From owner-freebsd-hackers Fri Feb 21 16: 5:46 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CEDE37B401; Fri, 21 Feb 2003 16:05:44 -0800 (PST) Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net [207.217.120.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E37443F93; Fri, 21 Feb 2003 16:05:43 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0179.cvx21-bradley.dialup.earthlink.net ([209.179.192.179] helo=mindspring.com) by stork.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 18mNAX-0003oT-00; Fri, 21 Feb 2003 16:05:30 -0800 Message-ID: <3E56BE65.12E7108A@mindspring.com> Date: Fri, 21 Feb 2003 16:03:49 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Kirk McKusick Cc: Yevgeniy Aleynikov , Matt Dillon , Ian Dowse , peter@FreeBSD.ORG, ache@FreeBSD.ORG, Ken Pizzini , hackers@FreeBSD.ORG, security-officer@FreeBSD.ORG, nectar@FreeBSD.ORG, jedgar@FreeBSD.ORG, rwatson@FreeBSD.ORG, imp@FreeBSD.ORG, security-team@FreeBSD.ORG, wes@FreeBSD.ORG, guido@FreeBSD.ORG Subject: Re: bleh. Re: ufs_rename panic References: <200302212335.h1LNZ6FL060404@beastie.mckusick.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4bdfb44e1559cc1a2f8c1cadf03e6860a666fa475841a1c7a350badd9bab72f9c350badd9bab72f9c Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kirk McKusick wrote: > Yevgeniy Aleynikov wrote: > > As pointed by Ken - we do have alot of file renames (qmail). > > But 2-nd solution, directory-only rename serialization, probably > > won't affect performance as much. > > > > But i believe it's not only us who's gonna have problem when exploit > > code will be known by everybody sooner or later.... > > Dan's non-atomicity assumption on renames is incorrect. > > Even if it's were correct, it's possible to recover fully following > a failure, because metadata updates are ordered (there is a real > synchronization between dependent operations). > > I think that a workaround would be to comment the directory fsync() > code out of qmail, which apparently thinks it's running on extfs > or an async mounted FFS. > > -- Terry > > You cannot get rid of the fsync calls in qmail. You have to distinguish > between a filesystem that is recoverable and one which loses data. > When receiving an incoming message, SMTP requires that the receiver > have the message in stable store before acknowledging receipt. The > only way to know that it is in stable store is to fsync it before > responding. The issue is specifically with the rename code, which is a metadata operation, not with the storing of application data. The fsync's in question are those to the fd of the directory, not the fd of the application data. Sorry if it wasn't clear from my statement that "Dan's non-atomicity assumption on renames is incorrect" meant that it only applied to the fsync() calls dealing with the rename. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message