| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250122110533.4116662-1-libaokun@huaweicloud.com>
Date: Wed, 22 Jan 2025 19:05:24 +0800
From: libaokun@...weicloud.com
To: linux-ext4@...r.kernel.org
Cc: tytso@....edu,
adilger.kernel@...ger.ca,
jack@...e.cz,
linux-kernel@...r.kernel.org,
yi.zhang@...wei.com,
yangerkun@...wei.com,
libaokun@...weicloud.com,
Baokun Li <libaokun1@...wei.com>
Subject: [PATCH v3 0/9] ext4: fix issues caused by data write-back failures
From: Baokun Li <libaokun1@...wei.com>
Changes since v2:
* Add patch 6.
* Patch 4: Use the new name ext4_has_journal_option().
* Patch 5: Use the new name EXT4_IO_END_DEFER_COMPLETION and
ext4_io_end_defer_completion().
* Collect RVB from Jan Kara and Zhang Yi.(Thanks for your review!)
Changes since v1:
* Patch 5: Make data_err=abort work for all Buffer IO, not just add
support in dioread_nolock mode.
* Add patch 3,4,6.
* Collect RVB from Jan Kara and Zhang Yi.(Thanks for your review!)
v1: https://lore.kernel.org/r/20241220060757.1781418-1-libaokun@huaweicloud.com
v2: https://lore.kernel.org/r/20250121071050.3991249-1-libaokun@huaweicloud.com
Recently some of our customers remounted ext4 from
"dioread_nolock,data_err=abort" to "dioread_lock,data_err=abort" and the
ext4 filesystem became read-only.
Then I found that "data_err=abort" is not working in dioread_nolock mode,
when data writeback fails, the error is always recorded in inode mapping,
but no one will check it, not even when converting unwritten to written,
which could expose stale data. When remounted with dioread_lock, the error
recorded in the inode mapping was checked and the journal aborted, and the
file system became read-only later.
Patch 1: Clean up duplicate code and ensure that an warning is printed
when data may be lost;
Patch 2: Fix an issue that could expose stale data when data writeback
fails;
Patch 3: Reject data_err=abort in nojournal mode to ensure
sbi->s_journal != NULL when DATA_ERR_ABORT set.
Patch 4: Add the ext4_has_journal_option() helper to reduce
code duplication.
Patch 5: Make data_err=abort work for all Buffer IO, not just order mode.
Patch 6: Clean up JBD2_ABORT_ON_SYNCDATA_ERR and related logic.
Patch 7: Update the description of data_err=abort|ignore in the DOC.
Patch 8: Remove useless i_unwritten and related code.
Patch 9: Pack holes in ext4_inode_info to save memory.
Comments and questions are, as always, welcome.
Thanks,
Baokun
Baokun Li (9):
ext4: replace opencoded ext4_end_io_end() in ext4_put_io_end()
ext4: do not convert the unwritten extents if data writeback fails
ext4: reject the 'data_err=abort' option in nojournal mode
ext4: extract ext4_has_journal_option() from __ext4_fill_super()
ext4: abort journal on data writeback failure if in data_err=abort mode
jbd2: drop JBD2_ABORT_ON_SYNCDATA_ERR
ext4: update the descriptions of data_err=abort and data_err=ignore
ext4: remove unused member 'i_unwritten' from 'ext4_inode_info'
ext4: pack holes in ext4_inode_info
Documentation/admin-guide/ext4.rst | 7 ++-
fs/ext4/ext4.h | 34 ++++----------
fs/ext4/inode.c | 2 +-
fs/ext4/page-io.c | 75 ++++++++++++++++++++----------
fs/ext4/super.c | 65 +++++++++++++-------------
fs/jbd2/commit.c | 6 +--
include/linux/jbd2.h | 3 --
7 files changed, 100 insertions(+), 92 deletions(-)
--
2.39.2
Powered by blists - more mailing lists