[PATCH V5] Documentation: Document the kernel flag bdev_allow_write

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH V5] Documentation: Document the kernel flag bdev_allow_write_mounted
@ 2024-08-28 14:48 Guilherme G. Piccoli
  2024-08-28 16:27 ` Darrick J. Wong
  2024-09-05 20:19 ` Jonathan Corbet
  0 siblings, 2 replies; 5+ messages in thread
From: Guilherme G. Piccoli @ 2024-08-28 14:48 UTC (permalink / raw)
  To: linux-doc
  Cc: corbet, linux-fsdevel, linux-block, kernel-dev, kernel,
	Guilherme G. Piccoli, Bart Van Assche, Darrick J. Wong,
	Jens Axboe, Jan Kara

Commit ed5cc702d311 ("block: Add config option to not allow writing to mounted
devices") added a Kconfig option along with a kernel command-line tuning to
control writes to mounted block devices, as a means to deal with fuzzers like
Syzkaller, that provokes kernel crashes by directly writing on block devices
bypassing the filesystem (so the FS has no awareness and cannot cope with that).

The patch just missed adding such kernel command-line option to the kernel
documentation, so let's fix that.

Cc: Bart Van Assche <bvanassche@acm.org>
Cc: Darrick J. Wong <djwong@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
---

V5:
- s/open a block device/open a mounted block device (thanks Jan!).
- Added the Review tag from Jan.

V4 link: https://lore.kernel.org/r/20240826001624.188581-1-gpiccoli@igalia.com


 Documentation/admin-guide/kernel-parameters.txt | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 09126bb8cc9f..efc52ddc6864 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -517,6 +517,18 @@
 			Format: <io>,<irq>,<mode>
 			See header of drivers/net/hamradio/baycom_ser_hdx.c.
 
+	bdev_allow_write_mounted=
+			Format: <bool>
+			Control the ability to open a mounted block device
+			for writing, i.e., allow / disallow writes that bypass
+			the FS. This was implemented as a means to prevent
+			fuzzers from crashing the kernel by overwriting the
+			metadata underneath a mounted FS without its awareness.
+			This also prevents destructive formatting of mounted
+			filesystems by naive storage tooling that don't use
+			O_EXCL. Default is Y and can be changed through the
+			Kconfig option CONFIG_BLK_DEV_WRITE_MOUNTED.
+
 	bert_disable	[ACPI]
 			Disable BERT OS support on buggy BIOSes.
 
-- 
2.46.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH V5] Documentation: Document the kernel flag bdev_allow_write_mounted
  2024-08-28 14:48 [PATCH V5] Documentation: Document the kernel flag bdev_allow_write_mounted Guilherme G. Piccoli
@ 2024-08-28 16:27 ` Darrick J. Wong
  2024-08-29  9:10   ` Jan Kara
  2024-08-29 12:10   ` Christian Brauner
  2024-09-05 20:19 ` Jonathan Corbet
  1 sibling, 2 replies; 5+ messages in thread
From: Darrick J. Wong @ 2024-08-28 16:27 UTC (permalink / raw)
  To: Guilherme G. Piccoli
  Cc: linux-doc, corbet, linux-fsdevel, linux-block, kernel-dev, kernel,
	Bart Van Assche, Jens Axboe, Jan Kara

On Wed, Aug 28, 2024 at 11:48:58AM -0300, Guilherme G. Piccoli wrote:
> Commit ed5cc702d311 ("block: Add config option to not allow writing to mounted
> devices") added a Kconfig option along with a kernel command-line tuning to
> control writes to mounted block devices, as a means to deal with fuzzers like
> Syzkaller, that provokes kernel crashes by directly writing on block devices
> bypassing the filesystem (so the FS has no awareness and cannot cope with that).
> 
> The patch just missed adding such kernel command-line option to the kernel
> documentation, so let's fix that.
> 
> Cc: Bart Van Assche <bvanassche@acm.org>
> Cc: Darrick J. Wong <djwong@kernel.org>
> Cc: Jens Axboe <axboe@kernel.dk>
> Reviewed-by: Jan Kara <jack@suse.cz>
> Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>

Looks good to me now,
Reviewed-by: Darrick J. Wong <djwong@kernel.org>

Fun unrelated question: do we want to turn on bdev_allow_write_mounted
if lockdown is enabled?  In that kind of environment, we don't want to
allow random people to scribble, given how many weird ext4 bugs we've
had to fix due to syzbot.

--D

> ---
> 
> V5:
> - s/open a block device/open a mounted block device (thanks Jan!).
> - Added the Review tag from Jan.
> 
> V4 link: https://lore.kernel.org/r/20240826001624.188581-1-gpiccoli@igalia.com
> 
> 
>  Documentation/admin-guide/kernel-parameters.txt | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 09126bb8cc9f..efc52ddc6864 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -517,6 +517,18 @@
>  			Format: <io>,<irq>,<mode>
>  			See header of drivers/net/hamradio/baycom_ser_hdx.c.
>  
> +	bdev_allow_write_mounted=
> +			Format: <bool>
> +			Control the ability to open a mounted block device
> +			for writing, i.e., allow / disallow writes that bypass
> +			the FS. This was implemented as a means to prevent
> +			fuzzers from crashing the kernel by overwriting the
> +			metadata underneath a mounted FS without its awareness.
> +			This also prevents destructive formatting of mounted
> +			filesystems by naive storage tooling that don't use
> +			O_EXCL. Default is Y and can be changed through the
> +			Kconfig option CONFIG_BLK_DEV_WRITE_MOUNTED.
> +
>  	bert_disable	[ACPI]
>  			Disable BERT OS support on buggy BIOSes.
>  
> -- 
> 2.46.0
> 
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH V5] Documentation: Document the kernel flag bdev_allow_write_mounted
  2024-08-28 16:27 ` Darrick J. Wong
@ 2024-08-29  9:10   ` Jan Kara
  2024-08-29 12:10   ` Christian Brauner
  1 sibling, 0 replies; 5+ messages in thread
From: Jan Kara @ 2024-08-29  9:10 UTC (permalink / raw)
  To: Darrick J. Wong
  Cc: Guilherme G. Piccoli, linux-doc, corbet, linux-fsdevel,
	linux-block, kernel-dev, kernel, Bart Van Assche, Jens Axboe,
	Jan Kara

On Wed 28-08-24 09:27:53, Darrick J. Wong wrote:
> On Wed, Aug 28, 2024 at 11:48:58AM -0300, Guilherme G. Piccoli wrote:
> > Commit ed5cc702d311 ("block: Add config option to not allow writing to mounted
> > devices") added a Kconfig option along with a kernel command-line tuning to
> > control writes to mounted block devices, as a means to deal with fuzzers like
> > Syzkaller, that provokes kernel crashes by directly writing on block devices
> > bypassing the filesystem (so the FS has no awareness and cannot cope with that).
> > 
> > The patch just missed adding such kernel command-line option to the kernel
> > documentation, so let's fix that.
> > 
> > Cc: Bart Van Assche <bvanassche@acm.org>
> > Cc: Darrick J. Wong <djwong@kernel.org>
> > Cc: Jens Axboe <axboe@kernel.dk>
> > Reviewed-by: Jan Kara <jack@suse.cz>
> > Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
> 
> Looks good to me now,
> Reviewed-by: Darrick J. Wong <djwong@kernel.org>
> 
> Fun unrelated question: do we want to turn on bdev_allow_write_mounted
> if lockdown is enabled?  In that kind of environment, we don't want to
> allow random people to scribble, given how many weird ext4 bugs we've
> had to fix due to syzbot.

It would be desirable. But it will break some administrative tasks
currently so I'm not sure users are really prepared for that? But with
recent util-linux those should be mostly limited to filesystem-specific
tooling issues (tune2fs is definitely broken and needs new kernel
interfaces to be able to work, I think resize2fs is also broken but that
should be fixable within e2fsprogs though it requires larger refactoring
AFAIR).

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH V5] Documentation: Document the kernel flag bdev_allow_write_mounted
  2024-08-28 16:27 ` Darrick J. Wong
  2024-08-29  9:10   ` Jan Kara
@ 2024-08-29 12:10   ` Christian Brauner
  1 sibling, 0 replies; 5+ messages in thread
From: Christian Brauner @ 2024-08-29 12:10 UTC (permalink / raw)
  To: Darrick J. Wong
  Cc: Guilherme G. Piccoli, linux-doc, corbet, linux-fsdevel,
	linux-block, kernel-dev, kernel, Bart Van Assche, Jens Axboe,
	Jan Kara

On Wed, Aug 28, 2024 at 09:27:53AM GMT, Darrick J. Wong wrote:
> On Wed, Aug 28, 2024 at 11:48:58AM -0300, Guilherme G. Piccoli wrote:
> > Commit ed5cc702d311 ("block: Add config option to not allow writing to mounted
> > devices") added a Kconfig option along with a kernel command-line tuning to
> > control writes to mounted block devices, as a means to deal with fuzzers like
> > Syzkaller, that provokes kernel crashes by directly writing on block devices
> > bypassing the filesystem (so the FS has no awareness and cannot cope with that).
> > 
> > The patch just missed adding such kernel command-line option to the kernel
> > documentation, so let's fix that.
> > 
> > Cc: Bart Van Assche <bvanassche@acm.org>
> > Cc: Darrick J. Wong <djwong@kernel.org>
> > Cc: Jens Axboe <axboe@kernel.dk>
> > Reviewed-by: Jan Kara <jack@suse.cz>
> > Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
> 
> Looks good to me now,
> Reviewed-by: Darrick J. Wong <djwong@kernel.org>
> 
> Fun unrelated question: do we want to turn on bdev_allow_write_mounted
> if lockdown is enabled?  In that kind of environment, we don't want to
> allow random people to scribble, given how many weird ext4 bugs we've
> had to fix due to syzbot.

I would say yes, we absolutely do.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH V5] Documentation: Document the kernel flag bdev_allow_write_mounted
  2024-08-28 14:48 [PATCH V5] Documentation: Document the kernel flag bdev_allow_write_mounted Guilherme G. Piccoli
  2024-08-28 16:27 ` Darrick J. Wong
@ 2024-09-05 20:19 ` Jonathan Corbet
  1 sibling, 0 replies; 5+ messages in thread
From: Jonathan Corbet @ 2024-09-05 20:19 UTC (permalink / raw)
  To: Guilherme G. Piccoli, linux-doc
  Cc: linux-fsdevel, linux-block, kernel-dev, kernel,
	Guilherme G. Piccoli, Bart Van Assche, Darrick J. Wong,
	Jens Axboe, Jan Kara

"Guilherme G. Piccoli" <gpiccoli@igalia.com> writes:

> Commit ed5cc702d311 ("block: Add config option to not allow writing to mounted
> devices") added a Kconfig option along with a kernel command-line tuning to
> control writes to mounted block devices, as a means to deal with fuzzers like
> Syzkaller, that provokes kernel crashes by directly writing on block devices
> bypassing the filesystem (so the FS has no awareness and cannot cope with that).
>
> The patch just missed adding such kernel command-line option to the kernel
> documentation, so let's fix that.
>
> Cc: Bart Van Assche <bvanassche@acm.org>
> Cc: Darrick J. Wong <djwong@kernel.org>
> Cc: Jens Axboe <axboe@kernel.dk>
> Reviewed-by: Jan Kara <jack@suse.cz>
> Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
> ---

Applied, thanks.

jon

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-09-05 20:19 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-28 14:48 [PATCH V5] Documentation: Document the kernel flag bdev_allow_write_mounted Guilherme G. Piccoli
2024-08-28 16:27 ` Darrick J. Wong
2024-08-29  9:10   ` Jan Kara
2024-08-29 12:10   ` Christian Brauner
2024-09-05 20:19 ` Jonathan Corbet

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).