lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 08 Aug 2011 13:27:12 +0900
From:	Toshiyuki Okajima <toshi.okajima@...fujitsu.com>
To:	Jan Kara <jack@...e.cz>
CC:	akpm@...ux-foundation.org, adilger.kernel@...ger.ca,
	linux-ext4@...r.kernel.org
Subject: Re: [PATCH] ext3: fix message in ext3_remount for rw-remount case

Hi.

I'm sorry for my late response. I took vacations till yesterday.

(2011/08/04 1:25), Jan Kara wrote:
>    Hello,
>
> On Wed 03-08-11 22:25:48, Toshiyuki Okajima wrote:
>> On Wed, 3 Aug 2011 11:57:54 +0200
>> Jan Kara<jack@...e.cz>  wrote:
>>> On Wed 03-08-11 11:42:03, Toshiyuki Okajima wrote:
>>>>> (2011/08/01 18:57), Jan Kara wrote:
>>>>>> On Mon 01-08-11 18:45:58, Toshiyuki Okajima wrote:
>>>>>>> (2011/08/01 17:45), Jan Kara wrote:
>>>>>>>> On Mon 01-08-11 13:54:51, Toshiyuki Okajima wrote:
>>>>>>>>> If there are some inodes in orphan list while a filesystem is being
>>>>>>>>> read-only mounted, we should recommend that pepole umount and then
>>>>>>>>> mount it when they try to remount with read-write. But the current
>>>>>>>>> message/comment recommends that they umount and then remount it.
>>>> <SNIP>
>>>>>>>> the most... BTW, I guess you didn't really see this message in practice, did
>>>>>>>> you?
>>>>>>> No.
>>>>>>> I have seen this message in practice while quotacheck command was repeatedly
>>>>>>> executed per an hour.
>>>>>> Interesting. Are you able to reproduce this? Quotacheck does remount
>>>>>> read-only + remount read-write but you cannot really remount the filesystem
>>>>>> read-only when it has orphan inodes and so you should not see those when
>>>>>> you remount read-write again. Possibly there's race between remounting and
>>>>>> unlinking...
>>>>> Yes. I can reproduce it. However, it is not frequently reproduced
>>>>> by using the original procedure (qutacheck per an hour). So, I made a
>>>>> reproducer.
>>>> To tell the truth, I think the race creates the message:
>>>> -----------------------------------------------------------------------
>>>>   EXT3-fs:<dev>: couldn't remount RDWR because of
>>>>        unprocessed orphan inode list.  Please umount/remount instead.
>>>> -----------------------------------------------------------------------
>>>> which hides a serious problem.
>>>    I've inquired about this at linux-fsdevel (I think you were in CC unless
>>> I forgot). It's a race in VFS remount code as you properly analyzed below.
>>> People are working on fixing it but it's not trivial. Filesystem is really
>>> a wrong place to fix such problem. If there is a trivial fix for ext3 to
>>> workaround the issue, I can take it but I'm not willing to push anything
>>> complex - effort should better be spent working on a generic fix.
>> I also think read-only remount race in VFS layer should be fixed.
>> However, I think this race depends on ext3/ext4 filesystem
>> implementation. (Orphan inode list)
>> So, we should modify ext3/ext4(jbd/jbd2) to fix it.

>    Umm, I don't understand here. If VFS makes sure that there are no

After I saw the following messages, I thought we must fix EXT3-fs error
at first. So, I created the fix patch.

(1) kernel: EXT3-fs: <dev>: couldn't remount RDWR because of
       unprocessed orphan inode list.  Please umount/remount instead.
(2) kernel: EXT3-fs error (device <dev>) in start_transaction: Readonly filesystem

I wasn't aware that by fixing the race between "ro-remount" and "unlink",
that EXT3-fs error can be also fixed then.

> files open for writing, no unfinished operations changing the filesystem (e.g.
> unlink), and no open-but-unlinked files, what remains for ext3 to check?
OK.
Now, I also think we need not modify ext3 to fix these problems.
If we can prevent to add an inode into the orphan list (to start unlinking)
while ro-remounting, we can also prevent (1) and (2).

However, new mechanism to confirm whether "no open-but-unlinked" files
exist while ro-remounting is required, isn't it?
  
Thanks,
Toshiyuki Okajima

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists