lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 12 Apr 2022 20:51:07 -0700
From:   "Darrick J. Wong" <djwong@...nel.org>
To:     Zhang Yi <yi.zhang@...wei.com>
Cc:     Theodore Ts'o <tytso@....edu>,
        Gabriel Krisman Bertazi <krisman@...labora.com>,
        linux-ext4@...r.kernel.org, adilger.kernel@...ger.ca, jack@...e.cz,
        yukuai3@...wei.com, yebin10@...wei.com, liuzhiqiang26@...wei.com,
        liangyun2@...wei.com
Subject: Re: [RFC PATCH] ext4: add unmount filesystem message

On Wed, Apr 13, 2022 at 10:23:31AM +0800, Zhang Yi wrote:
> On 2022/4/13 9:35, Theodore Ts'o wrote:
> > On Tue, Apr 12, 2022 at 12:01:37PM -0400, Gabriel Krisman Bertazi wrote:
> >> Zhang Yi <yi.zhang@...wei.com> writes:
> >>
> >>> Now that we have kernel message at mount time, system administrator
> > 
> > "Now that we have...." is a bit misleading, since (at least to an
> > English speaker) that this is something that was recently added, and
> > that's not the case.
> > 
> >>> could acquire the mount time, device and options easily. But we don't
> >>> have corresponding unmounting message at umount time, so we cannot know
> >>> if someone umount a filesystem easily. Some of the modern filesystems
> >>> (e.g. xfs) have the umounting kernel message, so add one for ext4
> >>> filesystem for convenience.
> >>>
> >>>  EXT4-fs (sdb): mounted filesystem with ordered data mode. Quota mode: none.
> >>>  EXT4-fs (sdb): unmounting filesystem.
> >>
> >> I don't think sysadmins should be relying on the kernel log for this,
> >> since the information can easily be overwritten by new messages there.
> >> Is there a reason why you can't just monitor /proc/self/mountinfo?
> > 
> > You're right that it can be dangerous for sysadmins to be relying on
> > the kernel log for mount and umount notifications --- but it depends
> > on what they think it means, and the potential pitfalls are there for
> > both the mount and unmount messages.  The problem of course, is that
> > bind mounts, and mount name spaces, so if the question is whether a
> > file system is available at a particular mount point, then using the
> > kernel log is definitely not going to be reliable.
> > 
> > But if the goal is to determine whether a particular device is safe to
> > run fsck or otherwise access directly, or for the purposes of
> > debugging the kernel and looking at the logs to understand when the
> > device is being accessed by the kernel and when the file system is
> > done with the device, I can see how it might be useful.
> > 
> 
> Yes, I understand that the kernel log is not reliable, and
> /proc/self/mountinfo neither. Our goal is simple, As Ted said, just add a
> method to help sysadmins to know whether a particular ext4 device is really
> doing unmount procedure, it could be helpful for us to debug kernel and
> locate kernel bug.

But if the mount/unmount messages are ratelimited, how will you know for
sure if the ratelimiting mechanism elides the message?

--D

> Thanks,
> Yi.
> 
> 
>

Powered by blists - more mailing lists