lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170624002454.wjieb3ppvljumzzj@thunk.org>
Date:   Fri, 23 Jun 2017 20:24:54 -0400
From:   Theodore Ts'o <tytso@....edu>
To:     Andreas Dilger <adilger@...ger.ca>
Cc:     Khazhismel Kumykov <khazhy@...gle.com>,
        linux-ext4 <linux-ext4@...r.kernel.org>,
        lkml <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] ext4: Return EIO on read error in ext4_find_entry

On Fri, Jun 23, 2017 at 05:34:23PM -0600, Andreas Dilger wrote:
> 
> Sure, but that is a problem independent of the readdir case I think?

This is lookup case not the readdir case....

> Wouldn't it just make sense to mount the filesystem with "errors=remount-ro"
> or "errors=panic" in your case, where you can give up on a single node
> easily if it detects device-level errors, rather than "errors=continue" as
> it seems you currently have?  This is what we do in HA environments, and
> fail the storage over to a backup server in case the problem is with the
> node, SCSI cards, cables, etc. and not the disk (preventing further automatic
> failback to prevent node ping-pong if there is actually a media error).

"errors=remount-ro" doesn't really help when it ends up tieing up
process doing the lookup for long periods of time.

"errors=panic" isn't helpful if you have a large number of file
systems mounted.  The system might have dozens of disks mounted (as
individual file systems) on a file server, or there might be even more
networked-block devices mounted on a container-oriented job server.
So you really don't want to blow away a node with a reboot just
because errors are found on a single device or network device.

In such an environment it might be far more appropriate to return an
error to userspace with dispatch, and trust userspace to take the
appropriate recovery steps.

					- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ