lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180905130845.GE23909@thunk.org>
Date:   Wed, 5 Sep 2018 09:08:45 -0400
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     焦晓冬 <milestonejxd@...il.com>
Cc:     jlayton@...hat.com, R.E.Wolff@...wizard.nl,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: POSIX violation by writeback error

On Wed, Sep 05, 2018 at 04:09:42PM +0800, 焦晓冬 wrote:
> Well, since the reader application and the writer application are reading
> a same file, they are indeed related. The reader here is expecting
> to read the lasted data the writer offers, not any data available. The
> reader is surely not expecting to read partially new and partially old data.
> Right? And, that `read() should return the lasted write()` by POSIX
> supports this expectation.

Unix, and therefore Linux's, core assumption is that the primary
abstraction is the file.  So if you say that all applications which
read or write the same file, that's equivalent of saying, "all
applications are related".  Consider that a text editor can read a
config file, or a source file, or any other text file.  Consider shell
script commands such as "cat", "sort", "uniq".  Heck /bin/cp copies
any type of file.  Does that mean that /bin/cp, as a reader
application, is related to all applications on the system.

The real problem here is that we're trying to guess the motivations
and usage of programs that are reading the file, and there's no good
way to do that.  It could be that the reader is someone who wants to
be informed that file is in page cache, but was never persisted to
disk.  It could be that the user has figured out something has gone
terribly wrong, and is desperately trying to rescue all the data she
can by copying it to another disk.  In that case, stopping the reader
from being able to access the contents is exactly the wrong thing to
do if what you care about is preventing data loss.

The other thing which you seem to be assuming is that applications
which care about precious data won't use fsync(2).  And in general,
it's been fairly well known for decades that if you care about your
data, you have to use fsync(2) or O_DIRECT writes; and you *must*
check the error return of both the fsync(2) and the close(2) system
calls.  Emacs got that right in the mid-1980's --- over 30 years ago.
We mocked GNOME and KDE's toy notepad applications for getting this
wrong a decade ago, and they've since fixed it.

Actually, the GNOME and KDE applications, because they were too lazy
to persist the xattr and ACL's, decided it was better to truncate the
file and then rewrite it.  So if you crashed after the
truncate... your data was toast.  This was a decade ago, and again, it
was considered spectacular bad application programming then, and it's
since been fixed.  The point here is that there will always be lousy
application programs.  And it is a genuine systems design question how
much should we sacrifice performance and efficiency to accomodate
stupid application programs.

For example, we could make close(2) imply an fsync(2), and return the
error in close(2).  But *that* assumes that applications actually
check the return value for close(2) --- and there will be those that
don't.  This would completely trash performance for builds, since it
would slow down writing generated files such as all the *.o object
files.  Which since they are generated files, they aren't precious.
So forcing an fsync(2) after writing all of those files will destroy
your system performance.

						- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ