| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Sep 2015 19:21:08 -0600 From: Andreas Dilger <adilger@...ger.ca> To: Theodore Ts'o <tytso@....edu> Cc: "Darrick J. Wong" <darrick.wong@...cle.com>, "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org> Subject: Re: [PATCH] tune2fs: don't change UUID on a mounted metadata_csum fs On Sep 29, 2015, at 16:46, Theodore Ts'o <tytso@....edu> wrote: > >> On Tue, Sep 29, 2015 at 08:31:22AM -0700, Darrick J. Wong wrote: >> It's not safe to change the UUID on a mounted filesystem when the >> metadata_csum feature is enabled because there's (currently) no >> way to update the kernel's CRC seeds, which precompute the UUID >> component of the checksum for all metadata blocks. Not to mention >> that we'd have to rewrite /all/ metadata blocks, and any kernel disk >> accesses will race with tune2fs, thus destroying the filesystem. > > It's not safe, but if you know what you're doing, it can work if the > root file system is quiscent (or preferably, mounted read-only) and if > you reboot immediately afterwards. > > In point of fact, the use case that inspired me to add this was > wanting to change the UUID right before creating a GCE image such that > it has a different UUID from the UUID from the base OS image that you > used to create the image. I don't see how changing the UUID for mounted file systems can work for metadata_csum file systems? Wouldn't this cause a checksum error for every piece of metadata? For regular file systems it wouldn't be fatal so long as the group descriptors are written out to disk again with the new checksum. > And with metadata_csum, you can't even use > 'debugfs -R "ssv uuid random"' to reset the uuid, since it won't > update the all of the metadata blocks. The only way to update the > uuid while the root file system is mounted is to use "tune2fs -f -U > random". > > If the concern is that it's too dangerous to do this even with the -f > option, maybe we could require two -f option --- i.e., "tune2fs -f -f > -U random /dev/sda1". I'd rather something like --force-uuid or similar so that it is clear what is being forced, since "-f" is too overloaded to mean different things. > Or maybe we could require that the root file > system be mounted read-only, and adding a warning that this the > sytstem should be rebooted immediately afterwards. I still don't think this can help for metadata_csum? Cheers, Andreas -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists