| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180904185411.GA22166@fieldses.org>
Date: Tue, 4 Sep 2018 14:54:11 -0400
From: "J. Bruce Fields" <bfields@...ldses.org>
To: Rogier Wolff <R.E.Wolff@...Wizard.nl>
Cc: Jeff Layton <jlayton@...hat.com>,
焦晓冬 <milestonejxd@...il.com>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: POSIX violation by writeback error
On Tue, Sep 04, 2018 at 06:23:48PM +0200, Rogier Wolff wrote:
> On Tue, Sep 04, 2018 at 12:12:03PM -0400, J. Bruce Fields wrote:
> > Well, I think the point was that in the above examples you'd prefer that
> > the read just fail--no need to keep the data. A bit marking the file
> > (or even the entire filesystem) unreadable would satisfy posix, I guess.
> > Whether that's practical, I don't know.
>
> When you would do it like that (mark the whole filesystem as "in
> error") things go from bad to worse even faster. The Linux kernel
> tries to keep the system up even in the face of errors.
>
> With that suggestion, having one application run into a writeback
> error would effectively crash the whole system because the filesystem
> may be the root filesystem and stuff like "sshd" that you need to
> diagnose the problem needs to be read from the disk....
Well, the absolutist position on posix compliance here would be that a
crash is still preferable to returning the wrong data. And for the
cases 焦晓冬 gives, that sounds right? Maybe it's the wrong balance in
general, I don't know. And we do already have filesystems with
panic-on-error options, so if they aren't used maybe then maybe users
have already voted against that level of strictness.
--b.
Powered by blists - more mailing lists