From: Jan Kara <jack@suse.cz>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: "Guilherme G. Piccoli" <gpiccoli@igalia.com>,
linux-doc@vger.kernel.org, corbet@lwn.net,
linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org,
kernel-dev@igalia.com, kernel@gpiccoli.net,
Bart Van Assche <bvanassche@acm.org>,
Jens Axboe <axboe@kernel.dk>, Jan Kara <jack@suse.cz>
Subject: Re: [PATCH V5] Documentation: Document the kernel flag bdev_allow_write_mounted
Date: Thu, 29 Aug 2024 11:10:07 +0200 [thread overview]
Message-ID: <20240829091007.swglkuf2ybpexgs6@quack3> (raw)
In-Reply-To: <20240828162753.GO6043@frogsfrogsfrogs>
On Wed 28-08-24 09:27:53, Darrick J. Wong wrote:
> On Wed, Aug 28, 2024 at 11:48:58AM -0300, Guilherme G. Piccoli wrote:
> > Commit ed5cc702d311 ("block: Add config option to not allow writing to mounted
> > devices") added a Kconfig option along with a kernel command-line tuning to
> > control writes to mounted block devices, as a means to deal with fuzzers like
> > Syzkaller, that provokes kernel crashes by directly writing on block devices
> > bypassing the filesystem (so the FS has no awareness and cannot cope with that).
> >
> > The patch just missed adding such kernel command-line option to the kernel
> > documentation, so let's fix that.
> >
> > Cc: Bart Van Assche <bvanassche@acm.org>
> > Cc: Darrick J. Wong <djwong@kernel.org>
> > Cc: Jens Axboe <axboe@kernel.dk>
> > Reviewed-by: Jan Kara <jack@suse.cz>
> > Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
>
> Looks good to me now,
> Reviewed-by: Darrick J. Wong <djwong@kernel.org>
>
> Fun unrelated question: do we want to turn on bdev_allow_write_mounted
> if lockdown is enabled? In that kind of environment, we don't want to
> allow random people to scribble, given how many weird ext4 bugs we've
> had to fix due to syzbot.
It would be desirable. But it will break some administrative tasks
currently so I'm not sure users are really prepared for that? But with
recent util-linux those should be mostly limited to filesystem-specific
tooling issues (tune2fs is definitely broken and needs new kernel
interfaces to be able to work, I think resize2fs is also broken but that
should be fixable within e2fsprogs though it requires larger refactoring
AFAIR).
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2024-08-29 9:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-28 14:48 [PATCH V5] Documentation: Document the kernel flag bdev_allow_write_mounted Guilherme G. Piccoli
2024-08-28 16:27 ` Darrick J. Wong
2024-08-29 9:10 ` Jan Kara [this message]
2024-08-29 12:10 ` Christian Brauner
2024-09-05 20:19 ` Jonathan Corbet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240829091007.swglkuf2ybpexgs6@quack3 \
--to=jack@suse.cz \
--cc=axboe@kernel.dk \
--cc=bvanassche@acm.org \
--cc=corbet@lwn.net \
--cc=djwong@kernel.org \
--cc=gpiccoli@igalia.com \
--cc=kernel-dev@igalia.com \
--cc=kernel@gpiccoli.net \
--cc=linux-block@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox