lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 20 Jul 2022 11:47:08 -0700
From:   "Darrick J. Wong" <>
To:     Matthew Wilcox <>
Cc:     Theodore Ts'o <>, Jeremy Bongio <>,,,
Subject: Re: [PATCH v4] Add ioctls to get/set the ext4 superblock uuid.

On Wed, Jul 20, 2022 at 07:27:02PM +0100, Matthew Wilcox wrote:
> On Wed, Jul 20, 2022 at 02:00:25PM -0400, Theodore Ts'o wrote:
> > On Wed, Jul 20, 2022 at 03:11:21PM +0100, Matthew Wilcox wrote:
> > > Uhhh.  So what are the semantics of len?  That is, on SET, what does
> > > a filesystem do if userspace says "Here's 8 bytes" but the filesystem
> > > usually uses 16 bytes?  What does the same filesystem do if userspace
> > > offers it 32 bytes?  If the answer is "returns -EINVAL", how does
> > > userspace discover what size of volume ID is acceptable to a particular
> > > filesystem?
> > > 
> > > And then, on GET, does 'len' just mean "here's the length of the buffer,
> > > put however much will fit into it"?  Should filesystems update it to
> > > inform userspace how much was transferred?
> > 
> > What I'd suggest is that for GET, the length field when called should
> > be the length of the buffer, and if the length is too small, we should
> > return some error --- probably EINVAL or ENOSPC.  If the buffer size
> > length is larger than what is needed, having the file system update it
> > with the size of the UUID that was returned.

I'd suggest something different -- calling the getfsuuid ioctl with a
null argument should return the filesystem's volid/uuid size as the
return value.  If userspace supplies a non-null argument, then fsu_len
has to match the filesystem's volid/uuid size or else you get EINVAL.


> > And this would be how the userspace can discover size of the UUID.  In
> > practice, though, the human user is going to be suppliyng the UUID,
> > which means the *human* is going to have to understand that "oh, this
> > is a VFAT file system, so I need to give 32-bit UUID formatted as
> > DEAD-BEAF" or "oh, this is a ntfs file system, so I need to enter into
> > the command line a UUID formatted as the text string
> > A24E62F14E62BDA3".  (The user might also end up having to ntfs or vfat
> > specific uuid changing tool; that's unclear at this point.)
> I think you covered all my questions there except for what happens
> if the user tried to set ext4 to 0xDEADBEEF; that should return
> -EINVAL?  They could specify 0xDEADBEEF'00000000'00000000'00000000 or
> 0x00000000'00000000'00000000'DEADBEEF, but it'd be up to them to choose
> which one they wanted rather than have the filesystem pad it out for them?
> > As far as Jeremy's patch is concerned, I don't think we need to change
> > anything forthe SET ioctl, but for the GET util, it would be better in
> > the extremely unlikely case where the user pass in a length larger
> > than 16 bytes (say, 32), that we return the 16 byte UUID, and update
> > the length field to be 16 bytes.
> > 
> > I don't think it's strictly necessary, since in practice there is no
> > reason why a file system's volume identifier would ever be larger than
> > 16 bytes --- the chances that we might need an extra 240 bytes to
> > specify a multiverse identifier seems.... unlikely.  :-)
> Yes, 128 bits is sufficiently unique for this use case.

Powered by blists - more mailing lists