From: Jan Kara <jack@suse.cz>
To: Christian Brauner <brauner@kernel.org>
Cc: <linux-fsdevel@vger.kernel.org>, <linux-block@vger.kernel.org>,
Jens Axboe <axboe@kernel.dk>,
Christoph Hellwig <hch@infradead.org>,
Kees Cook <keescook@google.com>,
syzkaller <syzkaller@googlegroups.com>,
Alexander Popov <alex.popov@linux.com>,
<linux-xfs@vger.kernel.org>, Dmitry Vyukov <dvyukov@google.com>,
Jan Kara <jack@suse.cz>
Subject: [PATCH 0/7 v3] block: Add config option to not allow writing to mounted devices
Date: Wed, 1 Nov 2023 18:43:05 +0100 [thread overview]
Message-ID: <20231101173542.23597-1-jack@suse.cz> (raw)
Hello!
This is the third version of the patches to add config option to not allow
writing to mounted block devices. The new API for block device opening has been
merged so hopefully this patchset can progress towards being merged. We face
some issues with necessary btrfs changes (review bandwidth) so this series is
modified to enable restricting of writes for all other filesystems. Once btrfs
can merge necessary device scanning changes, enabling the support for
restricting writes for it is trivial.
For motivation why restricting writes to mounted block devices is interesting
see patch 3/7. I've been testing the patches more extensively and I've found
couple of things that get broken by disallowing writes to mounted block
devices:
1) "mount -o loop" gets broken because util-linux keeps the loop device open
read-write when attempting to mount it. Hopefully fixable within util-linux.
2) resize2fs online resizing gets broken because it tries to open the block
device read-write only to call resizing ioctl. Trivial to fix within
e2fsprogs.
3) Online e2label will break because it directly writes to the ext2/3/4
superblock while the FS is mounted to set the new label. Ext4 driver
will have to implement the SETFSLABEL ioctl() and e2label will have
to use it, matching what happens for online labelling of btrfs and
xfs.
Likely there will be other breakage I didn't find yet but overall the breakage
looks minor enough that the option might be useful. Definitely good enough
for syzbot fuzzing and likely good enough for hardening of systems with
more tightened security.
This patch set is based on the VFS tree as of yesterday.
Changes since v2:
* Rebased on top of current VFS tree
* Added missing conversion of bcachefs to new bdev opening API
* Added patch to drop old bdev opening API
* Dropped support for restricting writes to btrfs to avoid patch dependencies
and unblock merging of the patches
Changes since v1:
* Added kernel cmdline argument to toggle whether writing to mounted block
devices is allowed or not
* Fixed handling of partitions
* Limit write blocking only to devices open with explicit BLK_OPEN_BLOCK_WRITES
flag
Honza
Previous versions:
Link: https://lore.kernel.org/all/20230612161614.10302-1-jack@suse.cz #v1
Link: https://lore.kernel.org/all/20230704122727.17096-1-jack@suse.cz #v2
next reply other threads:[~2023-11-01 17:43 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-01 17:43 Jan Kara [this message]
2023-11-01 17:43 ` [PATCH 1/7] bcachefs: Convert to bdev_open_by_path() Jan Kara
2023-11-01 19:01 ` Brian Foster
2023-11-02 1:09 ` Kent Overstreet
2023-11-02 9:55 ` Jan Kara
2023-11-02 11:58 ` Brian Foster
2023-11-02 1:09 ` Kent Overstreet
2023-11-07 9:28 ` Christian Brauner
2023-11-01 17:43 ` [PATCH 2/7] block: Remove blkdev_get_by_*() functions Jan Kara
2023-11-06 14:10 ` Christian Brauner
2023-11-01 17:43 ` [PATCH 3/7] block: Add config option to not allow writing to mounted devices Jan Kara
2023-11-06 14:47 ` Christian Brauner
2023-11-06 15:18 ` Jan Kara
2023-11-06 15:57 ` Christian Brauner
2023-12-20 3:26 ` Li Lingfeng
2023-12-21 12:11 ` Jan Kara
2023-11-01 17:43 ` [PATCH 4/7] btrfs: Do not restrict writes to btrfs devices Jan Kara
2023-11-02 17:13 ` David Sterba
2023-11-01 17:43 ` [PATCH 5/7] fs: Block writes to mounted block devices Jan Kara
2023-11-06 14:32 ` Christian Brauner
2023-11-01 17:43 ` [PATCH 6/7] xfs: Block writes to log device Jan Kara
2023-11-01 17:43 ` [PATCH 7/7] ext4: Block writes to journal device Jan Kara
2023-11-07 15:32 ` [PATCH 0/7 v3] block: Add config option to not allow writing to mounted devices Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231101173542.23597-1-jack@suse.cz \
--to=jack@suse.cz \
--cc=alex.popov@linux.com \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=dvyukov@google.com \
--cc=hch@infradead.org \
--cc=keescook@google.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox