lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 5 Nov 2006 11:22:20 -0500
From:	"Albert Cahalan" <acahalan@...il.com>
To:	"James Courtier-Dutton" <James@...erbug.co.uk>
Cc:	"Alan Cox" <alan@...rguk.ukuu.org.uk>, kangur@...com.net,
	mikulas@...ax.karlin.mff.cuni.cz, linux-kernel@...r.kernel.org
Subject: Re: New filesystem for Linux

On 11/5/06, James Courtier-Dutton <James@...erbug.co.uk> wrote:

> I have seen this too. I think that when IDE drive relocates the sector
> due to hard errors, one would silently loose the information that was
> stored in that sector.

I didn't just mean hidden relocation of bad blocks.

I really meant that sectors can trade places. This is probably
what happens when the bad-block remapping is itself corrupt.

Inodes 16,17,18,19 trade places with inodes 40,41,42,43.
An indirect block for your database trades places with an
indirect block for an outgoing email. A chunk of /etc/shadow
trades places with a chunk of a user's ~/.bash_logout file.

> I suppose a work around is to provide a fs level error check. This could
> take the form of the fs adding a checksum to any file. To avoid recheck
> summing the entire file each time it changes, maybe break the file up
> into blocks and checksum those. This would slow things down due to CPU
> use for the checksum, but at least we could tell us as soon as a file
> became corrupted, as the verification could be done on reading the file.

Yes indeed. This is what ZFS does. You can choose between
regular and crypto checksums. You can cause the filesystem
to replicate blocks over multiple devices. Unlike RAID, this lets
you recover from silent corruption.

> Another possible solution could be using a few bytes from each sector to
> place a fs level checksum in. Then, if the IDE drive silently relocates
> the sector, the fs level checksum will fail. A saw a feature like this
> on some old filesystem, but I don't remember which. It placed a
> checksum, forwards chain link, and possibly backwards chain link. So, if
> the filesystem became really badly corrupted, one could pick any sector
> on the disk and recover the entire file associated with it.

Both OS/400 and AmigaOS had this feature. AmigaOS used regular
512-byte sectors, making the data portion oddly sized. OS/400 made
the sectors bigger, by another 8 or 16 bytes if I remember right.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists