| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Nov 2010 09:33:29 -0500 From: Theodore Tso <tytso@....EDU> To: Dave Chinner <david@...morbit.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Jens Axboe <axboe@...nel.dk>, dave b <db.pub.mail@...il.com>, Sanjoy Mahajan <sanjoy@...n.edu>, Jesper Juhl <jj@...osbits.net>, Chris Mason <chris.mason@...cle.com>, Ingo Molnar <mingo@...e.hu>, Pekka Enberg <penberg@...nel.org>, Aidar Kultayev <the.aidar@...il.com>, linux-kernel@...r.kernel.org, linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Nick Piggin <npiggin@...e.de>, Arjan van de Ven <arjan@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, Corrado Zoccolo <czoccolo@...il.com>, Shaohua Li <shaohua.li@...el.com>, Steven Barrett <damentz@...il.com> Subject: Re: 2.6.36 io bring the system to its knees On Nov 9, 2010, at 8:32 PM, Dave Chinner wrote: > Don't forget to mention data=writeback is not the default because if > your system crashes or you lose power running in this mode it will > *CORRUPT YOUR FILESYSTEM* and you *WILL LOSE DATA*. Not to mention > the significant security issues (e.g stale data exposure) that also > occur even if the filesystem is not corrupted by the crash. IOWs, > data=writeback is the "fast but I'll eat your data" option for ext3. This is strictly speaking not true. Using data=writeback will not cause you to lose any data --- at least, not any more than you would without the feature. If you have applications that write files in an unsafe way, that data is going to be lost, one way or another. (i.e., with XFS in a similar situation you'll get a zero-length file) The difference is that in the case of a system crash, there may be unwritten data revealed if you use data=writeback. This could be a security exposure, especially if you are using your system in as time-sharing system, and where you see the contents of deleted files belonging to another user. So it is not an "eat your data" situation, but rather, a "possibly expose old data". Whether or not you care on a single-user workstation situation, is an individual judgement call. There's been a lot of controversy about this. The chance that this occurs using data=writeback in ext4 is much less, BTW, because with delayed allocation we delay updating the inode until right before we write the block. I have a plan for changing things so that we write the data blocks *first* and then update the metadata blocks second, which will mean that ext4 data=ordered will go away entirely, and we'll get both the safety and as well as avoiding the forced data page writeouts during journal commits. -- Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists