lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Aug 2011 13:27:12 +0900 From: Toshiyuki Okajima <toshi.okajima@...fujitsu.com> To: Jan Kara <jack@...e.cz> CC: akpm@...ux-foundation.org, adilger.kernel@...ger.ca, linux-ext4@...r.kernel.org Subject: Re: [PATCH] ext3: fix message in ext3_remount for rw-remount case Hi. I'm sorry for my late response. I took vacations till yesterday. (2011/08/04 1:25), Jan Kara wrote: > Hello, > > On Wed 03-08-11 22:25:48, Toshiyuki Okajima wrote: >> On Wed, 3 Aug 2011 11:57:54 +0200 >> Jan Kara<jack@...e.cz> wrote: >>> On Wed 03-08-11 11:42:03, Toshiyuki Okajima wrote: >>>>> (2011/08/01 18:57), Jan Kara wrote: >>>>>> On Mon 01-08-11 18:45:58, Toshiyuki Okajima wrote: >>>>>>> (2011/08/01 17:45), Jan Kara wrote: >>>>>>>> On Mon 01-08-11 13:54:51, Toshiyuki Okajima wrote: >>>>>>>>> If there are some inodes in orphan list while a filesystem is being >>>>>>>>> read-only mounted, we should recommend that pepole umount and then >>>>>>>>> mount it when they try to remount with read-write. But the current >>>>>>>>> message/comment recommends that they umount and then remount it. >>>> <SNIP> >>>>>>>> the most... BTW, I guess you didn't really see this message in practice, did >>>>>>>> you? >>>>>>> No. >>>>>>> I have seen this message in practice while quotacheck command was repeatedly >>>>>>> executed per an hour. >>>>>> Interesting. Are you able to reproduce this? Quotacheck does remount >>>>>> read-only + remount read-write but you cannot really remount the filesystem >>>>>> read-only when it has orphan inodes and so you should not see those when >>>>>> you remount read-write again. Possibly there's race between remounting and >>>>>> unlinking... >>>>> Yes. I can reproduce it. However, it is not frequently reproduced >>>>> by using the original procedure (qutacheck per an hour). So, I made a >>>>> reproducer. >>>> To tell the truth, I think the race creates the message: >>>> ----------------------------------------------------------------------- >>>> EXT3-fs:<dev>: couldn't remount RDWR because of >>>> unprocessed orphan inode list. Please umount/remount instead. >>>> ----------------------------------------------------------------------- >>>> which hides a serious problem. >>> I've inquired about this at linux-fsdevel (I think you were in CC unless >>> I forgot). It's a race in VFS remount code as you properly analyzed below. >>> People are working on fixing it but it's not trivial. Filesystem is really >>> a wrong place to fix such problem. If there is a trivial fix for ext3 to >>> workaround the issue, I can take it but I'm not willing to push anything >>> complex - effort should better be spent working on a generic fix. >> I also think read-only remount race in VFS layer should be fixed. >> However, I think this race depends on ext3/ext4 filesystem >> implementation. (Orphan inode list) >> So, we should modify ext3/ext4(jbd/jbd2) to fix it. > Umm, I don't understand here. If VFS makes sure that there are no After I saw the following messages, I thought we must fix EXT3-fs error at first. So, I created the fix patch. (1) kernel: EXT3-fs: <dev>: couldn't remount RDWR because of unprocessed orphan inode list. Please umount/remount instead. (2) kernel: EXT3-fs error (device <dev>) in start_transaction: Readonly filesystem I wasn't aware that by fixing the race between "ro-remount" and "unlink", that EXT3-fs error can be also fixed then. > files open for writing, no unfinished operations changing the filesystem (e.g. > unlink), and no open-but-unlinked files, what remains for ext3 to check? OK. Now, I also think we need not modify ext3 to fix these problems. If we can prevent to add an inode into the orphan list (to start unlinking) while ro-remounting, we can also prevent (1) and (2). However, new mechanism to confirm whether "no open-but-unlinked" files exist while ro-remounting is required, isn't it? Thanks, Toshiyuki Okajima -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists