Re: [EXT] [systemd-devel] [PATCH] libblkid: fix spurious ext superblock checksum mismatches

["Theodore Ts'o" <tytso@mit.edu>]

On Tue, Nov 19, 2024 at 08:15:29AM +0000, Windl, Ulrich wrote:
> > Reads of ext superblocks can race with updates.  If libblkid observes a
> [Windl, Ulrich] 
> 
> I really wonder:
> 
> Can one single block be inconsistent when read, considering that the
> block on disk is not inconsistent?  That would mean that the block
> buffer you are reading is being modified by another process.  AFAIK
> the basic UNIX semantic guarantee that a block is read atomically;
> if it's not, something is severely broken, and I don't think that
> O_DIRECT fixes that.

Yes, this can happen if the file system is mounted.  The reason for
this is that the kernel updates metadata blocks via the block buffer
cache, with the jbd2 (journaled block layer v2) subsystem managing the
atomic updates.  The jbd2 layer will block buffer cache writebacks
until the changes are committed in a jbd2 transaction.  So the version
on disk is guaranteed to be consistent.

However, a buffer cache read does not have any consistency guarantees,
and if the file system is being actively modified, it is possible that
you could a superblock where the checksum hasn't yet been updated.

The O_DIRECT read isn't a magic bullet.  For example, if you have a
scratch file system which is guaranteed not to survive a Kubernetes or
Borg container getting aborted, you might decide to format the file
system without a jbd2 journal, since that would be more efficient, and
by definition you don't care about the contents of the file system
after a crash.  So there are millions of ext4 file systems in
hyperscale computing environments that are created without a journal;
and in that case, O_DIRECT will not be sufficient for guaranteeing a
consistent read of the superblock.

In the long term, I'll probably be adding an ioctl which will allow
userspace to read the superblock consistently for a mounted file
system.  We actually already have ioctls, EXT4_IOC_GETFSUUID and
FS_IOC_GETFSLABEL which will allow userspace to fetch the UUID and
Label for a mounted file system.  So eventually, I'll probably end
up adding EXT4_IOC_GET_SUPERBLOCK.  Let me know if this is something
that util-linux would very much want.

Note: this does require figuring out (a) whether the file system is
mounted, and (b) if so, where is it mounted.  So if blkid wants to use
this, it would need to have something like the function
ext2fs_check_mount_point[1].

Cheers,

					- Ted
					
[1] https://github.com/tytso/e2fsprogs/blob/950a0d69c82b585aba30118f01bf80151deffe8c/lib/ext2fs/ismounted.c#L363