From: Jan Kara <jack@suse.cz>
To: Li Lingfeng <lilingfeng@huaweicloud.com>
Cc: Jan Kara <jack@suse.cz>, Christian Brauner <brauner@kernel.org>,
linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org,
Jens Axboe <axboe@kernel.dk>,
Christoph Hellwig <hch@infradead.org>,
Kees Cook <keescook@google.com>,
syzkaller <syzkaller@googlegroups.com>,
Alexander Popov <alex.popov@linux.com>,
linux-xfs@vger.kernel.org, Dmitry Vyukov <dvyukov@google.com>,
yangerkun <yangerkun@huawei.com>,
"yukuai (C)" <yukuai3@huawei.com>,
"zhangyi (F)" <yi.zhang@huawei.com>
Subject: Re: [PATCH 3/7] block: Add config option to not allow writing to mounted devices
Date: Thu, 21 Dec 2023 13:11:02 +0100 [thread overview]
Message-ID: <20231221121102.2pfp3cyzmsf2xmls@quack3> (raw)
In-Reply-To: <64fdffaa-9a8f-df34-42e7-ccca81e95c3c@huaweicloud.com>
On Wed 20-12-23 11:26:38, Li Lingfeng wrote:
> > @@ -773,6 +803,10 @@ struct bdev_handle *bdev_open_by_dev(dev_t dev, blk_mode_t mode, void *holder,
> > if (ret)
> > goto free_handle;
> > + /* Blocking writes requires exclusive opener */
> > + if (mode & BLK_OPEN_RESTRICT_WRITES && !holder)
> > + return ERR_PTR(-EINVAL);
> > +
> > bdev = blkdev_get_no_open(dev);
> > if (!bdev) {
> > ret = -ENXIO;
> > @@ -800,12 +834,21 @@ struct bdev_handle *bdev_open_by_dev(dev_t dev, blk_mode_t mode, void *holder,
> > goto abort_claiming;
> > if (!try_module_get(disk->fops->owner))
> > goto abort_claiming;
> > + ret = -EBUSY;
> > + if (!blkdev_open_compatible(bdev, mode))
> > + goto abort_claiming;
> > if (bdev_is_partition(bdev))
> > ret = blkdev_get_part(bdev, mode);
> > else
> > ret = blkdev_get_whole(bdev, mode);
> > if (ret)
> > goto put_module;
> > + if (!bdev_allow_write_mounted) {
> > + if (mode & BLK_OPEN_RESTRICT_WRITES)
> > + bdev_block_writes(bdev);
>
> When a partition device is mounted, I think maybe it's better to block
> writes on the whole device at same time.
>
> Allowing the whole device to be opened for writing when mounting a partition
> device, did you have any special considerations before?
Yes, we were considering this. But the truth is that:
a) It is *very* hard to stop all the possibilities of corrupting data on
the device - e.g. with device mapper / loop device / malicious partition
table you can construct many block devices pointing to the same storage,
you can use e.g. SG_IO to corrupt on disk data etc. So special-casing
partitions is providing little additional benefit.
b) It is difficult to then correctly handle valid cases of multiple
writeably mounted partitions on the same device - you'd need to track used
block numbers for each device which gets difficult in presence of device
mapper etc.
c) To stop filesystem crashes, it is enough to stop modifications of buffer
cache of that one block device. Because filesystems have to validate data
they are loading into buffer cache anyway to handle faulty device, fs
corruption etc.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2023-12-21 12:11 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-01 17:43 [PATCH 0/7 v3] block: Add config option to not allow writing to mounted devices Jan Kara
2023-11-01 17:43 ` [PATCH 1/7] bcachefs: Convert to bdev_open_by_path() Jan Kara
2023-11-01 19:01 ` Brian Foster
2023-11-02 1:09 ` Kent Overstreet
2023-11-02 9:55 ` Jan Kara
2023-11-02 11:58 ` Brian Foster
2023-11-02 1:09 ` Kent Overstreet
2023-11-07 9:28 ` Christian Brauner
2023-11-01 17:43 ` [PATCH 2/7] block: Remove blkdev_get_by_*() functions Jan Kara
2023-11-06 14:10 ` Christian Brauner
2023-11-01 17:43 ` [PATCH 3/7] block: Add config option to not allow writing to mounted devices Jan Kara
2023-11-06 14:47 ` Christian Brauner
2023-11-06 15:18 ` Jan Kara
2023-11-06 15:57 ` Christian Brauner
2023-12-20 3:26 ` Li Lingfeng
2023-12-21 12:11 ` Jan Kara [this message]
2023-11-01 17:43 ` [PATCH 4/7] btrfs: Do not restrict writes to btrfs devices Jan Kara
2023-11-02 17:13 ` David Sterba
2023-11-01 17:43 ` [PATCH 5/7] fs: Block writes to mounted block devices Jan Kara
2023-11-06 14:32 ` Christian Brauner
2023-11-01 17:43 ` [PATCH 6/7] xfs: Block writes to log device Jan Kara
2023-11-01 17:43 ` [PATCH 7/7] ext4: Block writes to journal device Jan Kara
2023-11-07 15:32 ` [PATCH 0/7 v3] block: Add config option to not allow writing to mounted devices Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231221121102.2pfp3cyzmsf2xmls@quack3 \
--to=jack@suse.cz \
--cc=alex.popov@linux.com \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=dvyukov@google.com \
--cc=hch@infradead.org \
--cc=keescook@google.com \
--cc=lilingfeng@huaweicloud.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
--cc=yangerkun@huawei.com \
--cc=yi.zhang@huawei.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox