ext3 default compile time option should be changed from writeback to ordered

Bug #510067 reported by Surbhi Palande
270
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
High
Surbhi Palande
Karmic
Fix Released
High
Surbhi Palande
Lucid
Fix Released
High
Surbhi Palande

Bug Description

SRU Justification:

Impact: The default writeback mode for ext3 changed implicitly in Karmic without notice. The new default is supposed to be faster (though it seems not that much) but also can cause more likely data corruption when the system crashes.

Fix: Change back the default mode to "ordered" which was used before, is used for Lucid too and is recommended by fs developers anyway.

Testcase: cat /proc/mounts should show ext3 filesystems with data=ordered (if no special intervention was done to change that).

---

Imagine A and B to be the steps of a journaling operation.

data = ordered mode
A) Write data to FS on disk
B) Write metadata to journal

For data = writeback mode
the above steps - A) and B) could switch order.
So you could have the following:
A) write meta data to journal first and then
B) write data to FS on disk

OR

A) write data to FS on disk first and then
B) write metadata to journal.

(since the order is not guranteed in data=writeback mode)

Now imagine a reboot/crash/kernel lockup occurring in between steps A and B

A)
CRASH
B) cannot take place because of the crash.

Now look at data = ordered mode. Since data is always first written to disk before writing the metadata, you always have the most current data on disk. Hence data = ordered gurantees that you will never have stale data on disk.

Whereas for data=writeback mode, when the metadata is written first and you crash before writing the data to fs, this is what happens:
You have stale data, but updated metadata. So what can now happen is, you still read old data and this could be
a security threat (since the user does not expect this behavior) .

However, such a threat does not exist in data=ordered mode. Hence the default mount time option should rightly be data=ordered instead of data = writeback. Change the compile time option accordingly to reflect this change.

Surbhi Palande (csurbhi)
Changed in linux-source-2.6.15 (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Surbhi Palande (csurbhi)
description: updated
affects: linux-source-2.6.15 (Ubuntu) → ubuntu
Surbhi Palande (csurbhi)
visibility: private → public
Stefan Bader (smb)
description: updated
Stefan Bader (smb)
description: updated
affects: Ubuntu Karmic → linux (Ubuntu Karmic)
Revision history for this message
Andy Whitcroft (apw) wrote :

This was released in 2.6.32-12.16 for Lucid but unfortuanatly the commit was marked to be ignored so this bug didn't get closed by the janitor:

  commit 1182c7174e2844583451fac2fd9013543b095adf
  Author: Surbhi Palande <email address hidden>
  Date: Thu Jan 21 01:05:32 2010 +0000

    UBUNTU: [Config] ext3 defaults to ordered mode

    BugLink: http://bugs.launchpad.net/bugs/510067
    Ignore: yes

    To prevent a security threat of older data being inadvertently exposed, the
    default mount option of ext3 should be ordered instead of writeback. This
    patch enables the compile time option CONFIG_EXT3_DEFAULTS_TO_ORDERED to
    ensure that an ext3 fs mounts with the data=ordered mode.

    Signed-off-by: Surbhi Palande <email address hidden>
    Signed-off-by: Andy Whitcroft <email address hidden>

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Accepted linux into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.1 KiB)

This bug was fixed in the package linux - 2.6.31-21.59

---------------
linux (2.6.31-21.59) karmic-proposed; urgency=low

  [ Andy Whitcroft ]

  * [Config] generic-pae switch to M586TSC
    - LP: #519448

  [ Chris Wilson ]

  * (pre-stable) drm/i915: Increase fb alignment to 64k
    - LP: #404064

  [ Colin Ian King ]

  * Input: i8042 - bypass AUX IRQ delivery test on laptops
    - LP: #534448

  [ Jerone Young ]

  * SAUCE: Fix volume hotkeys for Dell Studio 1557
    - LP: #465250

  [ Mirsal Ennaime ]

  * SAUCE: aufs: Fix header files inclusion in debug.h
    - LP: #517151

  [ Stefan Bader ]

  * [Config] Enable all CGROUP configuration options
    - LP: #480739

  [ Surbhi Palande ]

  * Revert "[Upstream] acerhdf: Limit modalias matching to supported
    boards"
    - LP: #509730
  * [Config] ext3 defaults to ordered mode
    - LP: #510067

  [ Tim Gardner ]

  * [Config] Fix sub-flavours package conflicts
    - LP: #454827

  [ Upstream Kernel Changes ]

  * PCI/cardbus: Add a fixup hook and fix powerpc
    - LP: #455723
  * fnctl: f_modown should call write_lock_irqsave/restore
    - LP: #519436
  * ACPI: enable C2 and Turbo-mode on Nehalem notebooks on A/C
    - LP: #516325
  * tg3: Add 57788, remove 57720
    - LP: #515390
  * HID: ignore all recent SoundGraph iMON devices
    - LP: #488443
  * Input: ALPS - add interleaved protocol support (Dell E6x00 series)
    - LP: #296610
  * acerhdf: limit modalias matching to supported
    - LP: #509730
  * ASoC: Do not write to invalid registers on the wm9712.
    - LP: #509730
  * cifs: NULL out tcon, pSesInfo, and srvTcp pointers when chasing DFS
    referrals
    - LP: #509730
  * clockevents: Prevent clockevent_devices list corruption on cpu hotplug
    - LP: #509730
  * dma: at_hdmac: correct incompatible type for argument 1 of
    'spin_lock_bh'
    - LP: #509730
  * drivers/net/usb: Correct code taking the size of a pointer
    - LP: #509730
  * Libertas: fix buffer overflow in lbs_get_essid()
    - LP: #509730
  * md: Fix unfortunate interaction with evms
    - LP: #509730
  * pata_cmd64x: fix overclocking of UDMA0-2 modes
    - LP: #509730
  * pata_hpt3x2n: fix clock turnaround
    - LP: #509730
  * SCSI: fc class: fix fc_transport_init error handling
    - LP: #509730
  * sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer
    - LP: #509730
  * USB: emi62: fix crash when trying to load EMI 6|2 firmware
    - LP: #509730
  * USB: Fix a bug on appledisplay.c regarding signedness
    - LP: #509730
  * USB: musb: gadget_ep0: avoid SetupEnd interrupt
    - LP: #509730
  * USB: option: support hi speed for modem Haier CE100
    - LP: #490068, #509730
  * x86, cpuid: Add "volatile" to asm in native_cpuid()
    - LP: #509730
  * e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocation
    failure
    - LP: #509730
  * e100: Fix broken cbs accounting due to missing memset.
    - LP: #509730
  * hostap: Revert a toxic part of the conversion to net_device_ops
    - LP: #509730
  * hwmon: (fschmd) Fix check on unsigned in watchdog_write()
    - LP: #509730
  * hwmon: (sht15) Off-by-one error in array index + incorrect constants
    - LP: #509730
  * i2c/tsl2550: Fix...

Read more...

Changed in linux (Ubuntu Karmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers