| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <174787198229.1484572.9967956151235591161.stgit@frogsfrogsfrogs>
Date: Wed, 21 May 2025 17:10:35 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: tytso@....edu
Cc: John@...ves.net, linux-ext4@...r.kernel.org, miklos@...redi.hu,
joannelkoong@...il.com, bernd@...ernd.com, linux-fsdevel@...r.kernel.org
Subject: [PATCH 09/10] libext2fs: allow clients to ask to write full
superblocks
From: Darrick J. Wong <djwong@...nel.org>
write_primary_superblock currently does this weird dance where it will
try to write only the dirty bytes of the primary superblock to disk. In
theory, this is done so that tune2fs can incrementally update superblock
bytes when the filesystem is mounted; ext2 was famous for allowing using
this dance to set new fs parameters and have them take effect in real
time.
The ability to do this safely was obliterated back in 2001 when ext3 was
introduced with journalling, because tune2fs has no way to know if the
journal has already logged an updated primary superblock but not yet
written it to disk, which means that they can race to write, and changes
can be lost.
This (non-)safety was further obliterated back in 2012 when I added
checksums to all the metadata blocks in ext4 because anyone else with
the block device open can see the primary superblock in an intermediate
state where the checksum does not match the superblock contents.
At this point in 2025 it's kind of stupid to still be doing this, and it
makes fuse2fs syncfs slow because we now perform a bunch of small writes
and introduce extra fsyncs. It will become especially painful when
fuse2fs turns on iomap, at which point it will need to use directio to
access the disk, which then runs the Really Sad Path where we change the
blocksize and completely obliterate the cache contents.
So, add a new flag to ask for full superblock writes, which fuse2fs will
use later.
Signed-off-by: "Darrick J. Wong" <djwong@...nel.org>
---
lib/ext2fs/ext2fs.h | 1 +
lib/ext2fs/closefs.c | 7 +++++++
2 files changed, 8 insertions(+)
diff --git a/lib/ext2fs/ext2fs.h b/lib/ext2fs/ext2fs.h
index 2661e10f57c047..22d56ad7554496 100644
--- a/lib/ext2fs/ext2fs.h
+++ b/lib/ext2fs/ext2fs.h
@@ -220,6 +220,7 @@ typedef struct ext2_file *ext2_file_t;
#define EXT2_FLAG_IBITMAP_TAIL_PROBLEM 0x2000000
#define EXT2_FLAG_THREADS 0x4000000
#define EXT2_FLAG_IGNORE_SWAP_DIRENT 0x8000000
+#define EXT2_FLAG_WRITE_FULL_SUPER 0x10000000
/*
* Internal flags for use by the ext2fs library only
diff --git a/lib/ext2fs/closefs.c b/lib/ext2fs/closefs.c
index 8e5bec03a050de..9a67db76e7b326 100644
--- a/lib/ext2fs/closefs.c
+++ b/lib/ext2fs/closefs.c
@@ -196,6 +196,13 @@ static errcode_t write_primary_superblock(ext2_filsys fs,
int check_idx, write_idx, size;
errcode_t retval;
+ if (fs->flags & EXT2_FLAG_WRITE_FULL_SUPER) {
+ retval = io_channel_write_byte(fs->io, SUPERBLOCK_OFFSET,
+ SUPERBLOCK_SIZE, super);
+ if (!retval)
+ return 0;
+ }
+
if (!fs->io->manager->write_byte || !fs->orig_super) {
fallback:
io_channel_set_blksize(fs->io, SUPERBLOCK_OFFSET);
Powered by blists - more mailing lists