lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <tencent_656F159830BC538C2D26CD68@qq.com>
Date: Fri, 1 Aug 2025 10:27:21 +0800
From: "Zhou Jifeng" <zhoujifeng@...inos.com.cn>
To: "Kent Overstreet" <kent.overstreet@...ux.dev>
Cc: "Coly Li" <colyli@...nel.org>, "linux-bcache" <linux-bcache@...r.kernel.org>, "linux-kernel" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] bcache: enhancing the security of dirty data writeback

On Fri, 1 Aug 2025 at 00:02, Kent Overstreet <kent.overstreet@...ux.dev> wrote:
>
> On Thu, Jul 31, 2025 at 02:21:40PM +0800, Zhou Jifeng wrote:
> > There is a potential data consistency risk in bcache's writeback mode:when
> > the application calls fsync, bcache returns success after completing the
> > log write, persisting the cache disk data, and persisting the HDD internal
> > cache. However, at this point, the actual application data may still be in
> > a dirty state and remain stuck in the cache disk. when these data are
> > subsequently written back to the HDD asynchronously through REQ_OP_WRITE,
> > there is no forced refresh mechanism to ensure physical placement on the
> > disk, and there may be no power-off protection measures, which poses a risk
> > of data loss. This mechanism may cause the application to misjudge that the
> > data has been persisted, which is different from the actual storage state,
> > and also violates the semantic agreement that fsync should ensure data
> > persistence.
>
> So, the way you start out describing the patch, it sounds like you're
> addressing some sort of bug in REQ_OP_FLUSH handling, but it looks like
> what you're actually doing is adding a mode where flushes also flush
> bcache?
>
> This doesn't sound like a bugfix, this sounds like a completely new
> mode - we'd need an explanation of the use case you're aiming for.

Yes, this is not about trying to fix a particular defect. Instead, it is about
adding a new method within the current writeback mode to make the
process of writing dirty data in the cache to the HDD more reliable.

> The model for bcache has always been that since the cache is persistent,
> when you're in writeback mode there are no fsync/REQ_OP_FLUSH
> considerations for dirty data; once we've properly persisted (and
> flushed) that data we're good.

In the writeback mode, the current bcache code uses the
REQ_OP_WRITE operation to handle dirty data, and clears the bkey
dirty flag in the btree during the bio completion callback. I think
there might be a potential risk: if in the event of an unexpected
power outage, the data in the HDD hardware cache may not have
had time to be persisted, then the data in the HDD hardware cache
that is pending processing may be lost. Since at this time the bkey
dirty flag in the btree has been cleared, the data status recorded
by the bkey does not match the actual situation of the SSD and
HDD.
Am I understanding this correctly?

> If you want a mode where you can run in writeback mode, but obey flushes
> so that it's still safe to lose or yank the cache device - is that what
> you're after?

When dirty data is temporarily stored in the HDD hardware cache (not
persistedto the disk medium), if an unexpected power outage or unplugging
occurs, the data in the HDD hardware cache may be lost. If such a scenario
occurs, since thedirty flag of the bkey in the btree has been cleared at this
time, but the actual dirtydata corresponding to the bkey has not been
successfully written back to the HDD. I want to use a method to avoid this
situation.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ