besides which a properly designed desktop clearly has a single interface of the form happened = write_file_reliably(filename|NULL, buffer, len, flags) happened = replace_file_reliably(filename|NULL, buffer, len, flags (eg KEEP_BACKUP)); which internally does all the error handling, reporting to user, offering to save elsewhere, ensuring that the user can switch app and make space and checking for media errors. It probably also has an asynchronous version you can bind event handlers to for completion, error, etc so that you can override the default handling but can't fail to provide something by default. That would be designing failure out of the system. IMHO the real solution to a lot of this actually got proposed earlier in the thread. Adding "fbarrier()" allows the expression of ordering without blocking and provides something new apps can use to get best performance. Old properly written apps continue to work and can be improved, and sloppy garbage continues to mostly work. The file system behaviour is constrained heavily by the hardware, which at this point is constrained by the laws of physics and the limits of materials. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists