| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110125114656.GB4088@quack.suse.cz> Date: Tue, 25 Jan 2011 12:46:56 +0100 From: Jan Kara <jack@...e.cz> To: Andreas Dilger <adilger.kernel@...ger.ca> Cc: Jan Kara <jack@...e.cz>, Joel Becker <jlbec@...lplan.org>, Ted Ts'o <tytso@....edu>, Manish Katiyar <mkatiyar@...il.com>, ext4 <linux-ext4@...r.kernel.org> Subject: Re: [PATCH 1/3] jbd2 : Make jbd2 transaction handle allocation to return errors and handle them gracefully. On Mon 24-01-11 18:06:24, Andreas Dilger wrote: > > jbd2_journal_start can always fail e.g. because the journal is aborted. > > So it really just means no memory failures... > > > >>> The tradeoff is that long-term, the code is more readable (as opposed > >>> to having people look up what a random "true" or "false" value means). > >>> But short-term, while it will make the patch smaller, it also makes > >>> the patch harder audit, since we need to look at all of the places > >>> where we _haven't_ made a change to make sure those call sites can > >>> tolerate an error return. > >> > >> I think we should start with jbd2_journal_start_can_fail() or > >> something like it, and change it back to jbd2_journal_start() in the > >> next window. It's a silly name, but it catches exactly what you are > >> worried about. > > > > Yes, I think this would be nice for auditting (but for that matter > > current interface with additional argument isn't bad either and we can > > just do the rename to _nofail in the final patch...). > > The reason I don't like the "true" and "false" arguments is that it isn't > at all clear which functions have "false" because they cannot fail, and > which ones just haven't been updated yet. > > In that light, I'd prefer to add _two_ new functions, one that indicates > the function needs to retry (as it does now), and one that indicates that > the caller will handle the error. That way it is clear which functions > have been investigated, and which ones haven't been looked at yet. Once > all of the functions have been changed, we can remove the old > jbd2_journal_start() function to catch any patches that have not been > updated to the new functions. I agree this would be good for the transition period but once we go through all the callsites, I'd prefer to do a rename and have just jbd2_journal_start() be the one which does not retry. > Maybe jbd2_journal_start_canfail() and jbd2_journal_start_retry()? As I said above, I'd like the first one to live only temporarily so I don't care about the name. The second one is probably better than _nofail() but I still don't feel it describes well what the function does... Honza -- Jan Kara <jack@...e.cz> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists