lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <174787198229.1484572.9967956151235591161.stgit@frogsfrogsfrogs> Date: Wed, 21 May 2025 17:10:35 -0700 From: "Darrick J. Wong" <djwong@...nel.org> To: tytso@....edu Cc: John@...ves.net, linux-ext4@...r.kernel.org, miklos@...redi.hu, joannelkoong@...il.com, bernd@...ernd.com, linux-fsdevel@...r.kernel.org Subject: [PATCH 09/10] libext2fs: allow clients to ask to write full superblocks From: Darrick J. Wong <djwong@...nel.org> write_primary_superblock currently does this weird dance where it will try to write only the dirty bytes of the primary superblock to disk. In theory, this is done so that tune2fs can incrementally update superblock bytes when the filesystem is mounted; ext2 was famous for allowing using this dance to set new fs parameters and have them take effect in real time. The ability to do this safely was obliterated back in 2001 when ext3 was introduced with journalling, because tune2fs has no way to know if the journal has already logged an updated primary superblock but not yet written it to disk, which means that they can race to write, and changes can be lost. This (non-)safety was further obliterated back in 2012 when I added checksums to all the metadata blocks in ext4 because anyone else with the block device open can see the primary superblock in an intermediate state where the checksum does not match the superblock contents. At this point in 2025 it's kind of stupid to still be doing this, and it makes fuse2fs syncfs slow because we now perform a bunch of small writes and introduce extra fsyncs. It will become especially painful when fuse2fs turns on iomap, at which point it will need to use directio to access the disk, which then runs the Really Sad Path where we change the blocksize and completely obliterate the cache contents. So, add a new flag to ask for full superblock writes, which fuse2fs will use later. Signed-off-by: "Darrick J. Wong" <djwong@...nel.org> --- lib/ext2fs/ext2fs.h | 1 + lib/ext2fs/closefs.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/lib/ext2fs/ext2fs.h b/lib/ext2fs/ext2fs.h index 2661e10f57c047..22d56ad7554496 100644 --- a/lib/ext2fs/ext2fs.h +++ b/lib/ext2fs/ext2fs.h @@ -220,6 +220,7 @@ typedef struct ext2_file *ext2_file_t; #define EXT2_FLAG_IBITMAP_TAIL_PROBLEM 0x2000000 #define EXT2_FLAG_THREADS 0x4000000 #define EXT2_FLAG_IGNORE_SWAP_DIRENT 0x8000000 +#define EXT2_FLAG_WRITE_FULL_SUPER 0x10000000 /* * Internal flags for use by the ext2fs library only diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c index 8e5bec03a050de..9a67db76e7b326 100644 --- a/lib/ext2fs/closefs.c +++ b/lib/ext2fs/closefs.c @@ -196,6 +196,13 @@ static errcode_t write_primary_superblock(ext2_filsys fs, int check_idx, write_idx, size; errcode_t retval; + if (fs->flags & EXT2_FLAG_WRITE_FULL_SUPER) { + retval = io_channel_write_byte(fs->io, SUPERBLOCK_OFFSET, + SUPERBLOCK_SIZE, super); + if (!retval) + return 0; + } + if (!fs->io->manager->write_byte || !fs->orig_super) { fallback: io_channel_set_blksize(fs->io, SUPERBLOCK_OFFSET);
Powered by blists - more mailing lists