[PATCH V2] Documentation: Document the kernel flag bdev_allow_write_mounted

[PATCH V2] Documentation: Document the kernel flag bdev_allow_write_mounted

[Guilherme G. Piccoli]

Commit ed5cc702d311 ("block: Add config option to not allow writing to mounted
devices") added a Kconfig option along with a kernel command-line tuning to
control writes to mounted block devices, as a means to deal with fuzzers like
Syzkaller, that provokes kernel crashes by directly writing on block devices
bypassing the filesystem (so the FS has no awareness and cannot cope with that).

The patch just missed adding such kernel command-line option to the kernel
documentation, so let's fix that.

Cc: Darrick J. Wong <djwong@kernel.org>
Cc: Jan Kara <jack@suse.cz>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
---

V2: Improved wording (thanks Darrick!)

V1 link: https://lore.kernel.org/r/20240819225626.2000752-2-gpiccoli@igalia.com


 Documentation/admin-guide/kernel-parameters.txt | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 09126bb8cc9f..7c5283f11308 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -517,6 +517,18 @@
 			Format: <io>,<irq>,<mode>
 			See header of drivers/net/hamradio/baycom_ser_hdx.c.
 
+	bdev_allow_write_mounted=
+			Format: <bool>
+			Control the ability of directly writing to mounted block
+			devices' page cache, i.e., allow / disallow writes that
+			bypasses the FS. This was implemented as a means to
+			prevent fuzzers from crashing the kernel by overwriting
+			the metadata underneath a mounted FS without its awareness.
+			This also prevents destructive formatting of mounted
+			filesystems by naive storage tooling that don't use
+			O_EXCL. Default is Y and can be changed through the
+			Kconfig option CONFIG_BLK_DEV_WRITE_MOUNTED.
+
 	bert_disable	[ACPI]
 			Disable BERT OS support on buggy BIOSes.
 
-- 
2.46.0

Re: [PATCH V2] Documentation: Document the kernel flag bdev_allow_write_mounted

[Bart Van Assche]

On 8/23/24 7:26 AM, Guilherme G. Piccoli wrote:
> +	bdev_allow_write_mounted=
> +			Format: <bool>
> +			Control the ability of directly writing to mounted block
> +			devices' page cache, i.e., allow / disallow writes that
> +			bypasses the FS. This was implemented as a means to
> +			prevent fuzzers from crashing the kernel by overwriting
> +			the metadata underneath a mounted FS without its awareness.
> +			This also prevents destructive formatting of mounted
> +			filesystems by naive storage tooling that don't use
> +			O_EXCL. Default is Y and can be changed through the
> +			Kconfig option CONFIG_BLK_DEV_WRITE_MOUNTED.
> +

Does this flag also affect direct I/O? If so, does this mean that the
reference to the page cache should be left out?

Thanks,

Bart.

Re: [PATCH V2] Documentation: Document the kernel flag bdev_allow_write_mounted

[Darrick J. Wong]

On Fri, Aug 23, 2024 at 09:11:22AM -0700, Bart Van Assche wrote:
> On 8/23/24 7:26 AM, Guilherme G. Piccoli wrote:
> > +	bdev_allow_write_mounted=
> > +			Format: <bool>
> > +			Control the ability of directly writing to mounted block
> > +			devices' page cache, i.e., allow / disallow writes that
> > +			bypasses the FS. This was implemented as a means to
> > +			prevent fuzzers from crashing the kernel by overwriting
> > +			the metadata underneath a mounted FS without its awareness.
> > +			This also prevents destructive formatting of mounted
> > +			filesystems by naive storage tooling that don't use
> > +			O_EXCL. Default is Y and can be changed through the
> > +			Kconfig option CONFIG_BLK_DEV_WRITE_MOUNTED.
> > +
> 
> Does this flag also affect direct I/O? If so, does this mean that the
> reference to the page cache should be left out?

I think it does affect directio, since the validation is done at open
time via bdev_may_open, right?

--D

> Thanks,
> 
> Bart.

Re: [PATCH V2] Documentation: Document the kernel flag bdev_allow_write_mounted

[Guilherme G. Piccoli]

On 23/08/2024 14:05, Darrick J. Wong wrote:
> On Fri, Aug 23, 2024 at 09:11:22AM -0700, Bart Van Assche wrote:
>> On 8/23/24 7:26 AM, Guilherme G. Piccoli wrote:
>>> +	bdev_allow_write_mounted=
>>> +			Format: <bool>
>>> +			Control the ability of directly writing to mounted block
>>> +			devices' page cache, i.e., allow / disallow writes that
>>> +			bypasses the FS. This was implemented as a means to
>>> +			prevent fuzzers from crashing the kernel by overwriting
>>> +			the metadata underneath a mounted FS without its awareness.
>>> +			This also prevents destructive formatting of mounted
>>> +			filesystems by naive storage tooling that don't use
>>> +			O_EXCL. Default is Y and can be changed through the
>>> +			Kconfig option CONFIG_BLK_DEV_WRITE_MOUNTED.
>>> +
>>
>> Does this flag also affect direct I/O? If so, does this mean that the
>> reference to the page cache should be left out?
> 
> I think it does affect directio, since the validation is done at open
> time via bdev_may_open, right?
> 

Indeed, good point! It does affect direct I/O, I've just tested in
6.11-rc3 using dd (with and w/o oflags=direct), same result.

I'll resend, dropping the mention to page cache - thanks!

Guilherme