lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Aug 2022 11:42:21 -0700 From: Eric Biggers <ebiggers@...nel.org> To: Lukas Czerner <lczerner@...hat.com> Cc: linux-ext4@...r.kernel.org, tytso@....edu, jlayton@...nel.org, jack@...e.cz, linux-fsdevel@...r.kernel.org, david@...morbit.com, Christoph Hellwig <hch@...radead.org> Subject: Re: [PATCH v3 2/3] fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE On Fri, Aug 12, 2022 at 02:37:26PM +0200, Lukas Czerner wrote: > Currently the I_DIRTY_TIME will never get set if the inode already has > I_DIRTY_INODE with assumption that it supersedes I_DIRTY_TIME. That's > true, however ext4 will only update the on-disk inode in > ->dirty_inode(), not on actual writeback. As a result if the inode > already has I_DIRTY_INODE state by the time we get to > __mark_inode_dirty() only with I_DIRTY_TIME, the time was already filled > into on-disk inode and will not get updated until the next I_DIRTY_INODE > update, which might never come if we crash or get a power failure. > > The problem can be reproduced on ext4 by running xfstest generic/622 > with -o iversion mount option. > > Fix it by allowing I_DIRTY_TIME to be set even if the inode already has > I_DIRTY_INODE. Also make sure that the case is properly handled in > writeback_single_inode() as well. Additionally changes in > xfs_fs_dirty_inode() was made to accommodate for I_DIRTY_TIME in flag. > > Thanks Jan Kara for suggestions on how to make this work properly. > > Cc: Dave Chinner <david@...morbit.com> > Cc: Christoph Hellwig <hch@...radead.org> > Signed-off-by: Lukas Czerner <lczerner@...hat.com> > Suggested-by: Jan Kara <jack@...e.cz> Sorry for so many separate emails. One more thought: isn't there a much more straightforward fix to this bug that wouldn't require changing the semantics of the inode flags: on __mark_inode_dirty(I_DIRTY_TIME), if the inode already has i_state & I_DIRTY_INODE, just call ->dirty_inode with i_state & I_DIRTY_INODE? That would fix the bug by making the filesystem update the on-disk inode. Perhaps you aren't doing that in order to strictly maintain the semantics of 'lazytime', where timestamp updates are only persisted at certain times? Is this useful even in the short window of time that an inode is dirty? - Eric
Powered by blists - more mailing lists