| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 17 Aug 2013 09:02:04 -0400 From: Theodore Ts'o <tytso@....edu> To: Felipe Monteiro de Carvalho <felipemonteiro.carvalho@...il.com> Cc: linux-ext4@...r.kernel.org Subject: Re: Which features should I implement in my ext4 reader? On Wed, Aug 14, 2013 at 07:06:44AM +0200, Felipe Monteiro de Carvalho wrote: > > Did my last message go through? Just wondering if it was lost ... I think part of the problem (besids lots of people being busy and on vacation) is it's not clear what your ext4 reader is going to be used for. As a result it's hard to give advice, not knowing what the requirements are for said reader. > > EXT4_FEATURE_INCOMPAT_COMPRESSION = $0001; Compression isn't implemeneted, and so I'd suggest not trying to assume anything the file system with this feature. > > EXT4_FEATURE_INCOMPAT_FILETYPE = $0002; This would be true only if you are properly handling the name_len in the direct structure. (It is a 16 bit Little Endian element, but only the low 8 bits are the name length; the high 8 bits are for the file type). > > EXT4_FEATURE_INCOMPAT_RECOVER = $0004; // Needs recovery */ If you are not doing journal replay, you should *not* try to handle a file system with the needs recovery bit set. > > EXT4_FEATURE_INCOMPAT_BG_USE_META_CSUM= $2000; // use crc32c for bg */ If you're going to ignore potential checksum errors in the metadata.... > > But I now wonder about these features: > > > > EXT4_FEATURE_INCOMPAT_MMP = $0100; This is used to protect against multiple systems trying to access a shared block device. If you are not supporting the MMP protocol, it's possible for the metadata blocks on a shared block device to be changing out from under you, with potentially hilarious (if you find kernel oops or file system reader crashes funny) results. > > EXT4_FEATURE_INCOMPAT_EA_INODE = $0400; // EA in inode */ > > EXT4_FEATURE_INCOMPAT_DIRDATA = $1000; // data in dirent */ > > EXT4_FEATURE_INCOMPAT_LARGEDIR = $4000; // >2GB or 3-lvl htree */ > > EXT4_FEATURE_INCOMPAT_INLINEDATA = $8000; // data in inode */ These features aren't quite fully supported yet. The inline data feature is probably closest to be being fully supported, when we release an the next major version of e2fsprogs. > > And also which ones require an active work for a reader application to > > implement. As I already found out that FLEX_BG does not require active > > work to be supported despite being in the INCOMPAT list... A lot of whether changes are needed to a file system implementation depends on how carefully and robustly it had been written in the first place. Flex_bg had to be an incompat feature because the Linux kernel implementation was checking certain invariants which flex_bg would have violated. If you have an implementation that isn't checking for various metadata inconsistenties or errors, it might not matter. By the way, depending on what your propietary reader is going to be used for, you might want to consider using an fsfuzzer to make sure it handles subtly corrupted file systems in a sane way. If not (again depending on how oyu use it), you could end up crashing your system (if this mysterious proprietary reader is part of some OS) or potentially causing a security breach (buffer overruns, anyway? :-) Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists