On Wed, Aug 28, 2024 at 09:27:53AM GMT, Darrick J. Wong wrote:
> On Wed, Aug 28, 2024 at 11:48:58AM -0300, Guilherme G. Piccoli wrote:
> > Commit ed5cc702d311 ("block: Add config option to not allow writing to mounted
> > devices") added a Kconfig option along with a kernel command-line tuning to
> > control writes to mounted block devices, as a means to deal with fuzzers like
> > Syzkaller, that provokes kernel crashes by directly writing on block devices
> > bypassing the filesystem (so the FS has no awareness and cannot cope with that).
> >
> > The patch just missed adding such kernel command-line option to the kernel
> > documentation, so let's fix that.
> >
> > Cc: Bart Van Assche <bvanassche@xxxxxxx>
> > Cc: Darrick J. Wong <djwong@xxxxxxxxxx>
> > Cc: Jens Axboe <axboe@xxxxxxxxx>
> > Reviewed-by: Jan Kara <jack@xxxxxxx>
> > Signed-off-by: Guilherme G. Piccoli <gpiccoli@xxxxxxxxxx>
>
> Looks good to me now,
> Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx>
>
> Fun unrelated question: do we want to turn on bdev_allow_write_mounted
> if lockdown is enabled? In that kind of environment, we don't want to
> allow random people to scribble, given how many weird ext4 bugs we've
> had to fix due to syzbot.
I would say yes, we absolutely do.
