lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <86235d7a-a7ea-49da-968e-c5810cbf4a7b@redhat.com>
Date:   Fri, 8 Sep 2023 11:29:40 +0200
From:   Zdenek Kabelac <zkabelac@...hat.com>
To:     Jan Kara <jack@...e.cz>, Mikulas Patocka <mpatocka@...hat.com>
Cc:     Christian Brauner <brauner@...nel.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        dm-devel@...hat.com, Christoph Hellwig <hch@....de>,
        "Darrick J. Wong" <djwong@...nel.org>
Subject: Re: [PATCH] fix writing to the filesystem after unmount

Dne 08. 09. 23 v 9:32 Jan Kara napsal(a):
> On Thu 07-09-23 14:04:51, Mikulas Patocka wrote:
>>
>> On Thu, 7 Sep 2023, Christian Brauner wrote:
>>
>>>> I think we've got too deep down into "how to fix things" but I'm not 100%
>>> We did.
>>>
>>>> sure what the "bug" actually is. In the initial posting Mikulas writes "the
>>>> kernel writes to the filesystem after unmount successfully returned" - is
>>>> that really such a big issue?
>> I think it's an issue if the administrator writes a script that unmounts a
>> filesystem and then copies the underyling block device somewhere. Or a
>> script that unmounts a filesystem and runs fsck afterwards. Or a script
>> that unmounts a filesystem and runs mkfs on the same block device.
> Well, e.g. e2fsprogs use O_EXCL open so they will detect that the filesystem
> hasn't been unmounted properly and complain. Which is exactly what should
> IMHO happen.
>
>>>> Anybody else can open the device and write to it as well. Or even
>>>> mount the device again. So userspace that relies on this is kind of
>>>> flaky anyway (and always has been).
>> It's admin's responsibility to make sure that the filesystem is not
>> mounted multiple times when he touches the underlying block device after
>> unmount.
> What I wanted to suggest is that we should provide means how to make sure
> block device is not being modified and educate admins and tool authors
> about them. Because just doing "umount /dev/sda1" and thinking this means
> that /dev/sda1 is unused now simply is not enough in today's world for
> multiple reasons and we cannot solve it just in the kernel.
>

Hi


/me just wondering how do you then imagine i.e. safe removal of USB drive when 
user shall not expect unmount really unmounts filesystem?

IMHO  - unmount should detect some very suspicious state of block device if it 
cannot correctly proceed - i.e. reporting 'warning/error' on such commands...

Main problem is - if the 'unmount' is successful in this case - the last 
connection userspace had to this fileystem is lost - and user cannot get rid 
of such filesystem anymore for a system.

I'd likely propose in this particular state of unmounting of a frozen 
filesystem to just proceed - and drop the frozen state together with release 
filesystem and never issue any ioctl from such filelsystem to the device below 
- so it would not be a 100% valid unmount - but since the freeze should be 
nearly equivalent of having a proper 'unmount' being done -  it shoudn't be 
causing any harm either - and  all resources associated could  be 
'released.    IMHO it's correct to 'drop' frozen state for filesystem that is 
not going to exist anymore  (assuming it's the last  such user)

Regards


Zdenek


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ