lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 15 Jul 2022 11:35:18 +0200
From:   Jan Kara <>
To:     "Kiselev, Oleg" <>
Cc:     Jan Kara <>,
        "" <>,
        Theodore Ts'o <>
Subject: Re: [PATCH 2/2] ext4: avoid resizing to a partial cluster size

On Fri 15-07-22 01:00:01, Kiselev, Oleg wrote:
> >> @@ -1624,7 +1624,8 @@ static int ext4_setup_next_flex_gd(struct super_block *sb,
> >> 
> >>      o_blocks_count = ext4_blocks_count(es);
> >> 
> >> -     if (o_blocks_count == n_blocks_count)
> >> +     if ((o_blocks_count == n_blocks_count) ||
> >> +         ((n_blocks_count - o_blocks_count) < sbi->s_cluster_ratio))
> >>              return 0;
> > 
> > So why do you silently do nothing with unaligned size? I'd expect we should
> > catch this condition already in ext4_resize_fs() and return EINVAL in that
> > case...
> Failing a resize with an error will be an unexpected behavior that will
> break software that calls resize2fs without specifying the size.  We ran
> into this issue because we make our filesystems on top of DRBD devices,
> and DRBD aligns its metadata on 4K boundaries.  This results in space
> available for the filesystem having an “odd” size.  Our preference is for
> the utilities to silently fix the fs size down to the nearest “safe” size
> rather than get sporadic errors.   I had submitted a patch for resize2fs
> that rounds the fs target size down to the nearest cluster boundary.  In
> principle it’s similar to the size-rounding that is done now for 4K
> blocks.   Using updated e2fsprogs isn’t mandatory for using ext4 in the
> newer kernels, so making the kernel safe(r) for bigalloc resizes seems
> like a good idea.

I see. Honestly, doing automatic "fixups" of passed arguments to syscalls /
ioctls has bitten us more than once in the past. That's why I'm cautious
about that. It seems convenient initially but then when contraints change
(e.g. you'd want to be rounding to a different number) you suddently find
you have no way to extend the API without breaking some userspace. That's
why I prefer to put these "rounding convenience" functions into userspace.

That being said I don't feel too strongly about this particular case so I
guess I'll defer the final decision about the policy to Ted.

Jan Kara <>

Powered by blists - more mailing lists