lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080709162715.GC11797@mit.edu>
Date:	Wed, 9 Jul 2008 12:27:15 -0400
From:	Theodore Tso <tytso@....edu>
To:	Jan Willem van den Brand <janwillem.dev@...glemail.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [RFC] ext3/jbd, kernel 2.6.13, make ext3 mountable as ext2
	when journal is empty.

On Wed, Jul 09, 2008 at 05:24:25PM +0200, Jan Willem van den Brand wrote:
> This patch makes ext3 mountable as ext2 even in case of a power
> failure while mounted as ext3. We have tested it for kernel 2.6.13 but
> it should be fairly easy to get it to work for other versions.

What's the rationale for doing this.  Why is it *useful* to have the
filesystem be mountable as ext2 in case of a power failure?  The whole
point of ext3 is to be able to keep the filesystem consistent in case
of a power failure.

So the patch as given would never go into the kernel as-is, and in the
general case it is totally counterproductive.  Maybe it could go in as
a optional behaviour enabled by a mount option, but that's assuming we
can be convinced it's a good idea.

> In case of a power failure, the INCOMPAT flag is not reset. Systems
> that suffer from frequent power failure (e.g. SD-cards that are
> unsafely removed) will often not be mountable as ext2.

So what?  Why can't you just run the journal and check the filesystem
for consistency?  If the user did a hot-eject while the SD-card was
being written, even with your patch there is no guarantee that the
card will even be readable.  Some SD-cards go totally non-functional
due to corruption at the flash translation layer when they are yanked
in the middle of an update....

> Obviously, this solution will result in poor performance when many
> small files are frequently closed after write but that is not the case
> in our system (TomTom navigation device).

How often does your TomTom device need to update files?  A better
(userspace-only) solution might be keep the filesystem mounted
read-only, and when you need to write to the filesystem, turn on the
LED (which hopefully will be a hint to the users to keep their grubby
little paws off the eject button), remount it read/write, do your file
writes, then remount it read/only, and turn off the LED.

Regards,

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ