From: "Theodore Ts'o" <tytso@mit.edu>
To: "Darrick J. Wong" <djwong@kernel.org>, G@mit.edu
Cc: linux-ext4@vger.kernel.org, linux-api@vger.kernel.org
Subject: Re: [PATCH 2/3] ext4: add support for 32-bit default reserved uid and gid values
Date: Thu, 11 Sep 2025 22:57:52 -0400 [thread overview]
Message-ID: <20250912025752.GC3703006@mit.edu> (raw)
In-Reply-To: <20250911223121.GD8084@frogsfrogsfrogs>
On Thu, Sep 11, 2025 at 03:31:21PM -0700, Darrick J. Wong wrote:
>
> Is there a risk that some garbage written to s_reserved (and not caught
> by either the kernel or e2fsck) will now appear as a "legitimate" resuid
> value?
The superblock is checksumed, so the risk would be that some
impleentation modifies the superblock and updates s_reserved for some
reason. But they could do that to any superblock field, or to the low
16 bits of s_resuid/s_resgid today, and that's something that neither
the kernel or e2fsck could check.
The mke2fs program zeroes all of the unused/reserved portions of the
superblock, so the risk is some random non-Linux implementation (e.g.,
GNU Hurd or BSD) had hijacked some reserved field without coordinating
with upstream ext4. I thought about using some kind of compat feature
flag, but it probably wouldn't help since the other implementation
would likely not bother to use their own feature flag since that would
prevent the file system to be mounted with Linux.
Currently, someone tried to run "tune2fs -u 146878 /tmp/foo.img" we'll
silently drop the high 16 bits:
% tune2fs -u 146878 /tmp/foo.img
tune2fs 1.47.3-rc2 (12-Jun-2025)
Setting reserved blocks uid to 146878
% dumpe2fs -h /tmp/foo.img | grep uid
dumpe2fs 1.47.3-rc2 (12-Jun-2025)
Reserved blocks uid: 15806 (user tytso)
And if we have implementations that support 32-bit reserved
uid's/gid's, and the file system is mounted on an older kernel, it
will simply use a different reserved uid (e.g., 15806 instead of
146878). But we're kind of confused today, and in practice most of
the time people will be using low reserved uid's/gid's (e.g., 1 for
daemon, etc.).
- Ted
next prev parent reply other threads:[~2025-09-12 2:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-09 3:15 [PATCH 0/3] ext4: Add support for mounted updates to the superblock via an ioctl Theodore Ts'o via B4 Relay
2025-09-09 3:15 ` [PATCH 1/3] ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Theodore Ts'o via B4 Relay
2025-09-11 22:27 ` Darrick J. Wong
2025-09-12 2:12 ` Theodore Ts'o
2025-09-09 3:15 ` [PATCH 2/3] ext4: add support for 32-bit default reserved uid and gid values Theodore Ts'o via B4 Relay
2025-09-11 22:31 ` Darrick J. Wong
2025-09-12 2:57 ` Theodore Ts'o [this message]
2025-09-09 3:15 ` [PATCH 3/3] ext4: implemet new ioctls to set and get superblock parameters Theodore Ts'o via B4 Relay
2025-09-09 21:33 ` kernel test robot
2025-09-11 22:40 ` Darrick J. Wong
2025-09-12 3:14 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250912025752.GC3703006@mit.edu \
--to=tytso@mit.edu \
--cc=G@mit.edu \
--cc=djwong@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).