Hello Christoph! On Wed 14-06-23 00:20:12, Christoph Hellwig wrote: > On Tue, Jun 13, 2023 at 10:56:14PM +0200, Jan Kara wrote: > > Well, as I've mentioned in the changelog there are old setups (without > > initrd) that run fsck on root filesystem mounted read-only and fsck > > programs tend to open the device with O_RDWR. These would be broken by this > > change (for the filesystems that would use BLK_OPEN_ flag). > > But that's also a really broken setup that will corrupt data in many > cases. So yes, maybe we need a way to allow it, but it probably would > have to be per-file system. I was looking into implementing the write hardening support and I've come across the following obstacle: Your patch series that is in linux-block.git removes the 'mode' argument from blkdev_put() which makes it impossible to track how many writers there are for the block device. This is needed so that we can check whether the filesystem is safe when mounting the device. I can see several solutions but since you've just reworked the code and I'm not 100% certain about the motivation, I figured I'll ask you first before spending significant time on something you won't like: 1) Just return the mode argument to blkdev_put(). 2) Only pass to blkdev_put() whether we have write access or not as a separate argument. 3) Don't track number of opens for writing, instead check whether writes are blocked on each write access. I think this has a number of downsides but I mention it for completeness. One problem is we have to add checks to multiple places (buffered IO, direct IO) and existing mmap in particular will be very hard to deal with (need to add page_mkwrite() handler). All these checks add performance overhead. It is practically impossible (without significant performance overhead or new percpu datastructures) to properly synchronize open that wants to block writers against already running writes. So what would you prefer? Thanks in advance for your input. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
