lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJDTihzqn3whQ47uUOxGYk4Je4S10ehNEQCtfb=j--iCsdDqgQ@mail.gmail.com>
Date:   Tue, 4 Sep 2018 16:58:59 +0800
From:   焦晓冬 <milestonejxd@...il.com>
To:     R.E.Wolff@...wizard.nl
Cc:     jlayton@...hat.com, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: POSIX violation by writeback error

On Tue, Sep 4, 2018 at 3:53 PM Rogier Wolff <R.E.Wolff@...wizard.nl> wrote:

...
> >
> > Jlayton's patch is simple but wonderful idea towards correct error
> > reporting. It seems one crucial thing is still here to be fixed. Does
> > anyone have some idea?
> >
> > The crucial thing may be that a read() after a successful
> > open()-write()-close() may return old data.
> >
> > That may happen where an async writeback error occurs after close()
> > and the inode/mapping get evicted before read().
>
> Suppose I have 1Gb of RAM. Suppose I open a file, write 0.5Gb to it
> and then close it. Then I repeat this 9 times.
>
> Now, when writing those files to storage fails, there is 5Gb of data
> to remember and only 1Gb of RAM.
>
> I can choose any part of that 5Gb and try to read it.
>
> Please make a suggestion about where we should store that data?

That is certainly not possible to be done. But at least, shall we report
error on read()? Silently returning wrong data may cause further damage,
such as removing wrong files since it was marked as garbage in the old file.

As I can see, that is all about error reporting.

As for suggestion, maybe the error flag of inode/mapping, or the entire inode
should not be evicted if there was an error. That hopefully won't take much
memory. On extreme conditions, where too much error inode requires staying
in memory, maybe we should panic rather then spread the error.

>
> In the easy case, where the data easily fits in RAM, you COULD write a
> solution. But when the hardware fails, the SYSTEM will not be able to
> follow the posix rules.

Nope, we are able to follow the rules. The above is one way that follows the
POSIX rules.

>
>         Roger.
>
> --
> ** R.E.Wolff@...Wizard.nl ** http://www.BitWizard.nl/ ** +31-15-2600998 **
> **    Delftechpark 26 2628 XH  Delft, The Netherlands. KVK: 27239233    **
> *-- BitWizard writes Linux device drivers for any device you may have! --*
> The plan was simple, like my brother-in-law Phil. But unlike
> Phil, this plan just might work.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ