| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <86235d7a-a7ea-49da-968e-c5810cbf4a7b@redhat.com>
Date: Fri, 8 Sep 2023 11:29:40 +0200
From: Zdenek Kabelac <zkabelac@...hat.com>
To: Jan Kara <jack@...e.cz>, Mikulas Patocka <mpatocka@...hat.com>
Cc: Christian Brauner <brauner@...nel.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
dm-devel@...hat.com, Christoph Hellwig <hch@....de>,
"Darrick J. Wong" <djwong@...nel.org>
Subject: Re: [PATCH] fix writing to the filesystem after unmount
Dne 08. 09. 23 v 9:32 Jan Kara napsal(a):
> On Thu 07-09-23 14:04:51, Mikulas Patocka wrote:
>>
>> On Thu, 7 Sep 2023, Christian Brauner wrote:
>>
>>>> I think we've got too deep down into "how to fix things" but I'm not 100%
>>> We did.
>>>
>>>> sure what the "bug" actually is. In the initial posting Mikulas writes "the
>>>> kernel writes to the filesystem after unmount successfully returned" - is
>>>> that really such a big issue?
>> I think it's an issue if the administrator writes a script that unmounts a
>> filesystem and then copies the underyling block device somewhere. Or a
>> script that unmounts a filesystem and runs fsck afterwards. Or a script
>> that unmounts a filesystem and runs mkfs on the same block device.
> Well, e.g. e2fsprogs use O_EXCL open so they will detect that the filesystem
> hasn't been unmounted properly and complain. Which is exactly what should
> IMHO happen.
>
>>>> Anybody else can open the device and write to it as well. Or even
>>>> mount the device again. So userspace that relies on this is kind of
>>>> flaky anyway (and always has been).
>> It's admin's responsibility to make sure that the filesystem is not
>> mounted multiple times when he touches the underlying block device after
>> unmount.
> What I wanted to suggest is that we should provide means how to make sure
> block device is not being modified and educate admins and tool authors
> about them. Because just doing "umount /dev/sda1" and thinking this means
> that /dev/sda1 is unused now simply is not enough in today's world for
> multiple reasons and we cannot solve it just in the kernel.
>
Hi
/me just wondering how do you then imagine i.e. safe removal of USB drive when
user shall not expect unmount really unmounts filesystem?
IMHO - unmount should detect some very suspicious state of block device if it
cannot correctly proceed - i.e. reporting 'warning/error' on such commands...
Main problem is - if the 'unmount' is successful in this case - the last
connection userspace had to this fileystem is lost - and user cannot get rid
of such filesystem anymore for a system.
I'd likely propose in this particular state of unmounting of a frozen
filesystem to just proceed - and drop the frozen state together with release
filesystem and never issue any ioctl from such filelsystem to the device below
- so it would not be a 100% valid unmount - but since the freeze should be
nearly equivalent of having a proper 'unmount' being done - it shoudn't be
causing any harm either - and all resources associated could be
'released. IMHO it's correct to 'drop' frozen state for filesystem that is
not going to exist anymore (assuming it's the last such user)
Regards
Zdenek
Powered by blists - more mailing lists