From: Theodore Ts'o <tytso@mit.edu>
To: Daeho Jeong <daeho.jeong@samsung.com>
Cc: linux-ext4@vger.kernel.org, Kitae Lee <kitae87.lee@samsung.com>
Subject: Re: [PATCH] ext4: guarantee already started handles to successfully finish while ro remounting
Date: Thu, 5 May 2016 11:44:15 -0400 [thread overview]
Message-ID: <20160505154415.GB10764@thunk.org> (raw)
In-Reply-To: <1462150237-20701-1-git-send-email-daeho.jeong@samsung.com>
On Mon, May 02, 2016 at 09:50:37AM +0900, Daeho Jeong wrote:
> We check whether a new handle can be started through
> ext4_journal_check_start() and the function refuses to start the handle
> when the filesystem is mounted with read-only. But now, when we remount
> the filesystem with read-only option, already started handles are
> allowed to be written on disk, but the subsequent metadata modification
> using the handles are refused by ext4_journal_check_start().
>
> As an example, in ext4_evict_inode(), i_size can be set to 0 using
> a successfully started handle, but, when we remount the filesystem
> with read-only option at that time, the subsequent ext4_truncate()
> will be failed and the filesystem integrity will be damaged.
>
> Therefore, we need to permit the metadata modification using already
> started handles to be proceeded, even if s_flags of the filesystem is
> set to MS_RDONLY.
>
> Kitae found the problem and suggested the solution.
>
> Signed-off-by: Kitae Lee <kitae87.lee@samsung.com>
> Signed-off-by: Daeho Jeong <daeho.jeong@samsung.com>
Hmm, I'm not really comfortable with putting this hack in, since this
is papering over the real problem, which is that Android is trying to
use the emergency remount read-only sysrq option and this is
fundamentally unsafe. I'm not sure what else could break if it is
situation normal that there is active processes busily writing to the
file system and sysrq-u followed by reboot is the normal way the
Android kernel does a reboot.
A much better solution would be to change the Android userspace to
call the FIFREEZE ioctl on each mounted file system, and then call for
a reboot.
- Ted
next prev parent reply other threads:[~2016-05-05 15:44 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-02 0:50 [PATCH] ext4: guarantee already started handles to successfully finish while ro remounting Daeho Jeong
2016-05-05 13:45 ` Jan Kara
2016-05-05 15:44 ` Theodore Ts'o [this message]
2016-05-06 5:35 Daeho Jeong
2016-05-06 6:01 Daeho Jeong
2016-05-06 13:00 ` Theodore Ts'o
2016-05-06 20:01 ` Andreas Dilger
2016-05-06 23:36 ` tytso
2016-05-09 8:40 ` Jan Kara
2016-05-07 13:05 Daeho Jeong
2016-05-07 17:47 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160505154415.GB10764@thunk.org \
--to=tytso@mit.edu \
--cc=daeho.jeong@samsung.com \
--cc=kitae87.lee@samsung.com \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.