lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 23 Nov 2020 20:52:29 -0300
From:   Mauricio Faria de Oliveira <>
To:     "Theodore Y. Ts'o" <>
Cc:     Jan Kara <>,,
        Andreas Dilger <>
Subject: Re: [PATCH] ext4: Fix mmap write protection for data=journal mode

Hey Ted,

On Fri, Nov 20, 2020 at 3:10 PM Theodore Y. Ts'o <> wrote:
> Mauricio,
> Thanks for your work in finding the corner cases for data=journal.  If

Thank you and Jan for your suggestions and guidance to fix them.

> you don't mind me asking, however --- what are the use cases for you
> where data=journal is the preferred mode for ext4?  There are a lot of
> advanced features for data=journal mode which don't work.  This
> includes things like dioread_nolock (now the default), delayed
> allocation, and other optimizations.
> It used to be that data=journal pretty nicely fell out of how ext4
> worked in "normally".  These days, data=journal is becoming more and
> more an exception case that requires special handling.  And to be
> honest, every so often there has been discussion about whether the
> maintenance overhead of data=journal has been worth keeping it.  So
> far, we just don't bother making data=journal work with things like
> delayed allocation, and one of ther reasons why we've kept it around
> is because it's a unique mode that none of the Linux file systems
> have.
> It would be useful, though, to understand what are the use cases where
> you (or your customers) are finding data=journal useful, so we can
> better optimize for their use case.  And if there are enough people
> who care about it --- and clearly, you've invested so much effort that
> you definitely fall into that category :-) --- then maybe there's a
> business case for investing more into data=journal and trying to make
> it something which is easier to maintain and can work with things like
> delayed allocation.

The main reason a customer used data=journal in some cases
is it provided them more consistency w/ data on power loss.

Specifically, it prevented some consistency check errors on
applications in which it's unfortunately not always possible
to request/guarantee that sync() is called (not ext4's fault.)

We've previously exposed the disadvantages with data=journal,
including the discussion about its future/maintenance upstream
and associated risks with less exposure/testing (eg, this bug! :)
in order to assist them with decision-making and maybe switching.

It seems that data=ordered with nodelalloc and a smaller commit=
interval could help them, but that's going on experiment stages.

So, it seems this use case is more about data integrity than features,
and data=journal does seem to help with that despite the applications.

Glad that ext4 still provides such mode; but it's understandable that
maintenance and features and special handling leads to the discussion
about no longer keeping it.

Thanks for reaching out to understand the use cases from users,
and being willing to consider that into development/maintenance.

There's also a few bits about it from Andreas in the v1 series [1].

Hope this helps!


> Thanks,
>                                         - Ted

Mauricio Faria de Oliveira

Powered by blists - more mailing lists