lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <461A760B.1040103@redhat.com>
Date:	Mon, 09 Apr 2007 12:21:15 -0500
From:	Eric Sandeen <sandeen@...hat.com>
To:	Phillip Susi <psusi@....rr.com>
CC:	Samuel Thibault <samuel.thibault@...-lyon.org>,
	linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Add a norecovery option to ext3/4?

Phillip Susi wrote:
> Samuel Thibault wrote:
>> Hi,
>>
>> Distribution installers usually try to probe OSes for building a suited
>> grub menu.  Unfortunately, mounting an ext3 partition, even in read-only
>> mode, does perform some operations on the filesystem (log recovery).
>> This is not a good idea since it may silently garbage data.  XFS has a
>> norecovery option that allows to disable that, I'd say ext3/4 should
>> have it too.
> 
> When the filesystem is told to mount the disk read only, that means it 
> should not write to it.  

It means the filesystem should not be writeable when it is mounted.
This is not the same as saying that the filesystem itself should do no
IO in the course of making that read-only mount available.

> The fact that ext3 goes ahead and does anyway 
> is a bug and should be fixed.  There is no need for a norecovery option, 
> because read only is a sufficient directive to tell the filesystem not 
> to write to the disk.

I respectfully disagree, see above.

> As someone else pointed out, this behavior causes havoc if you hibernate 
> a system and then boot up another system which mounts the disk of the 
> hibernated system.  

In that case you are mounting the same filesystem uner 2 different
operating systems simultaneously, which is, and always has been, a
recipe for disaster.  Flagging the fs as "mounted already" would
probably be a better solution, though it's harder than it sounds at
first glance.

> Under all conditions it should be safe to mount a 
> disk read only, but here it is not because the journal playback trashes 
> the disk out from under the hibernated system.

Under all conditions it should be safe to mount a read-only block
device, but that is not the same as mounting a filesystem read-only.

-Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ