lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <175798064615.349841.5241149079975163420.stgit@frogsfrogsfrogs>
Date: Mon, 15 Sep 2025 17:02:42 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: tytso@....edu
Cc: linux-ext4@...r.kernel.org
Subject: [PATCH 2/3] fuse2fs: make norecovery behavior consistent with the
 kernel

From: Darrick J. Wong <djwong@...nel.org>

Amazingly, norecovery/noload on the kernel ext4 driver allows a
read-write mount even for journalled filesystems.  The one case where
mounting fails is if there's a journal and it's dirty.  Make the fuse2fs
option behave the same as the kernel.

Found via ext4/271.

Signed-off-by: "Darrick J. Wong" <djwong@...nel.org>
---
 misc/fuse2fs.c |   27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)


diff --git a/misc/fuse2fs.c b/misc/fuse2fs.c
index a84bd2245d82df..5917569c0a8d32 100644
--- a/misc/fuse2fs.c
+++ b/misc/fuse2fs.c
@@ -929,7 +929,8 @@ static void fuse2fs_unmount(struct fuse2fs *ff)
 static errcode_t fuse2fs_open(struct fuse2fs *ff, int libext2_flags)
 {
 	char options[128];
-	int flags = EXT2_FLAG_64BITS | EXT2_FLAG_THREADS | libext2_flags;
+	int flags = EXT2_FLAG_64BITS | EXT2_FLAG_THREADS | EXT2_FLAG_RW |
+		    libext2_flags;
 	errcode_t err;
 
 	if (ff->lockfile) {
@@ -940,8 +941,6 @@ static errcode_t fuse2fs_open(struct fuse2fs *ff, int libext2_flags)
 
 	snprintf(options, sizeof(options) - 1, "offset=%lu", ff->offset);
 
-	if (!ff->norecovery)
-		flags |= EXT2_FLAG_RW;
 	if (ff->directio)
 		flags |= EXT2_FLAG_DIRECT_IO;
 
@@ -1008,6 +1007,22 @@ static errcode_t fuse2fs_check_support(struct fuse2fs *ff)
 	return 0;
 }
 
+static int fuse2fs_check_norecovery(struct fuse2fs *ff)
+{
+	if (ext2fs_has_feature_journal_needs_recovery(ff->fs->super) &&
+	    !ff->ro) {
+		log_printf(ff, "%s\n",
+ _("Required journal recovery suppressed and not mounted read-only."));
+		return 32;
+	}
+
+	/*
+	 * Amazingly, norecovery allows a rw mount when there's a clean journal
+	 * present.
+	 */
+	return 0;
+}
+
 static int fuse2fs_mount(struct fuse2fs *ff)
 {
 	struct ext2_inode_large inode;
@@ -5196,6 +5211,12 @@ int main(int argc, char *argv[])
 	if (ext2fs_has_feature_shared_blocks(fctx.fs->super))
 		fctx.ro = 1;
 
+	if (fctx.norecovery) {
+		ret = fuse2fs_check_norecovery(&fctx);
+		if (ret)
+			goto out;
+	}
+
 	err = fuse2fs_mount(&fctx);
 	if (err) {
 		ret = 32;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ