Hi, On Tue, Nov 3, 2015 at 10:31 AM, Jan Kara <jack@xxxxxxx> wrote: > On Tue 03-11-15 11:10:53, Dave Chinner wrote: >> On Mon, Nov 02, 2015 at 03:43:07AM +0100, Rafael J. Wysocki wrote: >> > I guess it may also helps to address the case when a device is removed from a >> > suspended system, written to on another system in the meantime and inserted >> > back into the (still suspended) original system which then is resumed. Today >> > this is an almost guaranteed data corruption scenario, but if the filesystem in >> > question is properly frozen during suspend, the driver should be able to detect >> > superblock changes during unfreeze. >> >> Never going to work. There is no guarantee that a write to a >> filesystem by a third party device is going to change the superblock >> (or any metadata in the rest of the filesystem) in any detectable >> way. Hence freezing filesystems will not prevent Bad Things >> Happening if you do this while your system is suspended. > > Agreed, we should never advertise something like this works. OTOH the truth > is that e.g. in ext4 case a simple check in ext4_unfreeze() could catch 90% > of cases where user shot himself in the foot like this (i.e., ext4 driver > will update write time in superblock if it gets mounted somewhere else and > we can check whether that didn't change in ext4_unfreeze()) and refuse to > touch the filesystem... It is not 100% reliable since user could have used > e.g. debuge2fs to arbitrarily modify the filesystem but in such cases they > have to know what they are doing anyway. Well, my idea was to use this for sanity checking. I guess that sanity checks here don't really hurt, do they? And if they fail, perhaps we can just avoid touching the fs again for safety reasons? Thanks, Rafael -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
