• Jan Kara's avatar
    ext4: forbid journal_async_commit in data=ordered mode · d4f76107
    Jan Kara authored
    Option journal_async_commit breaks gurantees of data=ordered mode as it
    sends only a single cache flush after writing a transaction commit
    block. Thus even though the transaction including the commit block is
    fully stored on persistent storage, file data may still linger in drives
    caches and will be lost on power failure. Since all checksums match on
    journal recovery, we replay the transaction thus possibly exposing stale
    user data.
    
    To fix this data exposure issue, remove the possibility to use
    journal_async_commit in data=ordered mode.
    Signed-off-by: default avatarJan Kara <jack@suse.cz>
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    d4f76107
super.c 159 KB