Commit 7ba83850 authored by Darrick J. Wong's avatar Darrick J. Wong
Browse files

xfs: deprecate the ascii-ci feature 



This feature is a mess -- the hash function has been broken for the
entire 15 years of its existence if you create names with extended ascii
bytes; metadump name obfuscation has silently failed for just as long;
and the feature clashes horribly with the UTF8 encodings that most
systems use today.  There is exactly one fstest for this feature.

In other words, this feature is crap.  Let's deprecate it now so we can
remove it from the codebase in 2030.

Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
parent 6db09a8d

Documentation/admin-guide/xfs.rst

+1 −0
Original line number Diff line number Diff line
@@ -240,6 +240,7 @@ Deprecated Mount Options 
  Name				Removal Schedule

===========================     ================

Mounting with V4 filesystem     September 2030

Mounting ascii-ci filesystem    September 2030

ikeep/noikeep			September 2025

attr2/noattr2			September 2025

===========================     ================

fs/xfs/Kconfig

+27 −0
Original line number Diff line number Diff line
@@ -47,6 +47,33 @@ config XFS_SUPPORT_V4 
	  To continue supporting the old V4 format (crc=0), say Y.

	  To close off an attack surface, say N.



config XFS_SUPPORT_ASCII_CI

	bool "Support deprecated case-insensitive ascii (ascii-ci=1) format"

	depends on XFS_FS

	default y

	help

	  The ASCII case insensitivity filesystem feature only works correctly

	  on systems that have been coerced into using ISO 8859-1, and it does

	  not work on extended attributes.  The kernel has no visibility into

	  the locale settings in userspace, so it corrupts UTF-8 names.

	  Enabling this feature makes XFS vulnerable to mixed case sensitivity

	  attacks.  Because of this, the feature is deprecated.  All users

	  should upgrade by backing up their files, reformatting, and restoring

	  from the backup.



	  Administrators and users can detect such a filesystem by running

	  xfs_info against a filesystem mountpoint and checking for a string

	  beginning with "ascii-ci=".  If the string "ascii-ci=1" is found, the

	  filesystem is a case-insensitive filesystem.  If no such string is

	  found, please upgrade xfsprogs to the latest version and try again.



	  This option will become default N in September 2025.  Support for the

	  feature will be removed entirely in September 2030.  Distributors

	  can say N here to withdraw support earlier.



	  To continue supporting case-insensitivity (ascii-ci=1), say Y.

	  To close off an attack surface, say N.



config XFS_QUOTA

	bool "XFS Quota support"

	depends on XFS_FS

fs/xfs/xfs_super.c

+13 −0
Original line number Diff line number Diff line
@@ -1548,6 +1548,19 @@ xfs_fs_fill_super( 
#endif

	}



	/* ASCII case insensitivity is undergoing deprecation. */

	if (xfs_has_asciici(mp)) {

#ifdef CONFIG_XFS_SUPPORT_ASCII_CI

		xfs_warn_once(mp,

	"Deprecated ASCII case-insensitivity feature (ascii-ci=1) will not be supported after September 2030.");

#else

		xfs_warn(mp,

	"Deprecated ASCII case-insensitivity feature (ascii-ci=1) not supported by kernel.");

		error = -EINVAL;

		goto out_free_sb;

#endif

	}



	/* Filesystem claims it needs repair, so refuse the mount. */

	if (xfs_has_needsrepair(mp)) {

		xfs_warn(mp, "Filesystem needs repair.  Please run xfs_repair.");