On Sun, May 6, 2018 at 10:30 PM, Theodore Y. Ts'o <tytso@xxxxxxx> wrote: > On Sun, May 06, 2018 at 11:40:10PM +0900, Tetsuo Handa wrote: >> > We could add a full kernel-mode fsck which gets run before mount --- >> > the question is how much complexity we want to add. If SELinux is >> > enabled, then we have to check xattr consinsistency, etc., etc. >> >> You are thinking too complicated. I'm not asking for kernel-mode fsck. > > That is the logical outcome of what you are asking for. There will > *always* be a point after which where we can't atomically unwind the > mount, and we have to proceed. And after that point, when we detect > an inconsistency all we can do is what the system administrator > requested that we do. Sure, for this particular case, we can > significantly add more complexity and decrease the maintainability of > the code paths involved. But there will always be another case > (e.g,. xattr's being read by SELinux or IMA) that will happen during > the mount, and are we expected to catch all of those cases? > > We do catch a lot of cases where we refuse the mount and complain that > the file system is badly corrupted. This just doesn't happen to be > one of them. > >> I'm just suggesting that mount() request returns an error to the caller >> (and the administrator invokes fsck etc. as needed). >> >> We are fixing bugs which occur during mount operation (e.g. >> >> https://groups.google.com/d/msg/syzkaller-bugs/Yp4q8n-MijM/yDX3zl1XBQAJ >> https://groups.google.com/d/msg/syzkaller-bugs/4C4oiBX8vZ0/W6pi8NdbBgAJ >> https://groups.google.com/d/msg/syzkaller-bugs/QBnHAQBy2pI/ccf-yL5bBgAJ > > These are different because there are kernel OOPS or warning messages. > This is neither a kernel OOPS or a WARN_ON or BUG_ON. > >> And extX filesystem is different from other filesystems that it invokes >> error action specified by errors= parameter rather than return an error to >> the caller. > > Syzkaller (or anyone else) can mount the file system with > errors=continue or errors=remount-ro if it wants to override the > requested behavior of the flag in the superblock which is manipulated > by tune2fs. Filed https://github.com/google/syzkaller/issues/599 to always pass errors=remount-ro when mounting ext4.
