| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Aug 2009 20:08:42 -0400 From: Theodore Tso <tytso@....edu> To: Pavel Machek <pavel@....cz> Cc: Ric Wheeler <rwheeler@...hat.com>, Florian Weimer <fweimer@....de>, Goswin von Brederlow <goswin-v-b@....de>, Rob Landley <rob@...dley.net>, kernel list <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...l.org>, mtk.manpages@...il.com, rdunlap@...otime.net, linux-doc@...r.kernel.org, linux-ext4@...r.kernel.org, corbet@....net Subject: Re: [patch] ext2/3: document conditions when reliable operation is possible On Tue, Aug 25, 2009 at 01:00:36AM +0200, Pavel Machek wrote: > Then to answer your question... ext2. You expect to run fsck after > unclean shutdown, and you expect to have to solve some problems with > it. So the way ext2 deals with the flash media actually matches what > the user expects. (*) But if the 256k hole is in data blocks, fsck won't find a problem, even with ext2. And if the 256k hole is the inode table, you will *still* suffer massive data loss. Fsck will tell you how badly screwed you are, but it doesn't "fix" the disk; most users don't consider questions of the form "directory entry <precious-thesis-data> points to trashed inode, may I delete directory entry?" as being terribly helpful. :-/ > OTOH in ext3 case you expect consistent filesystem after unplug; and > you don't get that. You don't get a consistent filesystem with ext2, either. And if your claim is that several hundred lines of fsck output detailing the filesystem's destruction somehow makes things all better, I suspect most users would disagree with you. In any case, depending on where the flash was writing at the time of the unplug, the data corruption could be silent anyway. Maybe this came as a surprise to you, but anyone who has used a compact flash in a digital camera knows that you ***have*** to wait until the led has gone out before trying to eject the flash card. I remember seeing all sorts of horror stories from professional photographers about how they lost an important wedding's day worth of pictures with the attendant commercial loss, on various digital photography forums. It tends to be the sort of mistake that digital photographers only make once. (It's worse with people using Digital SLR's shooting in raw mode, since it can take upwards of 30 seconds or more to write out a 12-30MB raw image, and if you eject at the wrong time, you can trash the contents of the entire CF card; in the worst case, the Flash Translation Layer data can get corrupted, and the card is completely ruined; you can't even reformat it at the filesystem level, but have to get a special Windows program from the CF manufacturer to --maybe-- reset the FTL layer. Early CF cards were especially vulnerable to this; more recent CF cards are better, but it's a known failure mode of CF cards.) - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists