lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251114120152.GA13689@lst.de>
Date: Fri, 14 Nov 2025 13:01:52 +0100
From: Christoph Hellwig <hch@....de>
To: Kevin Wolf <kwolf@...hat.com>
Cc: Christoph Hellwig <hch@....de>, Jan Kara <jack@...e.cz>,
	Keith Busch <kbusch@...nel.org>, Dave Chinner <david@...morbit.com>,
	Carlos Maiolino <cem@...nel.org>,
	Christian Brauner <brauner@...nel.org>,
	"Martin K. Petersen" <martin.petersen@...cle.com>,
	linux-kernel@...r.kernel.org, linux-xfs@...r.kernel.org,
	linux-fsdevel@...r.kernel.org, linux-raid@...r.kernel.org,
	linux-block@...r.kernel.org
Subject: Re: fall back from direct to buffered I/O when stable writes are
 required

On Fri, Nov 14, 2025 at 10:29:39AM +0100, Kevin Wolf wrote:
> Right, but since this is direct I/O and the approach with only declaring
> I/O from the page cache safe without a bounce buffer means that RAID has
> to use a bounce buffer here anyway (with or without PI), doesn't this
> automatically solve it?
>
> So if it's only PI, it's the problem of userspace, and if you add RAID
> on top, then the normal rules for RAID apply. (And that the buffer
> doesn't get modified and PI doesn't become invalid until RAID does its
> thing is still a userspace problem.)

Well, only if we have different levels of I/O stability guarantees:

Level 0
  - trusted caller guarantees pages are stable (buffered I/O,
    in-kernel direct I/O callers that control the buffer)

Level 1:
  - untrusted caller declares the pages are stable
    (direct I/O with PI)

Level 2:
  - no one guarantees nothing
    (other direct I/O directly or indirectly fed from userspace)

PI formatted devices would only bounce for 1, parity would bounce for
1 and 2.  Software checksums could probably get away with only 1,
although 2 would feel safer.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ