Skip to content

EXT: don't reserve any block for root#743

Draft
ydirson wants to merge 1 commit intoxapi-project:masterfrom
xcp-ng:no-reserved-blocks
Draft

EXT: don't reserve any block for root#743
ydirson wants to merge 1 commit intoxapi-project:masterfrom
xcp-ng:no-reserved-blocks

Conversation

@ydirson
Copy link
Contributor

@ydirson ydirson commented Mar 19, 2025

There is only root in dom0, and df erroneously substracts the default 5% of disk space as "reserved for root", which is just meaningless here.

It could be worth going further with doing the same for all FileSR types, but I thought I'd ask for feedback first.

If this becomes a thing, it could be useful then to find some way to get tune2fs -m 0 run on existing SR to make them even.

@ydirson
WIP EXT: don't reserve any block for root
ec87414 
There is only root in dom0, and `df` erroneously substracts the default
5% of disk space as "reserved for root", which is just meaningless here.

Would be worth:
- doing the same for all FileSR types
- some way to get `tune2fs -m 0` run on existing SR to make them even
@MarkSymsCtx
Copy link
Contributor

MarkSymsCtx commented Mar 19, 2025

As you say, all access is performed as root anyway so I'm not sure what actual difference this will make?

MarkSymsCtx
MarkSymsCtx reviewed Dec 4, 2025
View reviewed changes
Copy link
Contributor

@MarkSymsCtx MarkSymsCtx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable

@rosslagerwall
Copy link
Contributor

rosslagerwall commented Dec 4, 2025

There is only root in dom0

This assertion is not correct for XenServer. In XenServer's dom0 various processes run as different users (e.g. chrony, pvsproxy, QEMU, swtpm, ...). A vulnerability without a privilege escalation in one of those components could then more easily lead to a DoS if the reserve is removed, i.e. it would be a loss of defence-in-depth. Whether this is important enough to keep the reserve is debatable but the discussion at least needs to be had.

@ydirson
Copy link
Contributor Author

ydirson commented Dec 8, 2025

There is only root in dom0

This assertion is not correct for XenServer. In XenServer's dom0 various processes run as different users (e.g. chrony, pvsproxy, QEMU, swtpm, ...). A vulnerability without a privilege escalation in one of those components could then more easily lead to a DoS if the reserve is removed, i.e. it would be a loss of defence-in-depth. Whether this is important enough to keep the reserve is debatable but the discussion at least needs to be had.

OK, my statement was really too broad. However, other users will only matter for system partitions, right?
This PR is about EXT SRs, where none of those extra users would have a permission to write.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MarkSymsCtx MarkSymsCtx MarkSymsCtx left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ydirson @MarkSymsCtx @rosslagerwall