Bugzilla – Bug 1109665
Disabling f2fs
Last modified: 2021-07-16 17:08:32 UTC
This issue is to be used as a collection of all discussions regarding disabling the compilation of f2fs in various opensuse distributions. Currently this filesystem received only sporadic CVE-related backports. In the process of doing said backports I have also identified several drawbacks which make it rather hard to support and provide sensible experience: 1. There are a bunch of validation checks which are not being backported since they are not linked to a particular CVE as such the stability of the filesystem is questionable even with CVE backports. 2. Currently the filesystem doesn't have a way to disable mounting of filesystems created with newer kernels, containing on-disk incompatible changes. I have talked with one of the maintainers and they recognize this fact but so far no one is working on this. This is a pretty major since newer images could potentially crash older kernels not being able to properly parse them. 3. All in all this leads me to believe that f2fs requires a rather controller environment in terms of kernel/tools versions so is not a good candidate to be included in a community-based distribution kernel. I've already spoken to release manager for leap/tumbleweed and they are fine with disabling it.
I made an announcement regarding those changes and waited a couple of days, no one objected on the public opensuse-kernel list. I've since made and pushed the respective changes to config files to both Leap 42.3 and 15 as well as tumbleweed's master branch. So I consider this issue as fixed.
This is an autogenerated message for OBS integration: This bug (1109665) was mentioned in https://build.opensuse.org/request/show/639718 42.3 / kernel-source
This is an autogenerated message for OBS integration: This bug (1109665) was mentioned in https://build.opensuse.org/request/show/641142 42.3 / kernel-source
This is an autogenerated message for OBS integration: This bug (1109665) was mentioned in https://build.opensuse.org/request/show/664959 15.0 / kernel-source
openSUSE-SU-2019:0065-1: An update that solves 11 vulnerabilities and has 131 fixes is now available. Category: security (important) Bug References: 1024718,1046299,1050242,1050244,1051510,1055121,1055186,1058115,1060463,1065729,1078248,1079935,1082387,1083647,1086282,1086283,1086423,1087978,1088386,1090888,1091405,1094244,1097593,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104967,1105168,1106105,1106110,1106615,1106913,1108270,1109272,1109665,1110558,1111188,1111469,1111696,1111795,1113722,1114279,1114871,1116040,1116183,1116336,1116803,1116841,1117115,1117162,1117165,1117186,1117561,1117656,1117953,1118152,1118215,1118316,1118319,1118428,1118484,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119962,1119968,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1121017,1121058,1121263,1121273,1121477,1121483,1121621,1121714,1121715 CVE References: CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18397,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Sources used: openSUSE Leap 15.0 (src): kernel-debug-4.12.14-lp150.12.45.1, kernel-default-4.12.14-lp150.12.45.1, kernel-docs-4.12.14-lp150.12.45.1, kernel-kvmsmall-4.12.14-lp150.12.45.1, kernel-obs-build-4.12.14-lp150.12.45.1, kernel-obs-qa-4.12.14-lp150.12.45.1, kernel-source-4.12.14-lp150.12.45.1, kernel-syms-4.12.14-lp150.12.45.1, kernel-vanilla-4.12.14-lp150.12.45.1
Hi, Any way this can be reverted? This is quite useful for eMMC and USB/SD devices and it has been pretty stable for me, though now I've been greeted with an unbootable system after the kernel update. It is also quite useful for SMR HDDs, through it's support of ZBC devices[1]. Maybe provide this as "kernel-default-extra-modules"? [1] https://linux-f2fs-devel.narkive.com/2Bv6pBkh/patch-mkfs-f2fs-zbc-device-support
Yes, it can be reverted but we will still not enable its use by default. We specifically don't have kernel-default-extra on openSUSE. This is reserved for SLES since the distinction is what is supported vs what is not. I have a different solution pending acceptance into the suse-module-tools package that will add a file system blacklist such that uncommon file systems are not autoloaded. You'd need to explicitly allow f2fs to be loaded (or manually load it).
I see. Wouldn't it make sense to have the more recent "longterm" kernel available for install as an option? I don't understand why there is mentioning of backporting security fixes when you could just use one of those kernels and have the patches backported. Is there a reason to keep using 4.12? I just checked and F2FS security fixes seem to be backported to Linux 4.9, 4.14 and 4.19.
(In reply to Tiago Marques from comment #8) > I see. Wouldn't it make sense to have the more recent "longterm" kernel > available for install as an option? > > I don't understand why there is mentioning of backporting security fixes > when you could just use one of those kernels and have the patches > backported. Is there a reason to keep using 4.12? > > I just checked and F2FS security fixes seem to be backported to Linux 4.9, > 4.14 and 4.19. By more recent, I mean always have the latest "longterm" release available to support recent hardware.
It's 4.12 since that's the kernel we ship with SLE12 SP3, which Leap 42.3 is based upon. It's consistently maintained since it's a core component of our flagship enterprise product. If you want the latest kernel, you're welcome to run Tumbleweed or you could use /just/ that kernel from Kernel:stable. We're not interested in supporting yet another kernel for an old release.
This is an autogenerated message for OBS integration: This bug (1109665) was mentioned in https://build.opensuse.org/request/show/670625 42.3 / kernel-source
openSUSE-SU-2019:0140-1: An update that solves 10 vulnerabilities and has 86 fixes is now available. Category: security (important) Bug References: 1012382,1015336,1015337,1015340,1019683,1019695,1020645,1023175,1027260,1031492,1043083,1047487,1065600,1068032,1070805,1079935,1086423,1087082,1091405,1094244,1094823,1096242,1096281,1099523,1100105,1101557,1102660,1102875,1102877,1102879,1102882,1102896,1103156,1103257,1104098,1106105,1106929,1107866,1108240,1109272,1109665,1109695,1110286,1114417,1114648,1114763,1114871,1114893,1115431,1116027,1116183,1116336,1116345,1116653,1116841,1116962,1117162,1117165,1117186,1118152,1118316,1118319,1118505,1118790,1118798,1118915,1118922,1118926,1118930,1118936,1119204,1119680,1119714,1119877,1119946,1119967,1119970,1120046,1120722,1120743,1120758,1120902,1120950,1121239,1121240,1121241,1121242,1121275,1121621,1121726,1122650,1122651,1122885,1123321,1123323,1123357 CVE References: CVE-2018-1120,CVE-2018-16862,CVE-2018-16884,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568,CVE-2019-3459,CVE-2019-3460 Sources used: openSUSE Leap 42.3 (src): kernel-debug-4.4.172-86.1, kernel-default-4.4.172-86.1, kernel-docs-4.4.172-86.1, kernel-obs-build-4.4.172-86.1, kernel-obs-qa-4.4.172-86.1, kernel-source-4.4.172-86.1, kernel-syms-4.4.172-86.1, kernel-vanilla-4.4.172-86.1
Hello. This fs is useful for ssd, it is faster and more reliable for ssd.