lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251013212953.GP6188@frogsfrogsfrogs>
Date: Mon, 13 Oct 2025 14:29:53 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: Oleksandr Natalenko <oleksandr@...alenko.name>
Cc: linux-kernel@...r.kernel.org, linux-xfs@...r.kernel.org,
	Carlos Maiolino <cem@...nel.org>, Pavel Reichl <preichl@...hat.com>,
	Vlastimil Babka <vbabka@...e.cz>,
	Thorsten Leemhuis <linux@...mhuis.info>
Subject: Re: XFS attr2 mount option removal may break system boot

On Mon, Oct 13, 2025 at 09:08:38PM +0200, Oleksandr Natalenko wrote:
> Hello.
> 
> In v6.18, the attr2 XFS mount option is removed. This may silently break system boot if the attr2 option is still present in /etc/fstab for rootfs.
> 
> Consider Arch Linux that is being set up from scratch with / being
> formatted as XFS. The genfstab command that is used to generate
> /etc/fstab produces something like this by default:
> 
> /dev/sda2 on / type xfs (rw,relatime,attr2,discard,inode64,logbufs=8,logbsize=32k,noquota)

As in, /etc/fstab captures ALL the output of /proc/mounts, including the
strings that reflect filesystem state even if not explicitly provided by
whoever mounted the fs?  Is your actual fstab contents:

/dev/sda2	/	relatime,attr2,discard,inode64,logbufs=8,logbsize=32k,noquota	0	0

(aka logbufs/inode64/logbsize/sunit/swidth and the ones the vfs puts in
there on its own)

That's pretty messed up, but open-parsing stringly typed data structures
with unclear RMW semantics is always going to be a trash fire.

> Once the system is set up and rebooted, there's no deprecation warning seen in the kernel log:
> 
> # cat /proc/cmdline
> root=UUID=77b42de2-397e-47ee-a1ef-4dfd430e47e9 rootflags=discard rd.luks.options=discard quiet
> 
> # dmesg | grep -i xfs
> [    2.409818] SGI XFS with ACLs, security attributes, realtime, scrub, repair, quota, no debug enabled
> [    2.415341] XFS (sda2): Mounting V5 Filesystem 77b42de2-397e-47ee-a1ef-4dfd430e47e9
> [    2.442546] XFS (sda2): Ending clean mount
> 
> Although as per the deprecation intention, it should be there.
> 
> Vlastimil (in Cc) suggests this is because xfs_fs_warn_deprecated() doesn't produce any warning by design if the XFS FS is set to be rootfs and gets remounted read-write during boot. This imposes two problems:
> 
> 1) a user doesn't see the deprecation warning; and
> 2) with v6.18 kernel, the read-write remount fails because of unknown attr2 option rendering system unusable:

...aaand that's the second failed deprecation in the kernel in the past
month because someone missed a detail somewhere for years and nobody
noticed.

> systemd[1]: Switching root.
> systemd-remount-fs[225]: /usr/bin/mount for / exited with exit status 32.
> 
> # mount -o rw /
> mount: /: fsconfig() failed: xfs: Unknown parameter 'attr2'.
> 
> Thorsten (in Cc) suggested reporting this as a user-visible regression.
> 
> From my PoV, although the deprecation is in place for 5 years already,
> it may not be visible enough as the warning is not emitted for rootfs.
> Considering the amount of systems set up with XFS on /, this may
> impose a mass problem for users.
> 
> Vlastimil suggested making attr2 option a complete noop instead of removing it.
> 
> Please check.

Heh.  Yep, that's a bug.

--D

> Thank you.
> 
> -- 
> Oleksandr Natalenko, MSE

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ