lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20091130133949.794fef00@mjolnir.ossman.eu>
Date:	Mon, 30 Nov 2009 13:39:49 +0100
From:	Pierre Ossman <pierre@...man.eu>
To:	Stefan Richter <stefanr@...6.in-berlin.de>
Cc:	Ben Hutchings <ben@...adent.org.uk>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-mmc@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
	504391@...s.debian.org,
	Wouter van Heyst <larstiq@...stiq.dyndns.org>
Subject: Re: [PATCH] mmc: add module parameter to set whether cards are
 assumed removable

On Tue, 17 Nov 2009 08:53:00 +0100
Stefan Richter <stefanr@...6.in-berlin.de> wrote:

> Ben Hutchings wrote:
> > In general, it is not possible to tell whether a card present in an MMC
> > slot after resume is the same that was there before suspend.
> 
> That's true for virtually all storage devices, not just MMC.
> 
> > So there are two possible behaviours, each of which will cause data
> > loss in some cases:
> > 
> > CONFIG_MMC_UNSAFE_RESUME=n (default): Cards are assumed to be removed
> > during suspend.  Any filesystem on them must be unmounted before
> > suspend; otherwise, buffered writes will be lost.
> > 
> > CONFIG_MMC_UNSAFE_RESUME=y: Cards are assumed to remain present during
> > suspend.  They must not be swapped during suspend; otherwise, buffered
> > writes will be flushed to the wrong card.
> > 
> > Currently the choice is made at compile time and this allows that to be
> > overridden at module load time.
> 
> Can't the kernel flush the write buffer at suspend time, so that you can
> remove this choice for good?

I'm afraid that's insufficient. What it would need to do is to is
flush everything (to make sure what's on disk matches what's in
memory), but also read back the filesystem on resume to verify that
nothing else modified it (i.e. making sure what's on disk still matches
what's in memory).

Another way of putting it is that the kernel needs to umount/mount
around suspend in a way that's transparent to users of the filesystem.

Until we have such a system in place then everything will be hacks
which only shift around the problem.

Rgds
-- 
     -- Pierre Ossman

  WARNING: This correspondence is being monitored by FRA, a
  Swedish intelligence agency. Make sure your server uses
  encryption for SMTP traffic and consider using PGP for
  end-to-end encryption.

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ