Panic in ffs_valloc (Was: Unexpected SU+J inconsistency AGAIN -- please, don't shift topic to ZFS!)
Lev Serebryakov
lev at FreeBSD.org
Wed Mar 6 06:52:15 UTC 2013
Hello, Don.
You wrote 6 марта 2013 г., 10:43:11:
DL> When growing a file, the data *must* be written before writing the block
DL> pointer that points to it. If this ordering isn't obeyed, then a system
DL> crash that occurs between the block pointer write and the data write
DL> would result in the file containing whatever garbage was in the data
DL> block. That garbage could be the confidential contents of some other
DL> user's previously deleted file.
It is why confidential data should be zeored-out before file deletion
:)
But here is another way: add "stream id" for all writes. FS could
mark each write by vnode address (or inode number + FS id) and
drivers, which need high performance could add additional logic to do
selective barriers. All other FSes (which don't need barriers) and
drivers (which don't need this optimization) will work as it is now.
It doesn't look like tight coupling, as this stream id could be
anything FS want (information of FS structure will not leak though
it) and 0 if FS don't want to use this feature.
--
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>
More information about the freebsd-fs
mailing list