[PATCH] UBUNTU: [Config] ext3 defaults to ordered mode

Thu Jan 21 16:40:38 UTC 2010

IMHO, there are many features on todays distributions focusing on
security in multi user environment. Besides, a filesystem should
gurantee atleast the rwx permsisions set by any user. The writeback mode
seems to expose data which a user may not want to share. IMHO, for a
distribution the security feature afforded by ordered mode is necessary.
Users who crave for super performance and do not care for data loss,
should explicitly mount their filesystems with writeback mode and
barriers = 0. But by default, we should support both barriers=1 and
data=ordered.

I am also forwarding an email exchange on ext4 mailing list regarding this:

-------- Original Message --------
Subject: Re: [2.6.30 and later] file corruption on ext3 filesystem.
Date: Mon, 11 Jan 2010 15:13:24 -0500
From: Ric Wheeler <rwheeler at redhat.com>
To: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
CC: david at fromorbit.com, linux-kernel at vger.kernel.org,
linux-fsdevel at vger.kernel.org
References: <201001080254.o082sOXB018423 at www262.sakura.ne.jp>
<20100108123641.GB8654 at discord.disaster>
<201001082215.EJH52647.JLtFSFFVQOHMOO at I-love.SAKURA.ne.jp>
<20100108151915.GC8654 at discord.disaster>
<201001091153.FAC21374.OFOFMJQVOSFLtH at I-love.SAKURA.ne.jp>

On 01/08/2010 09:53 PM, Tetsuo Handa wrote:
> Dave Chinner wrote:
>
>> I agree that it is very wrong, but it's a known problem with writeback
>> mode in ext3:
>>
>> http://thread.gmane.org/gmane.linux.kernel/818044/focus=819977
>>
>> More info as to how this change came about and the proposed but not
>> yet realised fixes:
>>
>> http://lwn.net/Articles/328363/
>>
> Thank you for the pointer.
>
> Indeed, most Linux boxes are used by single user.
> But implicitly importing other deleted file's data is still annoying
> even if the box is used by only one user.
>
> When I was trying to identify the steps to reproduce, I got ./a.out
replaced
> by the deleted .bash_history due to power failure. I executed ./a.out
as root
> without knowing that the file contains deleted .bash_history , and many
> commands listed in deleted .bash_history are executed as root.
> I thought my box was cracked and trojaned. :-(
>

Fedora and some other distributions changed the default back to data
ordered mode in order to avoid exactly this kind of mess. Even if you
are on a single user system, this behavior is certainly unexpected for
most users :-)

Ric

--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Tim Gardner wrote:
> I am not in agreement. ORDERED was the implicit default _before_ Karmic
> because there was no other option. However, Karmic has _not_ had ORDERED
> set since the first 2.6.30 based release. Changing ORDERED at this point
>  changes the fundamental behavior of the file system. I think we need to
> solicit the considered opinion of our platform brethren. I have no idea
> how this might affect select() or poll() or other file system
> notification mechanisms.
> 
> SRU policy states that patches must fix a real problem. IMHO this does
> not fix the root issue, which is the crash, _not_ the file system
> corruption. No file system code will be able to withstand crashes at the
> right critical point.
> 
> Steve, Martin - any thoughts on this? Am I just blowing things all out
> of proportion?
> 
> rtg
> 
> P.S. I have no problem with setting ORDERED on Lucid.
> 
> Stefan Bader wrote:
>> This restores our original default, prevents some cases of corruption after
>> crashes and Kees wants it, too.
>>
>> Surbhi Palande wrote:
>>> This patch fixes bug 510067 on launchpad.
>>> This patch enables the compile time option CONFIG_EXT3_DEFAULTS_TO_ORDERED
>>> to ensure the data=ordered mode for an ext3 fs mount. This prevents a security 
>>> threat of older data being inadvertently exposed, that arises from mounting the
>>> ext3 fs with the data=writeback mode.
>>>
>>> Do consider merging this for Karmic.
>>>
>>>
>>> From 6978a248df3aab38476659e164020b35f7b227ad Mon Sep 17 00:00:00 2001
>>> From: Surbhi Palande <surbhi.palande at canonical.com>
>>> Date: Wed, 20 Jan 2010 15:28:31 +0200
>>> Subject: [PATCH] UBUNTU: [Config] ext3 defaults to ordered mode
>>>
>>> BugLink: http://bugs.launchpad.net/bugs/510067
>>> Ignore: yes
>>>
>>> To prevent a security threat of older data being inadvertently exposed,
>>> the default mount option of ext3 should be ordered instead of writeback. This
>>> patch enables the compile time option CONFIG_EXT3_DEFAULTS_TO_ORDERED
>>> to ensure the data=ordered mode for an ext3 fs mount.
>>>
>>> Signed-off-by: Surbhi Palande <surbhi.palande at canonical.com>
>> Acked-by: Stefan Bader <stefan.bader at canonical.com>
>>
>>> ---
>>>  debian.master/config/config.common.ports  |    2 +-
>>>  debian.master/config/config.common.ubuntu |    2 +-
>>>  2 files changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/debian.master/config/config.common.ports b/debian.master/config/config.common.ports
>>> index 39ee289..4e22aeb 100644
>>> --- a/debian.master/config/config.common.ports
>>> +++ b/debian.master/config/config.common.ports
>>> @@ -817,7 +817,7 @@ CONFIG_EXT2_FS_POSIX_ACL=y
>>>  CONFIG_EXT2_FS_SECURITY=y
>>>  CONFIG_EXT2_FS_XATTR=y
>>>  # CONFIG_EXT2_FS_XIP is not set
>>> -# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
>>> +CONFIG_EXT3_DEFAULTS_TO_ORDERED=y
>>>  CONFIG_EXT3_FS=y
>>>  CONFIG_EXT3_FS_POSIX_ACL=y
>>>  CONFIG_EXT3_FS_SECURITY=y
>>> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
>>> index 462c1c1..2477234 100644
>>> --- a/debian.master/config/config.common.ubuntu
>>> +++ b/debian.master/config/config.common.ubuntu
>>> @@ -943,7 +943,7 @@ CONFIG_EXT2_FS_POSIX_ACL=y
>>>  CONFIG_EXT2_FS_SECURITY=y
>>>  CONFIG_EXT2_FS_XATTR=y
>>>  # CONFIG_EXT2_FS_XIP is not set
>>> -# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
>>> +CONFIG_EXT3_DEFAULTS_TO_ORDERED=y
>>>  CONFIG_EXT3_FS=y
>>>  CONFIG_EXT3_FS_POSIX_ACL=y
>>>  CONFIG_EXT3_FS_SECURITY=y
>>
> 
> 