| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Mar 2021 21:22:01 -0700
From: Jaegeuk Kim <jaegeuk@...nel.org>
To: Chao Yu <yuchao0@...wei.com>
Cc: linux-f2fs-devel@...ts.sourceforge.net,
linux-kernel@...r.kernel.org, chao@...nel.org
Subject: Re: [PATCH] Revert "f2fs: give a warning only for readonly partition"
On 03/24, Chao Yu wrote:
> On 2021/3/24 2:39, Jaegeuk Kim wrote:
> > On 03/23, Chao Yu wrote:
> > > This reverts commit 938a184265d75ea474f1c6fe1da96a5196163789.
> > >
> > > Because that commit fails generic/050 testcase which expect failure
> > > during mount a recoverable readonly partition.
> >
> > I think we need to change generic/050, since f2fs can recover this partition,
>
> Well, not sure we can change that testcase, since it restricts all generic
> filesystems behavior. At least, ext4's behavior makes sense to me:
>
> journal_dev_ro = bdev_read_only(journal->j_dev);
> really_read_only = bdev_read_only(sb->s_bdev) | journal_dev_ro;
>
> if (journal_dev_ro && !sb_rdonly(sb)) {
> ext4_msg(sb, KERN_ERR,
> "journal device read-only, try mounting with '-o ro'");
> err = -EROFS;
> goto err_out;
> }
>
> if (ext4_has_feature_journal_needs_recovery(sb)) {
> if (sb_rdonly(sb)) {
> ext4_msg(sb, KERN_INFO, "INFO: recovery "
> "required on readonly filesystem");
> if (really_read_only) {
> ext4_msg(sb, KERN_ERR, "write access "
> "unavailable, cannot proceed "
> "(try mounting with noload)");
> err = -EROFS;
> goto err_out;
> }
> ext4_msg(sb, KERN_INFO, "write access will "
> "be enabled during recovery");
> }
> }
>
> > even though using it as readonly. And, valid checkpoint can allow for user to
> > read all the data without problem.
>
> >> if (f2fs_hw_is_readonly(sbi)) {
>
> Since device is readonly now, all write to the device will fail, checkpoint can
> not persist recovered data, after page cache is expired, user can see stale data.
My point is, after mount with ro, there'll be no data write which preserves the
current status. So, in the next time, we can recover fsync'ed data later, if
user succeeds to mount as rw. Another point is, with the current checkpoint, we
should not have any corrupted metadata. So, why not giving a chance to show what
data remained to user? I think this can be doable only with CoW filesystems.
>
> Am I missing something?
>
> Thanks,
>
> >
> > >
> > > Fixes: 938a184265d7 ("f2fs: give a warning only for readonly partition")
> > > Signed-off-by: Chao Yu <yuchao0@...wei.com>
> > > ---
> > > fs/f2fs/super.c | 8 +++++---
> > > 1 file changed, 5 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> > > index b48281642e98..2b78ee11f093 100644
> > > --- a/fs/f2fs/super.c
> > > +++ b/fs/f2fs/super.c
> > > @@ -3952,10 +3952,12 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
> > > * previous checkpoint was not done by clean system shutdown.
> > > */
> > > if (f2fs_hw_is_readonly(sbi)) {
> > > - if (!is_set_ckpt_flags(sbi, CP_UMOUNT_FLAG))
> > > + if (!is_set_ckpt_flags(sbi, CP_UMOUNT_FLAG)) {
> > > + err = -EROFS;
> > > f2fs_err(sbi, "Need to recover fsync data, but write access unavailable");
> > > - else
> > > - f2fs_info(sbi, "write access unavailable, skipping recovery");
> > > + goto free_meta;
> > > + }
> > > + f2fs_info(sbi, "write access unavailable, skipping recovery");
> > > goto reset_checkpoint;
> > > }
> > > --
> > > 2.29.2
> > .
> >
Powered by blists - more mailing lists