Received: by 2002:ab2:7407:0:b0:1f4:b336:87c4 with SMTP id e7csp207287lqn;
        Thu, 11 Apr 2024 20:56:10 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCW947laaFcaPyngxUhzW+fvIPN5b7I/oYDKzXQoz/TydFlAAgpOgwdOhcRXULM5IVUrGL/R5PabQMdT16iZQ12Ely2EyuQmvbEGRf2Wlg==
X-Google-Smtp-Source: AGHT+IHLkMPRn54H5qWmHDjwl2/cu4WLuuy7W9ArmrhhLjsd6xtlHJkacz8DjtoF5qs40YH8HOzg
X-Received: by 2002:ae9:e64b:0:b0:78d:698d:f7b7 with SMTP id x11-20020ae9e64b000000b0078d698df7b7mr1637547qkl.16.1712894170211;
        Thu, 11 Apr 2024 20:56:10 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1712894170; cv=pass;
        d=google.com; s=arc-20160816;
        b=fFtxUV2Buq3rRpVD4CaCoZ76hKdFzAcQt6GGImY1AXsOf+wqhs5FlbP4MjZ6PVxQSX
         FtAEb9EMBLYqQQi9BWkWEmliCUliEQhIMTyRzNTbVM/GLWx3SGOClFB8pEAWH8wNawpN
         9rgu7fMPvycs+SIZhA/p61EU1K1o/xZXpGHgMq34W+J6n7W8c5l28/PA2AYfeeSBmLQZ
         7Vom66zt2RGaQSvuUqk4JeRpTaNmFRhbvGqFIOyn7nWmohsV/htlC3ejJamWC8SQvsYA
         KfANCFOfFH5TfBstd35SzwzJVLusEdBRJIKphQvpIBA+hJWOB3lJC4b9bb/2JLJEKfw0
         wGlw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=3y/worbB/UJgc5iThuhYF+NXbVCCGkZo3/cJ22BJobY=;
        fh=5/YXHE2Xv0L6L19IIjQENRt5Tr5bUYd3gWJ4ASqGvMY=;
        b=lIBf0tAqc7zuFr5cD5Vy179dZvtCiZgdZCCsJwgJRTAiso0n4PLyo+BJf2Yc+Lpr5y
         rETW4jgmyKEwpg6zXZ8kaMaMOElotWdS+JmwC0fpkMneLxVSIFOQ9vgu0cvPjaZ4BfYs
         A/5NCAs86wjUflmYYWUsX3vigD8CzcfKqyJZEhnUSNQDMm/iNVPpt9612cTVUkEI3zRK
         DxgciVpTyrSGeSsrI9dkxgzU95Y6Kia1EA3IXkv+GZ74D/eQcyLVBFIFCadzN3vi/c3a
         hpZt3WzQzK5oV4QCBJxeOotTg7cId1k+3OZ6IG499ebikJB+SafDi0rG4F2JJRe4GpB4
         2kqw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@mit.edu header.s=outgoing header.b=dOfhEEQ9;
       arc=pass (i=1 spf=pass spfdomain=mit.edu dkim=pass dkdomain=mit.edu dmarc=pass fromdomain=mit.edu);
       spf=pass (google.com: domain of linux-kernel+bounces-141878-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-141878-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu
Return-Path: <linux-kernel+bounces-141878-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id bs19-20020a05620a471300b0078ec65d1b57si2322821qkb.358.2024.04.11.20.56.10
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Apr 2024 20:56:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-141878-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mit.edu header.s=outgoing header.b=dOfhEEQ9;
       arc=pass (i=1 spf=pass spfdomain=mit.edu dkim=pass dkdomain=mit.edu dmarc=pass fromdomain=mit.edu);
       spf=pass (google.com: domain of linux-kernel+bounces-141878-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-141878-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id E89471C20F2A
	for <linux.lists.archive@gmail.com>; Fri, 12 Apr 2024 03:56:09 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 683BA17C7F;
	Fri, 12 Apr 2024 03:56:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b="dOfhEEQ9"
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1670617BBF
	for <linux-kernel@vger.kernel.org>; Fri, 12 Apr 2024 03:56:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.9.28.11
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1712894166; cv=none; b=XAnez24Ck3wc2N8OmneC8TcQc5w7HpdhS0jZPKRydWPezUYFsxf4FqFxREUwr0Xi2ZvBlTs0+htfenefBIrn24mfziaE5HF6Otqu5fQUGkkbGpY/lccV6D3NUhtxa2gbobwtSg6sEDfxJ4TFZXK1LAX/ZUq6IplK7DsmHhKilnE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1712894166; c=relaxed/simple;
	bh=jgsySEBfBr2yKswNUwikz+FITKjJFHnZo959lH69wCc=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=q5pW54PSRuj5l+0T70MEIcz/53ntB/B5ThLMx/6Pb+TzaQRk5shAXkjrWlQWVJpmy0DZfu7mDmkJpGHgyq0/2hE0+IQNMM5Xughwk0KAKlmfcqtVFBB5qi6JzcnKt1nruu83LcAUPnVqKvahhIgujRKiMWaSWx7q63dfCxkAAMI=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu; spf=pass smtp.mailfrom=mit.edu; dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b=dOfhEEQ9; arc=none smtp.client-ip=18.9.28.11
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mit.edu
Received: from cwcc.thunk.org (pool-173-48-113-60.bstnma.fios.verizon.net [173.48.113.60])
	(authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
	by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 43C3taCf022568
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 11 Apr 2024 23:55:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing;
	t=1712894139; bh=3y/worbB/UJgc5iThuhYF+NXbVCCGkZo3/cJ22BJobY=;
	h=Date:From:Subject:Message-ID:MIME-Version:Content-Type;
	b=dOfhEEQ9qq2eBitbPxPjKxnkbJWSMYIq1Rs9v8s7FZrm/N+xrL/FeLtG4Xhco4aa+
	 9KjnG+3c+QEho2i8qjlsc0/V877gOB3E8JgjYiqA57Y2vbPvf49slCx5MILUZxHBmx
	 M/uyW4qTo6mLzYZ6Rbl+m/tuv6ctdgKrStE5y97R99R2NZ4FMnpyVdqs+OENXLL/Xs
	 2upBA/iKiGG6BwvhxfYFaA9uZbibTNfkoMhR55UJhrrzdpJGr5FIqVbuICSZAgZaXd
	 4K5o0QgrJuXwth+ijJ0iMDwdxYa/OUnBU04kgq6AtFtWJDfbwpyKwI4SCxTPujQcUW
	 5Gk1v01opiBUw==
Received: by cwcc.thunk.org (Postfix, from userid 15806)
	id 7761F15C00DE; Thu, 11 Apr 2024 23:55:36 -0400 (EDT)
Date: Thu, 11 Apr 2024 23:55:36 -0400
From: "Theodore Ts'o" <tytso@mit.edu>
To: "yebin (H)" <yebin10@huawei.com>
Cc: Jan Kara <jack@suse.cz>, adilger.kernel@dilger.ca,
        linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] jbd2: avoid mount failed when commit block is partial
 submitted
Message-ID: <20240412035536.GD187181@mit.edu>
References: <20240402090951.527619-1-yebin10@huawei.com>
 <20240402134240.5he4mxei3nvzolb3@quack3>
 <20240403033742.GE1189142@mit.edu>
 <20240403101122.rmffivvvf4a33qis@quack3>
 <6611F8D5.3030403@huawei.com>
 <20240411133718.tq74yorf6odpla4r@quack3>
 <20240411145559.GB187181@mit.edu>
 <66188E1B.6070209@huawei.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <66188E1B.6070209@huawei.com>

On Fri, Apr 12, 2024 at 09:27:55AM +0800, yebin (H) wrote:
> I thought of a solution that when the commit block checksum is
> incorrect, retain the first 512 bytes of data, clear the subsequent
> data, and then calculate the checksum to see if it is correct. This
> solution can distinguish whether the commit is complete for
> components that can ensure the atomicity of 512 bytes or more. But
> for HDD, it may not be able to distinguish, but it should be
> alleviated to some extent.

Yeah, we discussed something similar at the weekly ext4 call; the idea
was to change the kernel to zero out the jbd2 block before we fill in
any jbd2 tags (including in the commit block) when writing the
journal.  Then in the journal replay path, if the checksum doesn't
match, we can try zeroing out everything beyond the size in the header
struct, and then retry the the checksum and see if it matches.

This also has the benefit of making sure that we aren't leaking stale
(uninitialized) kernel memory to disk, which could be considered a
security vulnerability in some cases --- although the likelihood that
something truly sensitive could be leaked is quite low; the attack
requires raw access to the storate device; and exposure similar to
what gets written to the swap device.  Still there are people who do
worry about such things.

						- Ted