lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250918165532.GC416742@mit.edu>
Date: Thu, 18 Sep 2025 12:55:32 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Andreas Dilger <adilger@...ger.ca>
Cc: Ext4 Developers List <linux-ext4@...r.kernel.org>
Subject: Re: [PATCH 0/3] E2fsprogs: tune2fs: use an ioctl to update mounted fs

On Wed, Sep 17, 2025 at 12:26:18AM -0600, Andreas Dilger wrote:
> On Sep 16, 2025, at 21:28, Theodore Ts'o <tytso@....edu> wrote:
> > 
> > Teach tune2fs to try use the new EXT4_IOC_SET_TUNE_SB_PARAM ioctl
> > interface to update mounted file systems.  This will allow us to
> > disallow read/write access to the block device while the file system
> > is mounted, once we are sure the updated e2fsprogs is in use.
> 
> Have you considered to use a mount option (eg. mount.ext4) or a flag
> stored in the sb to indicate that a new e2fsprogs is installed in
> userspace?

For better or for worse, currently whether writes to mounted block
devices are blocked is a global switch, controlled by the
bdev_allow_write_mounted boot command-line option and
CONFIG_BLK_DEV_WRITE_MOUNTED (which controls the default).  That's
because it was designed solely to reduce syzbot noise.

As far as I know, ext2 and ext4 are the only file sysetms which
require sysadmins to need write access to mounted file systems (for
tune2fs).  Most other file systems don't actually allow mounted file
system reconfiguration, or they have ioctl's to allow this.  So I
believe that if a system has a newer version of e2fsprogs, it should
be sufficient for the sysadmin to include
bdev_allow_write_mounted=false in the boot options.  (Or for a
distribution to set CONFIG_BLK_DEV_WRITE_MOUNTED if they can guarantee
that a sufficiently new version of e2fsprogs will be installed with a
particular kernel.)

I don't object to having a per-file sytstem mount option, but it would
require changes in block/bdev.c.  And it might involve more complexity
that would be exposed to the system adinistrators.  So unless there is
some other file system type beyond ext4 which might need write access
while the file system is mounetd, maybe we don't need a per-fs switch.
Maybe ext2, but I think most distributions are using
CONFIG_EXT4_USE_FOR_EXT2 so in practice I don't think it's necessary.

Cheers,

						- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ