Bug#806273: use grub-mount as the sole source of partition probes (disable kernel readonly mounts)
changes since v1:
* do not fallback on dangerous read only kernel mounts if grub-mount is
missing, just exit with error
>From 34a2c247fa08d4e01aa08b5b75977c66d71df4f8 Mon Sep 17 00:00:00 2001
From: Emmanuel Kasper <emmanuel@libera.cc>
Date: Tue, 15 Nov 2016 14:52:23 +0100
Subject: [PATCH v2] use grub-mount as the sole source of partition probes
(disable kernel readonly mounts)
the read only kernel mounts of os-probes caused various data corruption in virtual machines
and exported block devices due to the following chain of event:
1. os-prober tries to mount via grub-mount each block device as seen from /sys/block
2. in case of iscsi exported block devices or virtualization environment, such
a block device could be a whole disk image with a partition table
3. since grub-mount expects a filesystem superblock but encounters a partition table
it fails and then give hand to
4. kernel read only mounts, calling the function ro_partition
5. the ro_partition function sets the block device readonly via blockdev --setro
6. a number of kernel mounts are attempted via various kernel modules
7. the block device is set to readwrite
now when I/O happened on the iscsi initiator or virtual machines between 5-7
the blocks cannot be flushed to the block device since it has been
locked by os-prober. This causes a filesystem error and the filesystem to be
remounted read only.
since grub-mount is now available on all the platforms debian supports
we assume we can disable the risky behaviour without losing too much os-prober functionnality
grub-mount has also now support for all filesystems which the kernel knows,
the exception being QNX
---
debian/control | 2 +-
os-probes/common/50mounted-tests | 27 +++++++++++----------------
2 files changed, 12 insertions(+), 17 deletions(-)
diff --git a/debian/control b/debian/control
index 10459bd..ac307f5 100644
--- a/debian/control
+++ b/debian/control
@@ -22,7 +22,7 @@ Package: os-prober
Architecture: any
Section: utils
Priority: extra
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common
Description: utility to detect other OSes on a set of drives
This package detects other OSes available on a system and outputs the
results in a generic machine-readable format.
diff --git a/os-probes/common/50mounted-tests b/os-probes/common/50mounted-tests
index 561163b..8e1c87f 100755
--- a/os-probes/common/50mounted-tests
+++ b/os-probes/common/50mounted-tests
@@ -47,25 +47,20 @@ fi
mounted=
if type grub-mount >/dev/null 2>&1 && \
- type grub-probe >/dev/null 2>&1 && \
- grub-mount "$partition" "$tmpmnt" 2>/dev/null; then
- mounted=1
- type="$(grub-probe -d "$partition" -t fs)" || true
- if [ "$type" ]; then
- debug "mounted using GRUB $type filesystem driver"
- else
- debug "mounted using GRUB, but unknown filesystem?"
+ type grub-probe >/dev/null 2>&1; then
+ if grub-mount "$partition" "$tmpmnt" 2>/dev/null; then
+ mounted=1
+ type="$(grub-probe -d "$partition" -t fs)" || true
+ if [ "$type" ]; then
+ debug "mounted using GRUB $type filesystem driver"
+ else
+ debug "mounted using GRUB, but unknown filesystem?"
type=fuseblk
+ fi
fi
else
- ro_partition "$partition"
- for type in $types $delaytypes; do
- if mount -o ro -t "$type" "$partition" "$tmpmnt" 2>/dev/null; then
- debug "mounted as $type filesystem"
- mounted=1
- break
- fi
- done
+ echo "Cannot find grub-mount (Try installing grub-common)" >&2
+ exit 1
fi
if [ "$mounted" ]; then
--
2.1.4
Reply to: