On Tue, 13 Jun 2023 at 07:10, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote: > > > +config BLK_DEV_WRITE_HARDENING > > + bool "Do not allow writing to mounted devices" > > + help > > + When a block device is mounted, writing to its buffer cache very likely > > + going to cause filesystem corruption. It is also rather easy to crash > > + the kernel in this way since the filesystem has no practical way of > > + detecting these writes to buffer cache and verifying its metadata > > + integrity. Select this option to disallow writing to mounted devices. > > + This should be mostly fine but some filesystems (e.g. ext4) rely on > > + the ability of filesystem tools to write to mounted filesystems to > > + set e.g. UUID or run fsck on the root filesystem in some setups. > > I'm not sure a config option is really the right thing. > > I'd much prefer a BLK_OPEN_ flag to prohibit any other writer. > Except for etN and maybe fat all file systems can set that > unconditionally. And for those file systems that have historically > allowed writes to mounted file systems they can find a local way > to decide on when and when not to set it. I don't question there are use cases for the flag, but there are use cases for the config as well. Some distros may want a guarantee that this does not happen as it compromises lockdown and kernel integrity (on par with unsigned module loading). For fuzzing systems it also may be hard to ensure fine-grained argument constraints, it's much easier and more reliable to prohibit it on config level.
