| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1462231029.1421.82.camel@intel.com> Date: Mon, 2 May 2016 23:17:21 +0000 From: "Verma, Vishal L" <vishal.l.verma@...el.com> To: "david@...morbit.com" <david@...morbit.com>, "jmoyer@...hat.com" <jmoyer@...hat.com> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-block@...r.kernel.org" <linux-block@...r.kernel.org>, "hch@...radead.org" <hch@...radead.org>, "xfs@....sgi.com" <xfs@....sgi.com>, "linux-nvdimm@...1.01.org" <linux-nvdimm@...1.01.org>, "linux-mm@...ck.org" <linux-mm@...ck.org>, "viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>, "Williams, Dan J" <dan.j.williams@...el.com>, "axboe@...com" <axboe@...com>, "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>, "Wilcox, Matthew R" <matthew.r.wilcox@...el.com>, "jack@...e.cz" <jack@...e.cz> Subject: Re: [PATCH v2 5/5] dax: handle media errors in dax_do_io On Tue, 2016-05-03 at 09:04 +1000, Dave Chinner wrote: > On Mon, May 02, 2016 at 11:18:36AM -0400, Jeff Moyer wrote: > > > > Dave Chinner <david@...morbit.com> writes: > > > > > > > > On Mon, Apr 25, 2016 at 11:53:13PM +0000, Verma, Vishal L wrote: > > > > > > > > On Tue, 2016-04-26 at 09:25 +1000, Dave Chinner wrote: > > > You're assuming that only the DAX aware application accesses it's > > > files. users, backup programs, data replicators, fileystem > > > re-organisers (e.g. defragmenters) etc all may access the files > > > and > > > they may throw errors. What then? > > I'm not sure how this is any different from regular storage. If an > > application gets EIO, it's up to the app to decide what to do with > > that. > Sure - they'll fail. But the question I'm asking is that if the > application that owns the data is supposed to do error recovery, > what happens when a 3rd party application hits an error? If that > consumes the error, the the app that owns the data won't ever get a > chance to correct the error. > > This is a minefield - a 3rd party app that swallows and clears DAX > based IO errors is a data corruption vector. can yo imagine if > *grep* did this? The model that is being promoted here effectively > allows this sort of behaviour - I don't really think we > should be architecting an error recovery strategy that has the > capability to go this wrong.... > Just to address this bit - No. Any number of backup/3rd party application can hit the error and _fail_ but surely they won't try to _write_ the bad location? Only a write to the bad sector will clear it in this model - and until such time, all reads will just keep erroring out. This works for DAX/mmap based reads/writes too - mmap-stores won't/can't clear errors - you have to go through the block path, and in the altest version of my patch set, that has to be explicitly through O_DIRECT.
Powered by blists - more mailing lists