[PATCH] Documentation: Document the kernel flag bdev_allow_write_mounted

[PATCH] Documentation: Document the kernel flag bdev_allow_write_mounted

[Guilherme G. Piccoli]

Commit ed5cc702d311 ("block: Add config option to not allow writing to mounted
devices") added a Kconfig option along with a kernel command-line tuning to
control writes to mounted block devices, as a means to deal with fuzzers like
Syzkaller, that provokes kernel crashes by directly writing on block devices
bypassing the filesystem (so the FS has no awareness and cannot cope with that).

The patch just missed adding such kernel command-line option to the kernel
documentation, so let's fix that.

Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
---
 Documentation/admin-guide/kernel-parameters.txt | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 09126bb8cc9f..709d1ee342db 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -517,6 +517,16 @@
 			Format: <io>,<irq>,<mode>
 			See header of drivers/net/hamradio/baycom_ser_hdx.c.
 
+	bdev_allow_write_mounted=
+			Format: <bool>
+			Control the ability of directly writing to mounted block
+			devices' page cache, i.e., allow / disallow writes that
+			bypasses the FS. This was implemented as a means to
+			prevent fuzzers to crash the kernel by breaking the
+			filesystem without its awareness, through direct block
+			device writes. Default is Y and can be changed through
+			the Kconfig option CONFIG_BLK_DEV_WRITE_MOUNTED.
+
 	bert_disable	[ACPI]
 			Disable BERT OS support on buggy BIOSes.
 
-- 
2.45.2

Re: [PATCH] Documentation: Document the kernel flag bdev_allow_write_mounted

[Darrick J. Wong]

On Mon, Aug 19, 2024 at 07:56:27PM -0300, Guilherme G. Piccoli wrote:
> Commit ed5cc702d311 ("block: Add config option to not allow writing to mounted
> devices") added a Kconfig option along with a kernel command-line tuning to
> control writes to mounted block devices, as a means to deal with fuzzers like
> Syzkaller, that provokes kernel crashes by directly writing on block devices
> bypassing the filesystem (so the FS has no awareness and cannot cope with that).
> 
> The patch just missed adding such kernel command-line option to the kernel
> documentation, so let's fix that.
> 
> Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
> ---
>  Documentation/admin-guide/kernel-parameters.txt | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 09126bb8cc9f..709d1ee342db 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -517,6 +517,16 @@
>  			Format: <io>,<irq>,<mode>
>  			See header of drivers/net/hamradio/baycom_ser_hdx.c.
>  
> +	bdev_allow_write_mounted=
> +			Format: <bool>
> +			Control the ability of directly writing to mounted block
> +			devices' page cache, i.e., allow / disallow writes that
> +			bypasses the FS. This was implemented as a means to
> +			prevent fuzzers to crash the kernel by breaking the
> +			filesystem without its awareness, through direct block
> +			device writes. Default is Y and can be changed through
> +			the Kconfig option CONFIG_BLK_DEV_WRITE_MOUNTED.

Can we mention that this also solves the problem of naïve storage
management tools (aka the ones that don't use O_EXCL) writing over a
mounted filesystem and trashing it?

--D

> +
>  	bert_disable	[ACPI]
>  			Disable BERT OS support on buggy BIOSes.
>  
> -- 
> 2.45.2
> 
> 

Re: [PATCH] Documentation: Document the kernel flag bdev_allow_write_mounted

[Guilherme G. Piccoli]

On 20/08/2024 13:23, Darrick J. Wong wrote:
> [...]
>> +	bdev_allow_write_mounted=
>> +			Format: <bool>
>> +			Control the ability of directly writing to mounted block
>> +			devices' page cache, i.e., allow / disallow writes that
>> +			bypasses the FS. This was implemented as a means to
>> +			prevent fuzzers to crash the kernel by breaking the
>> +			filesystem without its awareness, through direct block
>> +			device writes. Default is Y and can be changed through
>> +			the Kconfig option CONFIG_BLK_DEV_WRITE_MOUNTED.
> 
> Can we mention that this also solves the problem of naïve storage
> management tools (aka the ones that don't use O_EXCL) writing over a
> mounted filesystem and trashing it?
> 
> --D


Sure! At least from my side, fine with that.
How about the following string ?

+ Control the ability of directly writing to mounted block
+ devices' page cache, i.e., allow / disallow writes that
+ bypasses the FS. This was implemented as a means to
+ prevent fuzzers to crash the kernel by breaking the
+ filesystem without its awareness, through direct block
+ device writes. Also prevents issues from direct writes
+ of silly storage tooling (that doesn't use O_EXCL). The
+ default is Y and can be changed through the Kconfig
+ option CONFIG_BLK_DEV_WRITE_MOUNTED.


But feel free to improve / change it. I'll wait more feedback and
resubmit with a refined text.
Cheers,


Guilherme

Re: [PATCH] Documentation: Document the kernel flag bdev_allow_write_mounted

[Darrick J. Wong]

On Tue, Aug 20, 2024 at 03:42:53PM -0300, Guilherme G. Piccoli wrote:
> On 20/08/2024 13:23, Darrick J. Wong wrote:
> > [...]
> >> +	bdev_allow_write_mounted=
> >> +			Format: <bool>
> >> +			Control the ability of directly writing to mounted block
> >> +			devices' page cache, i.e., allow / disallow writes that
> >> +			bypasses the FS. This was implemented as a means to
> >> +			prevent fuzzers to crash the kernel by breaking the
> >> +			filesystem without its awareness, through direct block
> >> +			device writes. Default is Y and can be changed through
> >> +			the Kconfig option CONFIG_BLK_DEV_WRITE_MOUNTED.
> > 
> > Can we mention that this also solves the problem of naïve storage
> > management tools (aka the ones that don't use O_EXCL) writing over a
> > mounted filesystem and trashing it?
> > 
> > --D
> 
> 
> Sure! At least from my side, fine with that.
> How about the following string ?
> 
> + Control the ability of directly writing to mounted block
> + devices' page cache, i.e., allow / disallow writes that
> + bypasses the FS. This was implemented as a means to
> + prevent fuzzers to crash the kernel by breaking the

                "...from crashing the kernel by overwriting
the metadata underneath a mounted filesystem without its awareness."

> + filesystem without its awareness, through direct block
> + device writes. Also prevents issues from direct writes

You can do it with buffered writes to the block device pagecache too.

"This also prevents destructive formatting of mounted filesystems by
naïve storage tooling that don't use O_EXCL."

--D

> + of silly storage tooling (that doesn't use O_EXCL). The
> + default is Y and can be changed through the Kconfig
> + option CONFIG_BLK_DEV_WRITE_MOUNTED.
> 
> 
> But feel free to improve / change it. I'll wait more feedback and
> resubmit with a refined text.
> Cheers,
> 
> 
> Guilherme

Re: [PATCH] Documentation: Document the kernel flag bdev_allow_write_mounted

[Guilherme G. Piccoli]

On 22/08/2024 22:27, Darrick J. Wong wrote:
> [...]
>>
>> + Control the ability of directly writing to mounted block
>> + devices' page cache, i.e., allow / disallow writes that
>> + bypasses the FS. This was implemented as a means to
>> + prevent fuzzers to crash the kernel by breaking the
> 
>                 "...from crashing the kernel by overwriting
> the metadata underneath a mounted filesystem without its awareness."
> 
>> + filesystem without its awareness, through direct block
>> + device writes. Also prevents issues from direct writes
> 
> You can do it with buffered writes to the block device pagecache too.
> 
> "This also prevents destructive formatting of mounted filesystems by
> naïve storage tooling that don't use O_EXCL."
> 
> --D

Thanks! Just sent the V2.