From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3D69EE4996 for ; Tue, 22 Aug 2023 05:35:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232833AbjHVFf3 (ORCPT ); Tue, 22 Aug 2023 01:35:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38352 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231995AbjHVFf2 (ORCPT ); Tue, 22 Aug 2023 01:35:28 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8FB7130; Mon, 21 Aug 2023 22:35:26 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3167760FB4; Tue, 22 Aug 2023 05:35:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0B2C2C433C7; Tue, 22 Aug 2023 05:35:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692682525; bh=0u/LkEF9xPWwwH+3zJUBHtJDhlV+bd1HJH3ZyM1DhmQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ER1fmT70yZigtpkEHWQJqqxLOMrz2g+erN497tQb8M/hxgSDzP2CJwIthBDZBl69V iFJbfNI13y5ZaSESFGIWN7SBBC6wegrDL3LUQnK0+fykkh3IfRklKofNjquu5OsOyT NDqhX9rRRUh9MrccprWOg0r3jMXKrAfJNcqX8cjSdIHgOon86xFTEAyo079I7V2rQM BAEz2hlf629zmqVQ1sH5NAwBHnlg7SYtwSWZLJH12gToUoXy8oIJWoMfqtm+6vD197 wY89pESyG9DlLy2c3ZexV6JSqDXDN4l9ruSiBSIcqWJvk4FMExHckh6N5vk99Z2aAy qunFy7v4nNbTw== Date: Mon, 21 Aug 2023 22:35:23 -0700 From: Eric Biggers To: Jan Kara Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, Christoph Hellwig , Christian Brauner , Jens Axboe , Kees Cook , Ted Tso , syzkaller , Alexander Popov , linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org, Dmitry Vyukov Subject: Re: [PATCH 1/6] block: Add config option to not allow writing to mounted devices Message-ID: <20230822053523.GA8949@sol.localdomain> References: <20230704122727.17096-1-jack@suse.cz> <20230704125702.23180-1-jack@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230704125702.23180-1-jack@suse.cz> Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org Hi Jan, On Tue, Jul 04, 2023 at 02:56:49PM +0200, Jan Kara wrote: > Writing to mounted devices is dangerous and can lead to filesystem > corruption as well as crashes. Furthermore syzbot comes with more and > more involved examples how to corrupt block device under a mounted > filesystem leading to kernel crashes and reports we can do nothing > about. Add tracking of writers to each block device and a kernel cmdline > argument which controls whether writes to block devices open with > BLK_OPEN_BLOCK_WRITES flag are allowed. We will make filesystems use > this flag for used devices. > > Syzbot can use this cmdline argument option to avoid uninteresting > crashes. Also users whose userspace setup does not need writing to > mounted block devices can set this option for hardening. > > Link: https://lore.kernel.org/all/60788e5d-5c7c-1142-e554-c21d709acfd9@linaro.org > Signed-off-by: Jan Kara Can you make it clear that the important thing this patch prevents is writes to the block device's buffer cache, not writes to the underlying storage? It's super important not to confuse the two cases. Related to this topic, I wonder if there is any value in providing an option that would allow O_DIRECT writes but forbid buffered writes? Would that be useful for any of the known use cases for writing to mounted block devices? - Eric