lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZrV15hAK0Lawyl+8@dread.disaster.area>
Date: Fri, 9 Aug 2024 11:50:30 +1000
From: Dave Chinner <david@...morbit.com>
To: Johannes Bauer <canjzymsaxyt@...rnkuller.de>
Cc: linux-ext4@...r.kernel.org
Subject: Re: Modification of block device by R/O mount

On Thu, Aug 01, 2024 at 08:32:18AM +0200, Johannes Bauer wrote:
> Am 01.08.24 um 08:18 schrieb Johannes Bauer:
> 
> > But my point is, that is what I am doing -- creating the losetup mapping
> > R/O:
> > 
> > # losetup --read-only --show -f image.img
> > /dev/loop35
> > 
> > # echo foo >/dev/loop35
> > bash: echo: write error: Operation not permitted

Oh, I missed that critical detail buried in the example code.  Most
people who report "writes occuring on RO mounts" have no clue that
writes are actually allowed on RO mounts, and you made no mention
that you were also setting the block device read only and that's why
you were expecting writes to fail....

As it is, I don't think the filesystem is actually writing anything
to disk. There's a couple of individual metadata fields that have
been changed in the block device page cache in some metadata at
offset 0x8000:

$ diff -u img.t bdev.t
--- img.t	2024-08-09 11:41:20.358217508 +1000
+++ bdev.t	2024-08-09 11:41:29.966289011 +1000
@@ -103,10 +103,11 @@
 007ff0 0000 0000 0000 0000 000c de00 0eb9 b0b0
 008000 3bc0 9839 0000 0400 0000 0000 0000 0004
 008010 0000 0004 0000 0100 0000 0100 0000 0000
-008020 0000 0000 0000 0000 0000 0000 0000 0000
+008020 0000 0000 0000 0000 0000 1200 0000 0000
 008030 9f03 d923 77f8 9748 64af 1176 1b28 9959
 008040 0000 0100 0000 0000 0000 0000 0000 0000
-008050 0000 0000 0000 0000 0000 0000 0000 0000
+008050 0004 0000 0000 0000 0000 0000 0000 0000
+008060 0000 0000 0000 0000 0000 0000 0000 0000
 *
 008800 0fff 0000 0000 0000 0000 0000 0000 0000
 008810 0000 0000 0000 0000 0000 0000 0000 0000

This does not mean a write was done, however. The filesystem may
have changed metadata directly in the page cache so that it is
correct for a RO mount on a RO block device without actually writing
anything to disk. There's nothing wrong with doing this - it isn't a
bug at all even though such modifications will be visible to
userspace via block device page cache reads.

You'll need someone who actually knows what metadata ext4 needs to
modify directly on read-only mounts to tell you exactly what the
mount is modifying and whether or not it should actually be doing
that or not. However, I personally wouldn't consider this behaviour
a bug if it necessary to allow read-only mounts on read-only block
devices to work reliably...

-Dave.
-- 
Dave Chinner
david@...morbit.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ