Bug 1109665 - Disabling f2fs
Disabling f2fs
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Kernel
Leap 42.3
All All
: P5 - None : Normal (vote)
: ---
Assigned To: openSUSE Kernel Bugs
E-mail List
:
Depends on:
Blocks: 1173546
  Show dependency treegraph
 
Reported: 2018-09-25 13:41 UTC by Nikolay Borisov
Modified: 2021-07-16 17:08 UTC (History)
8 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
79625490833: needinfo? (kernel-bugs)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nikolay Borisov 2018-09-25 13:41:44 UTC
This issue is to be used as a collection of all discussions regarding disabling the compilation of f2fs in various opensuse distributions. Currently this filesystem received only sporadic CVE-related backports. In the process of doing said backports I have also identified several drawbacks which make it rather hard to support and provide sensible experience: 

1. There are a bunch of validation checks which are not being backported since they are not linked to a particular CVE as such the stability of the filesystem is questionable even with CVE backports. 

2. Currently the filesystem doesn't have a way to disable mounting of filesystems created with newer kernels, containing on-disk incompatible changes. I have talked with one of the maintainers and they recognize this fact but so far no one is working on this. This is a pretty major since newer images could potentially crash older kernels not being able to properly parse them. 

3. All in all this leads me to believe that f2fs requires a rather controller environment in terms of kernel/tools versions so is not a good candidate to be included in a community-based distribution kernel.

I've already spoken to release manager for leap/tumbleweed and they are fine with disabling it.
Comment 1 Nikolay Borisov 2018-10-02 08:01:33 UTC
I made an announcement regarding those changes and waited a couple of days, no one objected on the public opensuse-kernel list. I've since made and pushed the respective changes to config files to both Leap 42.3 and 15 as well as tumbleweed's master branch. So I consider this issue as fixed.
Comment 2 Swamp Workflow Management 2018-10-03 08:36:09 UTC
This is an autogenerated message for OBS integration:
This bug (1109665) was mentioned in
https://build.opensuse.org/request/show/639718 42.3 / kernel-source
Comment 3 Swamp Workflow Management 2018-10-11 08:47:03 UTC
This is an autogenerated message for OBS integration:
This bug (1109665) was mentioned in
https://build.opensuse.org/request/show/641142 42.3 / kernel-source
Comment 4 Swamp Workflow Management 2019-01-12 08:26:10 UTC
This is an autogenerated message for OBS integration:
This bug (1109665) was mentioned in
https://build.opensuse.org/request/show/664959 15.0 / kernel-source
Comment 5 Swamp Workflow Management 2019-01-17 23:20:53 UTC
openSUSE-SU-2019:0065-1: An update that solves 11 vulnerabilities and has 131 fixes is now available.

Category: security (important)
Bug References: 1024718,1046299,1050242,1050244,1051510,1055121,1055186,1058115,1060463,1065729,1078248,1079935,1082387,1083647,1086282,1086283,1086423,1087978,1088386,1090888,1091405,1094244,1097593,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104967,1105168,1106105,1106110,1106615,1106913,1108270,1109272,1109665,1110558,1111188,1111469,1111696,1111795,1113722,1114279,1114871,1116040,1116183,1116336,1116803,1116841,1117115,1117162,1117165,1117186,1117561,1117656,1117953,1118152,1118215,1118316,1118319,1118428,1118484,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119962,1119968,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1121017,1121058,1121263,1121273,1121477,1121483,1121621,1121714,1121715
CVE References: CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18397,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.45.1, kernel-default-4.12.14-lp150.12.45.1, kernel-docs-4.12.14-lp150.12.45.1, kernel-kvmsmall-4.12.14-lp150.12.45.1, kernel-obs-build-4.12.14-lp150.12.45.1, kernel-obs-qa-4.12.14-lp150.12.45.1, kernel-source-4.12.14-lp150.12.45.1, kernel-syms-4.12.14-lp150.12.45.1, kernel-vanilla-4.12.14-lp150.12.45.1
Comment 6 Tiago Marques 2019-01-23 12:47:07 UTC
Hi,

Any way this can be reverted? This is quite useful for eMMC and USB/SD devices and it has been pretty stable for me, though now I've been greeted with an unbootable system after the kernel update.

It is also quite useful for SMR HDDs, through it's support of ZBC devices[1].

Maybe provide this as "kernel-default-extra-modules"?

[1] https://linux-f2fs-devel.narkive.com/2Bv6pBkh/patch-mkfs-f2fs-zbc-device-support
Comment 7 Jeff Mahoney 2019-01-23 15:07:03 UTC
Yes, it can be reverted but we will still not enable its use by default.  We specifically don't have kernel-default-extra on openSUSE.  This is reserved for SLES since the distinction is what is supported vs what is not.

I have a different solution pending acceptance into the suse-module-tools package that will add a file system blacklist such that uncommon file systems are not autoloaded.  You'd need to explicitly allow f2fs to be loaded (or manually load it).
Comment 8 Tiago Marques 2019-01-24 14:13:54 UTC
I see. Wouldn't it make sense to have the more recent "longterm" kernel available for install as an option?

I don't understand why there is mentioning of backporting security fixes when you could just use one of those kernels and have the patches backported. Is there a reason to keep using 4.12?

I just checked and F2FS security fixes seem to be backported to Linux 4.9, 4.14 and 4.19.
Comment 9 Tiago Marques 2019-01-24 14:14:45 UTC
(In reply to Tiago Marques from comment #8)
> I see. Wouldn't it make sense to have the more recent "longterm" kernel
> available for install as an option?
> 
> I don't understand why there is mentioning of backporting security fixes
> when you could just use one of those kernels and have the patches
> backported. Is there a reason to keep using 4.12?
> 
> I just checked and F2FS security fixes seem to be backported to Linux 4.9,
> 4.14 and 4.19.

By more recent, I mean always have the latest "longterm" release available to support recent hardware.
Comment 10 Jeff Mahoney 2019-01-24 14:23:45 UTC
It's 4.12 since that's the kernel we ship with SLE12 SP3, which Leap 42.3 is based upon.  It's consistently maintained since it's a core component of our flagship enterprise product.

If you want the latest kernel, you're welcome to run Tumbleweed or you could use /just/ that kernel from Kernel:stable.  We're not interested in supporting yet another kernel for an old release.
Comment 11 Swamp Workflow Management 2019-02-01 19:36:38 UTC
This is an autogenerated message for OBS integration:
This bug (1109665) was mentioned in
https://build.opensuse.org/request/show/670625 42.3 / kernel-source
Comment 12 Swamp Workflow Management 2019-02-06 14:30:22 UTC
openSUSE-SU-2019:0140-1: An update that solves 10 vulnerabilities and has 86 fixes is now available.

Category: security (important)
Bug References: 1012382,1015336,1015337,1015340,1019683,1019695,1020645,1023175,1027260,1031492,1043083,1047487,1065600,1068032,1070805,1079935,1086423,1087082,1091405,1094244,1094823,1096242,1096281,1099523,1100105,1101557,1102660,1102875,1102877,1102879,1102882,1102896,1103156,1103257,1104098,1106105,1106929,1107866,1108240,1109272,1109665,1109695,1110286,1114417,1114648,1114763,1114871,1114893,1115431,1116027,1116183,1116336,1116345,1116653,1116841,1116962,1117162,1117165,1117186,1118152,1118316,1118319,1118505,1118790,1118798,1118915,1118922,1118926,1118930,1118936,1119204,1119680,1119714,1119877,1119946,1119967,1119970,1120046,1120722,1120743,1120758,1120902,1120950,1121239,1121240,1121241,1121242,1121275,1121621,1121726,1122650,1122651,1122885,1123321,1123323,1123357
CVE References: CVE-2018-1120,CVE-2018-16862,CVE-2018-16884,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568,CVE-2019-3459,CVE-2019-3460
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.172-86.1, kernel-default-4.4.172-86.1, kernel-docs-4.4.172-86.1, kernel-obs-build-4.4.172-86.1, kernel-obs-qa-4.4.172-86.1, kernel-source-4.4.172-86.1, kernel-syms-4.4.172-86.1, kernel-vanilla-4.4.172-86.1
Comment 13 Nikolay Sabelnikov 2021-07-16 17:08:32 UTC
Hello. This fs is useful for ssd, it is faster and more reliable for ssd.