On Mon, May 14, 2018 at 11:12 AM, Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote: > On Sun, May 6, 2018 at 10:30 PM, Theodore Y. Ts'o <tytso@xxxxxxx> wrote: >> On Sun, May 06, 2018 at 11:40:10PM +0900, Tetsuo Handa wrote: >>> > We could add a full kernel-mode fsck which gets run before mount --- >>> > the question is how much complexity we want to add. If SELinux is >>> > enabled, then we have to check xattr consinsistency, etc., etc. >>> >>> You are thinking too complicated. I'm not asking for kernel-mode fsck. >> >> That is the logical outcome of what you are asking for. There will >> *always* be a point after which where we can't atomically unwind the >> mount, and we have to proceed. And after that point, when we detect >> an inconsistency all we can do is what the system administrator >> requested that we do. Sure, for this particular case, we can >> significantly add more complexity and decrease the maintainability of >> the code paths involved. But there will always be another case >> (e.g,. xattr's being read by SELinux or IMA) that will happen during >> the mount, and are we expected to catch all of those cases? >> >> We do catch a lot of cases where we refuse the mount and complain that >> the file system is badly corrupted. This just doesn't happen to be >> one of them. >> >>> I'm just suggesting that mount() request returns an error to the caller >>> (and the administrator invokes fsck etc. as needed). >>> >>> We are fixing bugs which occur during mount operation (e.g. >>> >>> https://groups.google.com/d/msg/syzkaller-bugs/Yp4q8n-MijM/yDX3zl1XBQAJ >>> https://groups.google.com/d/msg/syzkaller-bugs/4C4oiBX8vZ0/W6pi8NdbBgAJ >>> https://groups.google.com/d/msg/syzkaller-bugs/QBnHAQBy2pI/ccf-yL5bBgAJ >> >> These are different because there are kernel OOPS or warning messages. >> This is neither a kernel OOPS or a WARN_ON or BUG_ON. >> >>> And extX filesystem is different from other filesystems that it invokes >>> error action specified by errors= parameter rather than return an error to >>> the caller. >> >> Syzkaller (or anyone else) can mount the file system with >> errors=continue or errors=remount-ro if it wants to override the >> requested behavior of the flag in the superblock which is manipulated >> by tune2fs. > > > Filed https://github.com/google/syzkaller/issues/599 to always pass > errors=remount-ro when mounting ext4. This was fixed in syzkaller. With this commit: https://github.com/google/syzkaller/commit/deb0e69e1028ba3152631c3f1d2fac98c12e33a5 syzkaller should always pass errors=continue when mounting ext2/3/4. #syz invalid
