From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9411C10F26 for ; Wed, 1 Apr 2020 20:35:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A4A352082F for ; Wed, 1 Apr 2020 20:35:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1585773300; bh=5e/Y+DpQuAnaUyh7Fynhd3HWaNOkr6/qj0jz1CifLP4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Wqw3lnQc/TJp9MX7+cjayCE6BNsKrQQh1/PAGMKkKHYj1niDW08AVNWfZFikmHUpV SxfByfmHIlku0AmEjnqsNbMwKppmylFkFivy43Ild/n7TH9A1RRNyFMI4MxwddU/d0 JSynJG+I3EXu/HiEazVhiA18zuUdQtM0WnDlnHl0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733085AbgDAUfA (ORCPT ); Wed, 1 Apr 2020 16:35:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:54402 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733008AbgDAUe4 (ORCPT ); Wed, 1 Apr 2020 16:34:56 -0400 Received: from ebiggers-linuxstation.mtv.corp.google.com (unknown [104.132.1.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E3BA1208FE; Wed, 1 Apr 2020 20:34:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1585773296; bh=5e/Y+DpQuAnaUyh7Fynhd3HWaNOkr6/qj0jz1CifLP4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=u6ei9k92ro9BSBgwA/aBAWTLPBkDZQOrDOUe+O/JUn7Ij35Qx/ZtCaDclMSQ6gwAL hplacUVQW29LYFuXOg4diN2AKRytaD2yf0teOXqEms7RP9U9F3rkV9PMNAjMcfUQH5 /gX+fEaPOHfvueBVws2FLK3Zi2mObxKqCmAwkZEA= From: Eric Biggers To: linux-ext4@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 1/4] tune2fs: prevent changing UUID of fs with stable_inodes feature Date: Wed, 1 Apr 2020 13:32:36 -0700 Message-Id: <20200401203239.163679-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.26.0.rc2.310.g2932bb562d-goog In-Reply-To: <20200401203239.163679-1-ebiggers@kernel.org> References: <20200401203239.163679-1-ebiggers@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org From: Eric Biggers The stable_inodes feature is intended to indicate that it's safe to use IV_INO_LBLK_64 encryption policies, where the encryption depends on the inode numbers and thus filesystem shrinking is not allowed. However since inode numbers are not unique across filesystems, the encryption also depends on the filesystem UUID, and I missed that there is a supported way to change the filesystem UUID (tune2fs -U). So, make 'tune2fs -U' report an error if stable_inodes is set. We could add a separate stable_uuid feature flag, but it seems unlikely it would be useful enough on its own to warrant another flag. Signed-off-by: Eric Biggers --- misc/tune2fs.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/misc/tune2fs.c b/misc/tune2fs.c index 314cc0d0..ca06c98b 100644 --- a/misc/tune2fs.c +++ b/misc/tune2fs.c @@ -3236,6 +3236,13 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n" char buf[SUPERBLOCK_SIZE] __attribute__ ((aligned(8))); __u8 old_uuid[UUID_SIZE]; + if (ext2fs_has_feature_stable_inodes(fs->super)) { + fputs(_("Cannot change the UUID of this filesystem " + "because it has the stable_inodes feature " + "flag.\n"), stderr); + exit(1); + } + if (!ext2fs_has_feature_csum_seed(fs->super) && (ext2fs_has_feature_metadata_csum(fs->super) || ext2fs_has_feature_ea_inode(fs->super))) { -- 2.26.0.rc2.310.g2932bb562d-goog