| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1252613686.7006.5.camel@mingming-laptop> Date: Thu, 10 Sep 2009 13:14:46 -0700 From: Mingming <cmm@...ibm.com> To: Jan Kara <jack@...e.cz> Cc: Theodore Tso <tytso@....edu>, "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>, linux-ext4@...r.kernel.org Subject: Re: fsync on ext[34] working only by an accident On Thu, 2009-09-10 at 16:06 +0200, Jan Kara wrote: > On Thu 10-09-09 09:10:07, Theodore Tso wrote: > > On Thu, Sep 10, 2009 at 04:34:55PM +0530, Aneesh Kumar K.V wrote: > > > mark_buffer_dirty -> __set_page_dirty -> __mark_inode_dirty > > > > We need to be careful here. First of all, mark_buffer_dirty() on the > > code paths you are talking about is being passed a metadata buffer > > head. As such, has Jan has pointed out, the bh is part of the buffer > > cache, so the page->mapping of associated with bh->b_page is the inode > > of the block device --- *not* the ext4 inode. > > > > Secondly, __set_page_dirty calls __mark_inode_dirty passing in > > I_DIRTY_PAGES --- which should be a hint. What Jan is talking about > > is where we set the inode flags I_DIRTY_SYNC and I_DIRTY_DATASYNC: > > > > * I_DIRTY_SYNC Inode is dirty, but doesn't have to be written on > > * fdatasync(). i_atime is the usual cause. > > * I_DIRTY_DATASYNC Data-related inode changes pending. We keep track of > > * these changes separately from I_DIRTY_SYNC so that we > > * don't have to write inode on fdatasync() when only > > * mtime has changed in it. > > > > This is important because ext4_sync_file() (which is called by fsync() > > and fdatasync()) uses this logic to determine whether or not to call > > sync_inode(), which is what will force a commit when wbc.sync_mode is > > set to WB_SYNC_ALL. > Yes, this is exactly what I was trying to point out. > > > In fact, I think the problem is worse than Jan is pointing out, > > because it's not enough that vfs_fq_alloc_space() is calling > > mark_inode_dirty(), since that only sets I_DIRTY_SYNC. When we touch > > i_size or i_block[], we need to make sure that I_DIRTY_DATASYNC is > > set, so that fdatasync() will force a commit. > Actually no. mark_inode_dirty() dirties inode with I_DIRTY == > (I_DIRTY_SYNC | I_DIRTY_DATASYNC | I_DIRTY_PAGES) so it happens to work. > The fact that quota *could* dirty the inode with I_DIRTY_SYNC only > is right but that's a separate issue. > > > I think the right thing to do is to create an > > _ext[34]_mark_inode_dirty() which takes an extra argument, which > > controls whether or not we set I_DIRTY_SYNC or I_DIRTY_DATASYNC. In > > fact, most of the time, we want to be setting I_DIRTY_DATASYNC, so we > > should probably have ext[34]_mark_inode_dirty() call > > _ext[34]_mark_inode_dirty() with I_DIRTY_DATASYNC, and then create a > > ext[34]_mark_inode_nodatasync() version passes in I_DIRTY_SYNC. > > > > This will cause pdflush to call ext4_write_inode() more frequently, > > but pdflush calls write_inode with wait=0, and ext4_write_inode() is a > > no-op in that case. > Thinking about it, it won't work so easily. The problem is that when > pdflush decides to write the inode, it unconditionally clears dirty flags. > We could redirty the inode in write_inode() but that's IMHO too ugly to > bear it. I am a little confused here, so pdflush could found the dirty inodes (due to quota) but it doesn't force journal comminit and write the inode to disk? Mingming -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists