| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Jan 2011 21:40:03 -0800 From: Manish Katiyar <mkatiyar@...il.com> To: Jan Kara <jack@...e.cz> Cc: Andreas Dilger <adilger.kernel@...ger.ca>, Joel Becker <jlbec@...lplan.org>, "Ted Ts'o" <tytso@....edu>, ext4 <linux-ext4@...r.kernel.org> Subject: Re: [PATCH 1/3] jbd2 : Make jbd2 transaction handle allocation to return errors and handle them gracefully. On Tue, Jan 25, 2011 at 3:46 AM, Jan Kara <jack@...e.cz> wrote: > On Mon 24-01-11 18:06:24, Andreas Dilger wrote: >> > jbd2_journal_start can always fail e.g. because the journal is aborted. >> > So it really just means no memory failures... >> > >> >>> The tradeoff is that long-term, the code is more readable (as opposed >> >>> to having people look up what a random "true" or "false" value means). >> >>> But short-term, while it will make the patch smaller, it also makes >> >>> the patch harder audit, since we need to look at all of the places >> >>> where we _haven't_ made a change to make sure those call sites can >> >>> tolerate an error return. >> >> >> >> I think we should start with jbd2_journal_start_can_fail() or >> >> something like it, and change it back to jbd2_journal_start() in the >> >> next window. It's a silly name, but it catches exactly what you are >> >> worried about. >> > >> > Yes, I think this would be nice for auditting (but for that matter >> > current interface with additional argument isn't bad either and we can >> > just do the rename to _nofail in the final patch...). >> >> The reason I don't like the "true" and "false" arguments is that it isn't >> at all clear which functions have "false" because they cannot fail, and >> which ones just haven't been updated yet. >> >> In that light, I'd prefer to add _two_ new functions, one that indicates >> the function needs to retry (as it does now), and one that indicates that >> the caller will handle the error. That way it is clear which functions >> have been investigated, and which ones haven't been looked at yet. Once >> all of the functions have been changed, we can remove the old >> jbd2_journal_start() function to catch any patches that have not been >> updated to the new functions. > I agree this would be good for the transition period but once we go > through all the callsites, I'd prefer to do a rename and have just > jbd2_journal_start() be the one which does not retry. > >> Maybe jbd2_journal_start_canfail() and jbd2_journal_start_retry()? > As I said above, I'd like the first one to live only temporarily so > I don't care about the name. The second one is probably better than > _nofail() but I still don't feel it describes well what the function > does... Hi all, Have we reached on any conclusion yet on the function name which I can use to send my updated patch ? My preference from the above list is to use ext4_journal_start_nofs() as that seems the closest match, but I would like hear the conclusion from experts. -- Thanks - Manish -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists