On Sat, Apr 27, 2024 at 10:09:20PM +0100, Al Viro wrote:
> Any buffer-cache based filesystem is going to be FUBAR
> if somebody manages to change block size of device under it,
> since primitives (sb_bread(), sb_getblk(), etc.) operate in
> terms of block numbers. If block size suddenly doubles, so
> will the offsets from the beginning of device. Results are
> not pretty, obviously.
>
> The thing that (mostly) prevents that kind of mess
> is that most of the mechanisms that lead to block size
> change require the device being opened exclusive. However,
> there are several exceptions that allow to do that without
> an exclusive open. Fortunately, all of them require
> CAP_SYS_ADMIN, so it's not a security problem - anyone
> who already has that level of access can screw the system
> into the ground in any number of ways. However, security
> problems or not, that crap should be fixed.
>
> The series below eliminates these calls of set_blocksize()
> and changes calling conventsion of set_blocksize() so that it
> uses struct file * instead of struct block_device * to tell
> which device to act upon. Unlike struct block_device, struct
> file has enough information to tell an exclusive open from
> non-exclusive one, so we can reject the operation in non-exclusive
> case.
>
> The branch is available at
> git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #work.set_blocksize
> Individual patches in followups.
>
> Review (and testing, obviously) would be very welcome.
Branch updated and force-pushed (same place). Individual patches in
followups.
Changes:
* zram elimination of double-open added.
* hopefully better description of btrfs side of things.
* final commit split into switch of set_blocksize() to struct file
and adding a check for exclusive open.
* chunk in Documentation/filesystems/porting.rst added.
Shortlog:
Al Viro (9):
bcache_register(): don't bother with set_blocksize()
pktcdvd: sort set_blocksize() calls out
swapon(2)/swapoff(2): don't bother with block size
swapon(2): open swap with O_EXCL
zram: don't bother with reopening - just use O_EXCL for open
swsusp: don't bother with setting block size
btrfs_get_bdev_and_sb(): call set_blocksize() only for exclusive opens
set_blocksize(): switch to passing struct file *
make set_blocksize() fail unless block device is opened exclusive
Diffstat:
Documentation/filesystems/porting.rst | 7 +++++++
block/bdev.c | 14 ++++++++++----
block/ioctl.c | 21 ++++++++++++---------
drivers/block/pktcdvd.c | 7 +------
drivers/block/zram/zram_drv.c | 29 +++++++----------------------
drivers/block/zram/zram_drv.h | 2 +-
drivers/md/bcache/super.c | 4 ----
fs/btrfs/dev-replace.c | 2 +-
fs/btrfs/volumes.c | 13 ++++++++-----
fs/ext4/super.c | 2 +-
fs/reiserfs/journal.c | 5 ++---
fs/xfs/xfs_buf.c | 2 +-
include/linux/blkdev.h | 2 +-
include/linux/swap.h | 2 --
kernel/power/swap.c | 7 +------
mm/swapfile.c | 29 ++---------------------------
16 files changed, 55 insertions(+), 93 deletions(-)
