lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 24 Aug 2021 12:25:43 -0700
From:   Jane Chu <>
To:     Christoph Hellwig <>,
        "Darrick J. Wong" <>
Cc:,,,,,, Jane Chu <>
Subject: Re: [PATCHSET 0/2] dax: fix broken pmem poison narrative

On 8/17/2021 12:39 AM, Christoph Hellwig wrote:
> On Mon, Aug 16, 2021 at 02:05:18PM -0700, Darrick J. Wong wrote:
>> AFAICT, the only reason why the "punch and write" dance works at all is
>> that the XFS and ext4 currently call blkdev_issue_zeroout when
>> allocating pmem as part of a pwrite call.  A pwrite without the punch
>> won't clear the poison, because pwrite on a DAX file calls
>> dax_direct_access to access the memory directly, and dax_direct_access
>> is only smart enough to bail out on poisoned pmem.  It does not know how
>> to clear it.  Userspace could solve the problem by calling FIEMAP and
>> issuing a BLKZEROOUT, but that requires rawio capabilities.
>> The whole pmem poison recovery story is is wrong and needs to be
>> corrected ASAP before everyone else starts doing this.  Therefore,
>> create a dax_zeroinit_range function that filesystems can call to reset
>> the contents of the pmem to a known value and clear any state associated
>> with the media error.  Then, connect FALLOC_FL_ZERO_RANGE to this new
>> function (for DAX files) so that unprivileged userspace has a safe way
>> to reset the pmem and clear media errors.
> I agree with the problem statement, but I don't think the fix is
> significantly better than what we have, as it still magically overloads

This fix guarantees contiguous pmem backend, versus the existing 
holepunch+pwrite ends up allocating an unused(by the filesystem)
pmem range from the pmem device, and the poison block stay poisoned,
not cleared by the existing method. This brings 3 problem: 1. the
backend become fragmented which negatively impacts the RDMA behavior,
2. what if the pmem device run out of extra clean blocks?  3. the user
interface that clears poison when device is unmounted is risky in
that it could damage filesystem metadata.

That said, another angle to view this patch is that, FALLOC_FL_ZERO_RANGE
is supposed to zero-range, for non-direct access block device, it's
okay to not actually write zeros to the media, but pmem device is
what-you-see-is-what-you-get, it seems making sense to actually writes


> other behavior.  I'd rather have an explicit operation to clear the
> poison both at the syscall level (maybe another falloc mode), and the
> internal kernel API level (new method in dax_operations).
> Also for the next iteration please split the iomap changes from the
> usage in xfs.

Powered by blists - more mailing lists