summaryrefslogtreecommitdiffstats
path: root/fs/ext4
diff options
context:
space:
mode:
authorJan Kara <jack@suse.cz>2014-11-26 02:19:17 +0100
committerTheodore Ts'o <tytso@mit.edu>2014-11-26 02:19:17 +0100
commitd4f761074353b9aa42a3bdd039d78e1af5f5f29f (patch)
tree906be3cb6a3c591e8ed1257f17ed9eeb50bfcde2 /fs/ext4
parentjbd2: remove unnecessary NULL check before iput() (diff)
downloadlinux-d4f761074353b9aa42a3bdd039d78e1af5f5f29f.tar.xz
linux-d4f761074353b9aa42a3bdd039d78e1af5f5f29f.zip
ext4: forbid journal_async_commit in data=ordered mode
Option journal_async_commit breaks gurantees of data=ordered mode as it sends only a single cache flush after writing a transaction commit block. Thus even though the transaction including the commit block is fully stored on persistent storage, file data may still linger in drives caches and will be lost on power failure. Since all checksums match on journal recovery, we replay the transaction thus possibly exposing stale user data. To fix this data exposure issue, remove the possibility to use journal_async_commit in data=ordered mode. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'fs/ext4')
-rw-r--r--fs/ext4/super.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index f8ad756bb852..4fca81cc8fce 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1695,6 +1695,12 @@ static int parse_options(char *options, struct super_block *sb,
return 0;
}
}
+ if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_ORDERED_DATA &&
+ test_opt(sb, JOURNAL_ASYNC_COMMIT)) {
+ ext4_msg(sb, KERN_ERR, "can't mount with journal_async_commit "
+ "in data=ordered mode");
+ return 0;
+ }
return 1;
}