| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Sep 2018 20:31:19 +0530
From: Joshi <joshiiitr@...il.com>
To: tytso@....edu
Cc: sandeen@...hat.com, linux-ext4@...r.kernel.org
Subject: Re: Repeatable block allocation problem.
Than you very much, Ted. I'll try these.
On Tue, Sep 18, 2018 at 9:31 AM Theodore Y. Ts'o <tytso@....edu> wrote:
>
> On Mon, Sep 17, 2018 at 12:28:54PM -0500, Eric Sandeen wrote:
> >
> > find_group_orlov() randomly selects block groups for root directories,
> > but AFAIK there is no explicit random behavior in the block allocator.
> >
> > It's more of a chaotic system than intentional random selection. :)
>
> There are places where we call prandom32(), and the dir_index hashing
> is influenced by randomly set s_hash_seed in the superblock. The
> checksum is also influenced by either the randomly set file system
> UUID or s_checksum_seed (if set).
>
> I had fooled around with a patch allow a benchmarker to initialize a
> fixed random state to try to stablize results from a benchmarking
> perspective. (See attached). However, I abandoned it when we
> discovered nearly all of the variability we saw in our benchmarks when
> we were working on the SMR-friendly ext4 paper[1] were caused by the
> fact that the writeback cache ratio was wandering all over the place,
> especially with drive-managed SMR disks, since the speed of these
> disks varied a huge amount depending on how much garbage collection
> was needed to clear out space in the HDD's media cache. So we fixed
> the problem via:
>
> echo 50 > /sys/class/bdi/<dev>/min_ratio
> echo 50 > /sys/class/bdi/<dev>/max_ratio
>
> and I didn't bother with the patch, since the prandom_u32() calls
> contributed almost nothing to the chaotic variability of the benchmark
> results. (This is something the Linux kernel would eventually need to
> address in some automatic way if Drive-Managed SMR were to become more
> than afterthought in the marketplace, but given that Drive-Managed SMR
> hasn't seen much market uptake, it's not been an issue I've thought
> deserved effort addressing in a more general/user-friendly way.)
>
> [1] https://www.usenix.org/system/files/conference/fast17/fast17-aghayev.pdf
>
> - Ted
>
> ext4: add ability to control the pseudo-random seed used by ext4
>
> Ext4 uses a pseudo-random generator in a few places: to spread out
> directories when htree is not enabled; to randomize the wait times
> for MMP backoff and lazy inode table initialization. For benchmarking
> purposes, it's useful to control the psueorandom number seed, expose
> this via /sys/fs/ext4/<dev>/prandom_seed.
>
> Signed-off-by: Theodore Ts'o <tytso@....edu>
> ---
> fs/ext4/ext4.h | 4 ++++
> fs/ext4/ialloc.c | 6 ++++--
> fs/ext4/mmp.c | 6 +++---
> fs/ext4/super.c | 3 ++-
> fs/ext4/sysfs.c | 20 ++++++++++++++++++++
> include/linux/random.h | 1 +
> lib/random32.c | 10 +++++-----
> 7 files changed, 39 insertions(+), 11 deletions(-)
>
> diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
> index ea31931..3dbb03a 100644
> --- a/fs/ext4/ext4.h
> +++ b/fs/ext4/ext4.h
> @@ -35,6 +35,7 @@
> #include <linux/fscrypto.h>
> #include <linux/falloc.h>
> #include <linux/percpu-rwsem.h>
> +#include <linux/random.h>
> #ifdef __KERNEL__
> #include <linux/compat.h>
> #endif
> @@ -1491,6 +1492,9 @@ struct ext4_sb_info {
> /* Precomputed FS UUID checksum for seeding other checksums */
> __u32 s_csum_seed;
>
> + /* RND state for the file system */
> + struct rnd_state s_rnd_state;
> +
> /* Reclaim extents from extent status tree */
> struct shrinker s_es_shrinker;
> struct list_head s_es_list; /* List of inodes with reclaimable extents */
> diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
> index 35f3518..09a1458 100644
> --- a/fs/ext4/ialloc.c
> +++ b/fs/ext4/ialloc.c
> @@ -485,8 +485,10 @@ static int find_group_orlov(struct super_block *sb, struct inode *parent,
> hinfo.seed = sbi->s_hash_seed;
> ext4fs_dirhash(qstr->name, qstr->len, &hinfo);
> grp = hinfo.hash;
> - } else
> - grp = prandom_u32();
> + } else {
> + grp = prandom_u32_state(&sbi->s_rnd_state);
> + pr_err("ext4 random: %lu\n", grp);
> + }
> parent_group = (unsigned)grp % ngroups;
> for (i = 0; i < ngroups; i++) {
> g = (parent_group + i) % ngroups;
> diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
> index 23d436d..99f69dc 100644
> --- a/fs/ext4/mmp.c
> +++ b/fs/ext4/mmp.c
> @@ -258,12 +258,12 @@ exit_thread:
> * Get a random new sequence number but make sure it is not greater than
> * EXT4_MMP_SEQ_MAX.
> */
> -static unsigned int mmp_new_seq(void)
> +static unsigned int mmp_new_seq(struct ext4_sb_info *sbi)
> {
> u32 new_seq;
>
> do {
> - new_seq = prandom_u32();
> + new_seq = prandom_u32_state(&sbi->s_rnd_state);
> } while (new_seq > EXT4_MMP_SEQ_MAX);
>
> return new_seq;
> @@ -342,7 +342,7 @@ skip:
> /*
> * write a new random sequence number.
> */
> - seq = mmp_new_seq();
> + seq = mmp_new_seq(EXT4_SB(sb));
> mmp->mmp_seq = cpu_to_le32(seq);
>
> retval = write_mmp_block(sb, bh);
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index c13a4e4..2c86b98 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -2969,7 +2969,7 @@ static struct ext4_li_request *ext4_li_request_new(struct super_block *sb,
> * spread the inode table initialization requests
> * better.
> */
> - elr->lr_next_sched = jiffies + (prandom_u32() %
> + elr->lr_next_sched = jiffies + (prandom_u32_state(&sbi->s_rnd_state) %
> (EXT4_DEF_LI_MAX_START_DELAY * HZ));
> return elr;
> }
> @@ -3274,6 +3274,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
> if (sb->s_bdev->bd_part)
> sbi->s_sectors_written_start =
> part_stat_read(sb->s_bdev->bd_part, sectors[1]);
> + _prandom_seed(&sbi->s_rnd_state, 0, true);
>
> /* Cleanup superblock name */
> strreplace(sb->s_id, '/', '!');
> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
> index 1420a3c..f74d34b 100644
> --- a/fs/ext4/sysfs.c
> +++ b/fs/ext4/sysfs.c
> @@ -26,6 +26,7 @@ typedef enum {
> attr_feature,
> attr_pointer_ui,
> attr_pointer_atomic,
> + attr_prandom_seed,
> } attr_id_t;
>
> typedef enum {
> @@ -90,6 +91,21 @@ static ssize_t inode_readahead_blks_store(struct ext4_attr *a,
> return count;
> }
>
> +static ssize_t prandom_seed_store(struct ext4_attr *a,
> + struct ext4_sb_info *sbi,
> + const char *buf, size_t count)
> +{
> + unsigned long t;
> + int ret;
> +
> + ret = kstrtoul(skip_spaces(buf), 0, &t);
> + if (ret)
> + return ret;
> +
> + _prandom_seed(&sbi->s_rnd_state, t, false);
> + return count;
> +}
> +
> static ssize_t reserved_clusters_store(struct ext4_attr *a,
> struct ext4_sb_info *sbi,
> const char *buf, size_t count)
> @@ -178,6 +194,7 @@ EXT4_RW_ATTR_SBI_UI(mb_stream_req, s_mb_stream_request);
> EXT4_RW_ATTR_SBI_UI(mb_group_prealloc, s_mb_group_prealloc);
> EXT4_RW_ATTR_SBI_UI(extent_max_zeroout_kb, s_extent_max_zeroout_kb);
> EXT4_ATTR(trigger_fs_error, 0200, trigger_test_error);
> +EXT4_ATTR(prandom_seed, 0200, prandom_seed);
> EXT4_RW_ATTR_SBI_UI(err_ratelimit_interval_ms, s_err_ratelimit_state.interval);
> EXT4_RW_ATTR_SBI_UI(err_ratelimit_burst, s_err_ratelimit_state.burst);
> EXT4_RW_ATTR_SBI_UI(warning_ratelimit_interval_ms, s_warning_ratelimit_state.interval);
> @@ -216,6 +233,7 @@ static struct attribute *ext4_attrs[] = {
> ATTR_LIST(errors_count),
> ATTR_LIST(first_error_time),
> ATTR_LIST(last_error_time),
> + ATTR_LIST(prandom_seed),
> NULL,
> };
>
> @@ -313,6 +331,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
> return inode_readahead_blks_store(a, sbi, buf, len);
> case attr_trigger_test_error:
> return trigger_test_error(a, sbi, buf, len);
> + case attr_prandom_seed:
> + return prandom_seed_store(a, sbi, buf, len);
> }
> return 0;
> }
> diff --git a/include/linux/random.h b/include/linux/random.h
> index e47e533..64b70a8 100644
> --- a/include/linux/random.h
> +++ b/include/linux/random.h
> @@ -45,6 +45,7 @@ struct rnd_state {
> __u32 s1, s2, s3, s4;
> };
>
> +void _prandom_seed(struct rnd_state *state, u32 seed, bool mix_with_hwseed);
> u32 prandom_u32_state(struct rnd_state *state);
> void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes);
> void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
> diff --git a/lib/random32.c b/lib/random32.c
> index 510d1ce..5134111 100644
> --- a/lib/random32.c
> +++ b/lib/random32.c
> @@ -157,8 +157,7 @@ static u32 __extract_hwseed(void)
> return val;
> }
>
> -static void prandom_seed_early(struct rnd_state *state, u32 seed,
> - bool mix_with_hwseed)
> +void _prandom_seed(struct rnd_state *state, u32 seed, bool mix_with_hwseed)
> {
> #define LCG(x) ((x) * 69069U) /* super-duper LCG */
> #define HWSEED() (mix_with_hwseed ? __extract_hwseed() : 0)
> @@ -167,6 +166,7 @@ static void prandom_seed_early(struct rnd_state *state, u32 seed,
> state->s3 = __seed(HWSEED() ^ LCG(state->s2), 16U);
> state->s4 = __seed(HWSEED() ^ LCG(state->s3), 128U);
> }
> +EXPORT_SYMBOL(_prandom_seed);
>
> /**
> * prandom_seed - add entropy to pseudo random number generator
> @@ -204,7 +204,7 @@ static int __init prandom_init(void)
> struct rnd_state *state = &per_cpu(net_rand_state, i);
> u32 weak_seed = (i + jiffies) ^ random_get_entropy();
>
> - prandom_seed_early(state, weak_seed, true);
> + _prandom_seed(state, weak_seed, true);
> prandom_warmup(state);
> }
>
> @@ -429,7 +429,7 @@ static void __init prandom_state_selftest(void)
> for (i = 0; i < ARRAY_SIZE(test1); i++) {
> struct rnd_state state;
>
> - prandom_seed_early(&state, test1[i].seed, false);
> + _prandom_seed(&state, test1[i].seed, false);
> prandom_warmup(&state);
>
> if (test1[i].result != prandom_u32_state(&state))
> @@ -444,7 +444,7 @@ static void __init prandom_state_selftest(void)
> for (i = 0; i < ARRAY_SIZE(test2); i++) {
> struct rnd_state state;
>
> - prandom_seed_early(&state, test2[i].seed, false);
> + _prandom_seed(&state, test2[i].seed, false);
> prandom_warmup(&state);
>
> for (j = 0; j < test2[i].iteration - 1; j++)
--
Joshi
Powered by blists - more mailing lists