lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251017192456.GG6170@frogsfrogsfrogs>
Date: Fri, 17 Oct 2025 12:24:56 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: Dave Dykstra <dave.dykstra@...n.ch>
Cc: linux-ext4@...r.kernel.org,
	Dave Dykstra <2129743+DrDaveD@...rs.noreply.github.com>
Subject: Re: [PATCH] fuse2fs: open read-only when ro option and image
 non-writable

On Thu, Oct 16, 2025 at 03:02:06PM -0500, Dave Dykstra wrote:
> This opens the image read-only when an ro option is given and the
> image is not writable.  If it is then found that a journal recovery
> is needed, an error is returned then.
> 
> The ret value is set to 4 after the option checks so that if there's
> an error resulting in "goto out" it won't print an error about
> unrecognized options.
> 
> Also submitted as PR https://github.com/tytso/e2fsprogs/pull/250
> for the issue https://github.com/tytso/e2fsprogs/issues/244.
> 
> Replaces 
>     https://lore.kernel.org/linux-ext4/20251010214735.22683-1-dave.dykstra@cern.ch/T/#u
>     https://lore.kernel.org/linux-ext4/175798064776.350013.6744611652039454651.stgit@frogsfrogsfrogs/#t
> 
> Signed-off-by: Dave Dykstra <2129743+DrDaveD@...rs.noreply.github.com>
> ---
>  misc/fuse2fs.c | 27 +++++++++++++++++++++++----
>  1 file changed, 23 insertions(+), 4 deletions(-)
> 
> diff --git a/misc/fuse2fs.c b/misc/fuse2fs.c
> index cb5620c7..2ae2fc1a 100644
> --- a/misc/fuse2fs.c
> +++ b/misc/fuse2fs.c
> @@ -4696,9 +4696,19 @@ int main(int argc, char *argv[])
>  	err = ext2fs_open2(fctx.device, options, flags, 0, 0, unix_io_manager,
>  			   &global_fs);
>  	if (err) {
> -		err_printf(&fctx, "%s.\n", error_message(err));
> -		err_printf(&fctx, "%s\n", _("Please run e2fsck -fy."));
> -		goto out;
> +		if (((err == EACCES) || (err == EPERM)) && fctx.ro) {

This is not correct.  mount(8) for the kernel ext4 driver responds to
the block device being readonly by retrying with an ro mount.  The user
is not required to specify 'ro':

# blockdev --setro/ dev/sda
# strace -e mount mount /dev/sda /mnt
40677<mount> 12:19:36 (+     0.000102) mount("/dev/sda", "/mnt", "ext4", 0, NULL) = -1 EACCES (Permission denied)
40677<mount> 12:19:36 (+     0.000285) mount("/dev/sda", "/mnt", "ext4", MS_RDONLY, NULL) = 0

> +			// read-only requested and don't have write access
> +			dbg_printf(&fctx, "%s: %s\n", __func__,
> + _("Permission denied with writable, trying without.\n"));
> +			flags &= ~EXT2_FLAG_RW;
> +			err = ext2fs_open2(fctx.device, options, flags, 0, 0, 
> +					   unix_io_manager, &global_fs);
> +		}
> +		if (err) {
> +			err_printf(&fctx, "%s.\n", error_message(err));
> +			err_printf(&fctx, "%s\n", _("Please run e2fsck -fy."));
> +			goto out;
> +		}
>  	}
>  	fctx.fs = global_fs;
>  	global_fs->priv_data = &fctx;
> @@ -4741,6 +4751,8 @@ int main(int argc, char *argv[])
>  		goto out;
>  	}
>  
> +	ret = 4;

Why 4?  Is this an internal mount bug?

--D

> +
>  	if (global_fs->super->s_state & EXT2_ERROR_FS) {
>  		err_printf(&fctx, "%s\n",
>   _("Errors detected; running e2fsck is required."));
> @@ -4760,6 +4772,11 @@ int main(int argc, char *argv[])
>   _("Mounting read-only without recovering journal."));
>  			fctx.ro = 1;
>  			global_fs->flags &= ~EXT2_FLAG_RW;
> +		} else if (fctx.ro && !(flags & EXT2_FLAG_RW)) {
> +			err_printf(&fctx, "%s\n",
> + _("Journal needs recovery but filesystem could not be opened read-write."));
> +			err_printf(&fctx, "%s\n", _("Please run e2fsck -fy."));
> +			goto out;
>  		} else {
>  			log_printf(&fctx, "%s\n", _("Recovering journal."));
>  			err = ext2fs_run_ext3_journal(&global_fs);
> @@ -4833,8 +4850,10 @@ int main(int argc, char *argv[])
>  	if (fctx.no_default_opts == 0)
>  		fuse_opt_add_arg(&args, extra_args);
>  
> -	if (fctx.ro)
> +	if (fctx.ro) {
> +		/* This is in case ro was implied above and not passed in */
>  		fuse_opt_add_arg(&args, "-oro");
> +	}
>  
>  	if (fctx.fakeroot) {
>  #ifdef HAVE_MOUNT_NODEV
> -- 
> 2.43.5
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ