| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Aug 2018 15:31:18 +0200
From: Zdenek Kabelac <zkabelac@...hat.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>, wgh@...lan.ru
Cc: Ilya Dryomov <idryomov@...il.com>, Jens Axboe <axboe@...nel.dk>,
linux-block <linux-block@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Sagi Grimberg <sagi@...mberg.me>,
Mike Snitzer <snitzer@...hat.com>, dm-devel@...hat.com
Subject: Re: LVM snapshot broke between 4.14 and 4.16
Dne 2.8.2018 v 23:52 Linus Torvalds napsal(a):
> On Thu, Aug 2, 2018 at 2:39 PM WGH <wgh@...lan.ru> wrote:
>>
>> I've just found one public report of this bug, though:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900442
>
> Yeah, it does sound like we should fix this issue.
>
Hi
IMHO (as the author of fixing lvm2 patch) user should not be upgrading kernels
and keep running older lvm2 user-land tool (and there are very good reasons
for this).
Kernel had a bug which has been fixed, lvm2 misused this kernel bug and was
also fixed. Keeping kernel bug present allowing certain device to write to
read-only devices can be possibly seen as some security risk.
Also the number of users who ever create a read-only snapshot is probably very
low.
Maybe there could be some 'dm-snapshot' loading modinfo option to allowing
to create in case user really wants to have this bug being present in kernel
(reinstantiate old buggy logic), but on default the user should get error when
it tries to write to read-only volume and should upgrade lvm2.
Regards
Zdenek
Powered by blists - more mailing lists