Hi Eric! On Mon 21-08-23 22:35:23, Eric Biggers wrote: > On Tue, Jul 04, 2023 at 02:56:49PM +0200, Jan Kara wrote: > > Writing to mounted devices is dangerous and can lead to filesystem > > corruption as well as crashes. Furthermore syzbot comes with more and > > more involved examples how to corrupt block device under a mounted > > filesystem leading to kernel crashes and reports we can do nothing > > about. Add tracking of writers to each block device and a kernel cmdline > > argument which controls whether writes to block devices open with > > BLK_OPEN_BLOCK_WRITES flag are allowed. We will make filesystems use > > this flag for used devices. > > > > Syzbot can use this cmdline argument option to avoid uninteresting > > crashes. Also users whose userspace setup does not need writing to > > mounted block devices can set this option for hardening. > > > > Link: https://lore.kernel.org/all/60788e5d-5c7c-1142-e554-c21d709acfd9@xxxxxxxxxx > > Signed-off-by: Jan Kara <jack@xxxxxxx> > > Can you make it clear that the important thing this patch prevents is > writes to the block device's buffer cache, not writes to the underlying > storage? It's super important not to confuse the two cases. Right, I've already updated the description of the help text in the kconfig to explicitely explain that this does not prevent underlying device content from being modified, it just prevents writes the the block device itself. But I guess I can also explain this (with a bit more technical details) in the changelog. Good idea. > Related to this topic, I wonder if there is any value in providing an option > that would allow O_DIRECT writes but forbid buffered writes? Would that be > useful for any of the known use cases for writing to mounted block devices? I'm not sure how useful that would be but it would be certainly rather difficult to implement. The problem is we can currently fallback from direct to buffered IO as we see fit, also we need to invalidate page cache while doing direct IO which can fail etc. So it will be a rather nasty can of worms to open... Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
