| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100302093431.GB5106@lst.de> Date: Tue, 2 Mar 2010 10:34:31 +0100 From: Christoph Hellwig <hch@....de> To: Jan Kara <jack@...e.cz> Cc: Dmitry Monakhov <dmonakhov@...nvz.org>, Camille Moncelier <pix@...life.org>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, ext4 development <linux-ext4@...r.kernel.org>, hch@....de, viro@...iv.linux.org.uk Subject: Re: [ext3] Changes to block device after an ext3 mount point has been remounted readonly On Wed, Feb 24, 2010 at 05:56:46PM +0100, Jan Kara wrote: > OK, I see that in theory a process can open file for writing after > fs_may_remount_ro() before MS_RDONLY flag gets set. That could be really > nasty. Not just in theory, but also in practice. We can easily hit this under load with XFS. > But by no means we should solve this VFS problem by spilling error > messages from the filesystem. Exactly. > Al, Christoph, do I miss something or there is really nothing which > prevents a process from opening a file after the fs_may_remount_ro() check > in do_remount_sb()? No, there is nothing. We really do need a multi-stage remount read-only process: 1) stop any writes from userland, that is opening new files writeable 2) stop any periodic writeback from the VM or filesystem-internal 3) write out all filesystem data and metadata 4) mark the filesystem fully read-only -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists