From: Eric Biggers <ebiggers@kernel.org>
To: Jan Kara <jack@suse.cz>
Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org,
Christoph Hellwig <hch@infradead.org>,
Christian Brauner <brauner@kernel.org>,
Jens Axboe <axboe@kernel.dk>, Kees Cook <keescook@google.com>,
Ted Tso <tytso@mit.edu>, syzkaller <syzkaller@googlegroups.com>,
Alexander Popov <alex.popov@linux.com>,
linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org,
Dmitry Vyukov <dvyukov@google.com>
Subject: Re: [PATCH 1/6] block: Add config option to not allow writing to mounted devices
Date: Mon, 21 Aug 2023 22:35:23 -0700 [thread overview]
Message-ID: <20230822053523.GA8949@sol.localdomain> (raw)
In-Reply-To: <20230704125702.23180-1-jack@suse.cz>
Hi Jan,
On Tue, Jul 04, 2023 at 02:56:49PM +0200, Jan Kara wrote:
> Writing to mounted devices is dangerous and can lead to filesystem
> corruption as well as crashes. Furthermore syzbot comes with more and
> more involved examples how to corrupt block device under a mounted
> filesystem leading to kernel crashes and reports we can do nothing
> about. Add tracking of writers to each block device and a kernel cmdline
> argument which controls whether writes to block devices open with
> BLK_OPEN_BLOCK_WRITES flag are allowed. We will make filesystems use
> this flag for used devices.
>
> Syzbot can use this cmdline argument option to avoid uninteresting
> crashes. Also users whose userspace setup does not need writing to
> mounted block devices can set this option for hardening.
>
> Link: https://lore.kernel.org/all/60788e5d-5c7c-1142-e554-c21d709acfd9@linaro.org
> Signed-off-by: Jan Kara <jack@suse.cz>
Can you make it clear that the important thing this patch prevents is writes to
the block device's buffer cache, not writes to the underlying storage? It's
super important not to confuse the two cases.
Related to this topic, I wonder if there is any value in providing an option
that would allow O_DIRECT writes but forbid buffered writes? Would that be
useful for any of the known use cases for writing to mounted block devices?
- Eric
next prev parent reply other threads:[~2023-08-22 5:35 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-04 12:56 [PATCH RFC 0/6 v2] block: Add config option to not allow writing to mounted devices Jan Kara
2023-07-04 12:56 ` [PATCH 1/6] " Jan Kara
2023-07-04 15:56 ` Colin Walters
2023-07-04 16:52 ` Eric Biggers
2023-08-14 16:41 ` Jan Kara
2023-08-14 16:43 ` Jan Kara
2023-07-04 18:44 ` Eric Biggers
2023-07-04 20:55 ` Theodore Ts'o
2023-07-05 10:30 ` Jan Kara
2023-07-05 15:12 ` Darrick J. Wong
2023-08-22 5:35 ` Eric Biggers [this message]
2023-08-22 10:11 ` Jan Kara
2023-10-19 9:16 ` Aleksandr Nogikh
2023-10-24 11:10 ` Jan Kara
2023-10-27 12:06 ` Aleksandr Nogikh
2023-11-08 10:10 ` Jan Kara
2023-11-08 18:24 ` Aleksandr Nogikh
2023-07-04 12:56 ` [PATCH 2/6] fs: Block writes to mounted block devices Jan Kara
2023-07-04 12:56 ` [PATCH 3/6] xfs: Block writes to log device Jan Kara
2023-07-04 15:53 ` Darrick J. Wong
2023-07-05 10:31 ` Jan Kara
2023-07-04 12:56 ` [PATCH 4/6] ext4: Block writes to journal device Jan Kara
2023-07-04 12:56 ` [PATCH 5/6] btrfs: Block writes to seed devices Jan Kara
2023-07-12 14:33 ` David Sterba
2023-07-04 12:56 ` [PATCH 6/6] fs: Make bind mounts work with bdev_allow_write_mounted=n Jan Kara
2023-07-04 13:59 ` Christian Brauner
2023-07-05 13:00 ` Jan Kara
2023-07-05 13:46 ` Christian Brauner
2023-07-05 16:14 ` Jan Kara
2023-07-06 15:55 ` Christoph Hellwig
2023-07-06 16:12 ` Jan Kara
2023-07-07 7:39 ` Christian Brauner
2023-07-07 10:48 ` Jan Kara
2023-07-07 11:31 ` Christoph Hellwig
2023-07-07 12:28 ` Jan Kara
2023-07-07 11:30 ` Christoph Hellwig
2023-07-04 13:40 ` [PATCH RFC 0/6 v2] block: Add config option to not allow writing to mounted devices Christian Brauner
2023-07-05 12:27 ` Mike Fleetwood
2023-08-14 16:39 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230822053523.GA8949@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=alex.popov@linux.com \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=dvyukov@google.com \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=keescook@google.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).