| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Aug 2009 12:48:36 +0900
From: Hidehiro Kawai <hidehiro.kawai.ez@...achi.com>
To: Wu Fengguang <fengguang.wu@...el.com>
Cc: Andi Kleen <andi@...stfloor.org>, "tytso@....edu" <tytso@....edu>,
"hch@...radead.org" <hch@...radead.org>,
"mfasheh@...e.com" <mfasheh@...e.com>,
"aia21@...tab.net" <aia21@...tab.net>,
"hugh.dickins@...cali.co.uk" <hugh.dickins@...cali.co.uk>,
"swhiteho@...hat.com" <swhiteho@...hat.com>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
"npiggin@...e.de" <npiggin@...e.de>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
Satoshi OSHIMA <satoshi.oshima.fk@...achi.com>,
Taketoshi Sakuraba <taketoshi.sakuraba.hc@...achi.com>
Subject: Re: [PATCH] [16/19] HWPOISON: Enable .remove_error_page for migration
aware file systems
Wu Fengguang wrote:
>>However, we have a way to avoid this kind of data corruption at
>>least for ext3. If we mount an ext3 filesystem with data=ordered
>>and data_err=abort, all I/O errors on file data block belonging to
>>the committing transaction are checked. When I/O error is found,
>>abort journaling and remount the filesystem with read-only to
>>prevent further updates. This kind of feature is very important
>>for mission critical systems.
>
> Agreed. We also set PG_error, which should be enough to trigger such
> remount?
ext3 doesn't check PG_error. Maybe we need to do:
1. trylock_buffer()
2. if step 1. succeeds, then clear_buffer_dirty(),
clear_buffer_uptodate(), and set_buffer_write_io_error()
Note that we can't truncate the corrupted page until the error
check is done by kjournald.
>>If we merge this patch, we would face the data corruption problem
>>again.
>>
>>I think there are three options,
>>
>>(1) drop this patch
>>(2) merge this patch with new panic_on_dirty_page_cache_corruption
>> sysctl
>>(3) implement a more sophisticated error_remove_page function
>
> In fact we proposed a patch for preventing the re-corruption case, see
>
> http://lkml.org/lkml/2009/6/11/294
>
> However it is hard to answer the (policy) question "How sticky should
> the EIO bit remain?".
It's a good approach! This approach may also solve my concern,
the re-corruption issue caused by transient IO errors.
But I also think it needs a bit more consideration. For example,
if the application has the valid data in the user space buffer,
it would try to re-write it after detecting an IO error from the
previous write. In this case, we should clear the sticky error flag.
Thanks,
--
Hidehiro Kawai
Hitachi, Systems Development Laboratory
Linux Technology Center
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists