lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 5 Oct 2020 18:19:41 +0200
From:   Jan Kara <jack@...e.cz>
To:     Josh Triplett <josh@...htriplett.org>
Cc:     Jan Kara <jack@...e.cz>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Theodore Ts'o <tytso@....edu>,
        Andreas Dilger <adilger.kernel@...ger.ca>,
        Jan Kara <jack@...e.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-ext4@...r.kernel.org
Subject: Re: ext4 regression in v5.9-rc2 from e7bfb5c9bb3d on ro fs with
 overlapped bitmaps

On Mon 05-10-20 03:16:41, Josh Triplett wrote:
> On Mon, Oct 05, 2020 at 11:46:01AM +0200, Jan Kara wrote:
> > On Mon 05-10-20 01:14:54, Josh Triplett wrote:
> > > Ran into an ext4 regression when testing upgrades to 5.9-rc kernels:
> > > 
> > > Commit e7bfb5c9bb3d ("ext4: handle add_system_zone() failure in
> > > ext4_setup_system_zone()") breaks mounting of read-only ext4 filesystems
> > > with intentionally overlapping bitmap blocks.
> > > 
> > > On an always-read-only filesystem explicitly marked with
> > > EXT4_FEATURE_RO_COMPAT_SHARED_BLOCKS, prior to that commit, it's safe to
> > > point all the block and inode bitmaps to a single block of all 1s,
> > > because a read-only filesystem will never allocate or free any blocks or
> > > inodes.
> > > However, after that commit, the block validity check rejects such
> > > filesystems with -EUCLEAN and "failed to initialize system zone (-117)".
> > > This causes systems that previously worked correctly to fail when
> > > upgrading to v5.9-rc2 or later.
> > > 
> > > This was obviously a bugfix, and I'm not suggesting that it should be
> > > reverted; it looks like this effectively worked by accident before,
> > > because the block_validity check wasn't fully functional. However, this
> > > does break real systems, and I'd like to get some kind of regression fix
> > > in before 5.9 final if possible. I think it would suffice to make
> > > block_validity default to false if and only if
> > > EXT4_FEATURE_RO_COMPAT_SHARED_BLOCKS is set.
> > > 
> > > Does that seem like a reasonable fix?
> > 
> > Well, but EXT4_FEATURE_RO_COMPAT_SHARED_BLOCKS is your internal feature
> > that's not present in current upstream kernel AFAICS.
> 
> It isn't "my" feature; the value for
> EXT4_FEATURE_RO_COMPAT_SHARED_BLOCKS is defined in the headers in the
> e2fsprogs tree. The kernel currently does absolutely nothing with it,
> nor did it previously need to; it's just an RO_COMPAT feature which
> ensures that the kernel can only mount the filesystem read-only. The
> point is that an always-read-only filesystem will never change the block
> or inode bitmaps, so ensuring they don't overlap is unnecessary (and
> harmful).

Ah, I see. I missed EXT4_FEATURE_RO_COMPAT_SHARED_BLOCKS is actually
defined in e2fsprogs. Then what you suggests makes sense I guess and it's
good the headers are synced up again...

								Honza
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists