* [PATCH] block: allow IOC_PR_READ_* ioctls with BLK_OPEN_READ
@ 2026-02-10 16:36 Stefan Hajnoczi
2026-02-11 15:42 ` Christoph Hellwig
2026-02-11 17:37 ` Jens Axboe
0 siblings, 2 replies; 3+ messages in thread
From: Stefan Hajnoczi @ 2026-02-10 16:36 UTC (permalink / raw)
To: Jens Axboe
Cc: linux-kernel, linux-block, Stefan Hajnoczi, Christoph Hellwig,
Martin Wilck, Benjamin Marzinski, Hannes Reinecke
The recently added IOC_PR_READ_* ioctls require the same BLK_OPEN_WRITE
permission as the older persistent reservation ioctls. This has the
drawback that udev triggers when the file descriptor is closed,
resulting in unnecessary activity like scanning partitions even though
these read-only ioctls do not modify the device.
Change IOC_PR_READ_KEYS and IOC_PR_READ_RESERVATION to require
BLK_OPEN_READ. This prevents unnecessary activity every time `blkpr
--read-keys` or `blkpr --read-reservation` is invoked by shell scripts,
for example.
It is safe to reduce the permission requirement from BLK_OPEN_WRITE to
BLK_OPEN_READ since these two ioctls do not modify the persistent
reservation state. Userspace cannot use the information fetched by these
ioctls to make changes to the device unless it later opens the device
with BLK_OPEN_WRITE.
Fixes: 3e2cb9ee76c2 ("block: add IOC_PR_READ_RESERVATION ioctl")
Fixes: 22a1ffea5f80 ("block: add IOC_PR_READ_KEYS ioctl")
Cc: Christoph Hellwig <hch@lst.de>
Cc: Martin Wilck <mwilck@suse.com>
Cc: Benjamin Marzinski <bmarzins@redhat.com>
Suggested-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
block/ioctl.c | 34 +++++++++++++++++++++++-----------
1 file changed, 23 insertions(+), 11 deletions(-)
diff --git a/block/ioctl.c b/block/ioctl.c
index 344478348a54e..337e4c3b65b2c 100644
--- a/block/ioctl.c
+++ b/block/ioctl.c
@@ -318,7 +318,13 @@ int blkdev_compat_ptr_ioctl(struct block_device *bdev, blk_mode_t mode,
EXPORT_SYMBOL(blkdev_compat_ptr_ioctl);
#endif
-static bool blkdev_pr_allowed(struct block_device *bdev, blk_mode_t mode)
+enum pr_direction {
+ PR_IN, /* read from device */
+ PR_OUT, /* write to device */
+};
+
+static bool blkdev_pr_allowed(struct block_device *bdev, blk_mode_t mode,
+ enum pr_direction dir)
{
/* no sense to make reservations for partitions */
if (bdev_is_partition(bdev))
@@ -326,11 +332,17 @@ static bool blkdev_pr_allowed(struct block_device *bdev, blk_mode_t mode)
if (capable(CAP_SYS_ADMIN))
return true;
+
/*
- * Only allow unprivileged reservations if the file descriptor is open
- * for writing.
+ * Only allow unprivileged reservation _out_ commands if the file
+ * descriptor is open for writing. Allow reservation _in_ commands if
+ * the file descriptor is open for reading since they do not modify the
+ * device.
*/
- return mode & BLK_OPEN_WRITE;
+ if (dir == PR_IN)
+ return mode & BLK_OPEN_READ;
+ else
+ return mode & BLK_OPEN_WRITE;
}
static int blkdev_pr_register(struct block_device *bdev, blk_mode_t mode,
@@ -339,7 +351,7 @@ static int blkdev_pr_register(struct block_device *bdev, blk_mode_t mode,
const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops;
struct pr_registration reg;
- if (!blkdev_pr_allowed(bdev, mode))
+ if (!blkdev_pr_allowed(bdev, mode, PR_OUT))
return -EPERM;
if (!ops || !ops->pr_register)
return -EOPNOTSUPP;
@@ -357,7 +369,7 @@ static int blkdev_pr_reserve(struct block_device *bdev, blk_mode_t mode,
const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops;
struct pr_reservation rsv;
- if (!blkdev_pr_allowed(bdev, mode))
+ if (!blkdev_pr_allowed(bdev, mode, PR_OUT))
return -EPERM;
if (!ops || !ops->pr_reserve)
return -EOPNOTSUPP;
@@ -375,7 +387,7 @@ static int blkdev_pr_release(struct block_device *bdev, blk_mode_t mode,
const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops;
struct pr_reservation rsv;
- if (!blkdev_pr_allowed(bdev, mode))
+ if (!blkdev_pr_allowed(bdev, mode, PR_OUT))
return -EPERM;
if (!ops || !ops->pr_release)
return -EOPNOTSUPP;
@@ -393,7 +405,7 @@ static int blkdev_pr_preempt(struct block_device *bdev, blk_mode_t mode,
const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops;
struct pr_preempt p;
- if (!blkdev_pr_allowed(bdev, mode))
+ if (!blkdev_pr_allowed(bdev, mode, PR_OUT))
return -EPERM;
if (!ops || !ops->pr_preempt)
return -EOPNOTSUPP;
@@ -411,7 +423,7 @@ static int blkdev_pr_clear(struct block_device *bdev, blk_mode_t mode,
const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops;
struct pr_clear c;
- if (!blkdev_pr_allowed(bdev, mode))
+ if (!blkdev_pr_allowed(bdev, mode, PR_OUT))
return -EPERM;
if (!ops || !ops->pr_clear)
return -EOPNOTSUPP;
@@ -434,7 +446,7 @@ static int blkdev_pr_read_keys(struct block_device *bdev, blk_mode_t mode,
size_t keys_copy_len;
int ret;
- if (!blkdev_pr_allowed(bdev, mode))
+ if (!blkdev_pr_allowed(bdev, mode, PR_IN))
return -EPERM;
if (!ops || !ops->pr_read_keys)
return -EOPNOTSUPP;
@@ -486,7 +498,7 @@ static int blkdev_pr_read_reservation(struct block_device *bdev,
struct pr_read_reservation out = {};
int ret;
- if (!blkdev_pr_allowed(bdev, mode))
+ if (!blkdev_pr_allowed(bdev, mode, PR_IN))
return -EPERM;
if (!ops || !ops->pr_read_reservation)
return -EOPNOTSUPP;
--
2.52.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] block: allow IOC_PR_READ_* ioctls with BLK_OPEN_READ
2026-02-10 16:36 [PATCH] block: allow IOC_PR_READ_* ioctls with BLK_OPEN_READ Stefan Hajnoczi
@ 2026-02-11 15:42 ` Christoph Hellwig
2026-02-11 17:37 ` Jens Axboe
1 sibling, 0 replies; 3+ messages in thread
From: Christoph Hellwig @ 2026-02-11 15:42 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: Jens Axboe, linux-kernel, linux-block, Christoph Hellwig,
Martin Wilck, Benjamin Marzinski, Hannes Reinecke
On Tue, Feb 10, 2026 at 11:36:17AM -0500, Stefan Hajnoczi wrote:
> It is safe to reduce the permission requirement from BLK_OPEN_WRITE to
> BLK_OPEN_READ since these two ioctls do not modify the persistent
> reservation state. Userspace cannot use the information fetched by these
> ioctls to make changes to the device unless it later opens the device
> with BLK_OPEN_WRITE.
Hmm. How often do we give unprivileged users access to the block
device node anyway? But I guess if they can read all the data on
the device, they might as well see the reservation holders as well:
Reviewed-by: Christoph Hellwig <hch@lst.de>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] block: allow IOC_PR_READ_* ioctls with BLK_OPEN_READ
2026-02-10 16:36 [PATCH] block: allow IOC_PR_READ_* ioctls with BLK_OPEN_READ Stefan Hajnoczi
2026-02-11 15:42 ` Christoph Hellwig
@ 2026-02-11 17:37 ` Jens Axboe
1 sibling, 0 replies; 3+ messages in thread
From: Jens Axboe @ 2026-02-11 17:37 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: linux-kernel, linux-block, Christoph Hellwig, Martin Wilck,
Benjamin Marzinski, Hannes Reinecke
On Tue, 10 Feb 2026 11:36:17 -0500, Stefan Hajnoczi wrote:
> The recently added IOC_PR_READ_* ioctls require the same BLK_OPEN_WRITE
> permission as the older persistent reservation ioctls. This has the
> drawback that udev triggers when the file descriptor is closed,
> resulting in unnecessary activity like scanning partitions even though
> these read-only ioctls do not modify the device.
>
> Change IOC_PR_READ_KEYS and IOC_PR_READ_RESERVATION to require
> BLK_OPEN_READ. This prevents unnecessary activity every time `blkpr
> --read-keys` or `blkpr --read-reservation` is invoked by shell scripts,
> for example.
>
> [...]
Applied, thanks!
[1/1] block: allow IOC_PR_READ_* ioctls with BLK_OPEN_READ
commit: 5b88af7113feba2f0ae3402bb57cb5c94eea7dc3
Best regards,
--
Jens Axboe
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-02-11 17:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-10 16:36 [PATCH] block: allow IOC_PR_READ_* ioctls with BLK_OPEN_READ Stefan Hajnoczi
2026-02-11 15:42 ` Christoph Hellwig
2026-02-11 17:37 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox