Re: [BUG] ext4: BUG_ON in ext4_write_inline_data (fs/ext4/inline.c:240)

[Theodore Tso]

On Sat, Apr 25, 2026 at 02:00:23PM -0400, Demi Marie Obenour wrote:
> 
> Changing block devices that are mounted is also reachable via USB.
> Yes, some distros may disable automount, but users who have stuff to
> get done will mount USB devices anyway.  Telling users "don't do this"
> very rarely works in practice.

How can an unprivileged user change the contents of a USB device while
it is mounted?

Are you positing evil USB devices that can return block contents A at
time t, and block contents B at time t+1?

The threat model that we are using is that if the USB device is set to
a particular state *before* the file system is mounted, and then the
KGB scatters the USB device in the parking lot, and then someone picks
up the USB device in the Raytheon parking lot, and says, "hey, free
hardware", takes it into the classified machinem room, inserts it into
the server, and mounts it.  This might be considered likely or not
likely, but speaking as someone who has been in a top secret machine
room at a defense contractor, they were *way* less protected than what
I've seen at a financial services company, or at a data center at a
hyperscaler.

But be that as it may, even *then* you're not modifying the block
device while it is mounted.

> 2. Harden the kernel filesystem drivers against malicious devices,
>    including TOCTOU.

Malicious devices that have their own microcomputer and can change the
block contents under the control of the attacker is *just* not
something I care about.  I also don't think it's a particularly
realistic threat model.

Cheers,

						- Ted