Re: [BUG] ext4: BUG_ON in ext4_write_inline_data (fs/ext4/inline.c:240)

public inbox for linux-ext4@vger.kernel.org
 help / color / mirror / Atom feed

From: "Theodore Tso" <tytso@mit.edu>
To: Demi Marie Obenour <demiobenour@gmail.com>
Cc: Zw Tang <shicenci@gmail.com>,
	Andreas Dilger <adilger.kernel@dilger.ca>,
	libaokun@linux.alibaba.com, jack@suse.cz, ojaswin@linux.ibm.com,
	linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
	yi.zhang@huawei.com, syzkaller-bugs@googlegroups.com
Subject: Re: [BUG] ext4: BUG_ON in ext4_write_inline_data (fs/ext4/inline.c:240)
Date: Wed, 29 Apr 2026 00:40:30 -0400	[thread overview]
Message-ID: <20260429044030.GB16497@macsyma-wired.lan> (raw)
In-Reply-To: <5981069b-8c54-4b5b-a808-5ebdc8cd7265@gmail.com>

On Tue, Apr 28, 2026 at 04:50:14PM -0400, Demi Marie Obenour wrote:
> This is an example of a BadUSB attack, which has been known since
> at least 2014.  USB sticks *do* have their own microcontrollers to
> run their firmware.  At least in the past this firmware has been
> programmable and not been digitally signed.  This means that the USB
> stick *can* be reprogrammed to perform a TOCTOU attack on a filesystem,
> or indeed to implement a completely different kind of USB device.

Honestly, if that's what you are worried about, then best solution is
put epoxy in every single USB port.  I've since financial institutions
that have done precisely this, and both Android and Chrome OS supports
enterprise security policies which does the equivalent in software.

> Protecting against replay attacks requires a Merkle tree.  The only
> Linux filesystems that I know have one are ZFS, bcachefs, and BTRFS.
> The first two are out of tree and the third is not shipped in RHEL
> at least.

FYI, there was a patch for btrfs, but it was never landed.  It's
unclear how many people would be willing to pay the performance tax of
using hmac-sha256 for every single data and metadata block write.   

> Of course, you are free to choose which (if any) of these attacks you
> care about.  One can that USB sticks should be mounted in userspace,
> UEFI secure boot with Microsoft keys is irrelevant as long as
> administrator -> kernel isn't a security boundary on Windows, and that
> confidential computing only makes sense for stateless workloads (which
> can use dm-verity) until there is a way to trust storage devices.
> But it's always best to be aware that an attack vector exists,
> whether or not one chooses to address it.

Sure, but a drive-by comment on a patch review advocating that we slow
down ext4 to protect a single instance where the attacker has
read/write access to a mounted block device, when the file system
doesn't have generalized protections against that whole class of
attacks.... isn't particularly helpful.

By the way, I'm not aware of *any* company that has been interested in
funding work to protect against this class of attacks.  Given that
most file system developers prefer food with their meals, and have
enough *other* unfunded mandates from our user community, it doesn't
seem likely that we're going to see much forward progress towards your
desires/interests.

Cheers,

					- Ted

next prev parent reply	other threads:[~2026-04-29  4:42 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-21 11:32 [BUG] ext4: BUG_ON in ext4_write_inline_data (fs/ext4/inline.c:240) Zw Tang
2026-04-21 12:20 ` Theodore Tso
2026-04-25 18:00   ` Demi Marie Obenour
2026-04-26  3:22     ` Theodore Tso
2026-04-28 20:50       ` Demi Marie Obenour
2026-04-29  4:40         ` Theodore Tso [this message]
2026-04-29  5:32           ` Demi Marie Obenour
2026-04-27 11:17     ` Jan Kara
2026-04-29 15:06     ` Copy-on-read for untrusted image mounts, and differentiating between metadata and user data writes Demi Marie Obenour
2026-04-21 12:25 ` [BUG] ext4: BUG_ON in ext4_write_inline_data (fs/ext4/inline.c:240) Jan Kara

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260429044030.GB16497@macsyma-wired.lan \
    --to=tytso@mit.edu \
    --cc=adilger.kernel@dilger.ca \
    --cc=demiobenour@gmail.com \
    --cc=jack@suse.cz \
    --cc=libaokun@linux.alibaba.com \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=ojaswin@linux.ibm.com \
    --cc=shicenci@gmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=yi.zhang@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox