Hi Jan, Thank you for the series! Have you already had a chance to push an updated version of it? I tried to search LKML, but didn't find anything. Or did you decide to put it off until later? -- Aleksandr On Tue, Aug 22, 2023 at 12:12 PM Jan Kara <jack@xxxxxxx> wrote: > > Hi Eric! > > On Mon 21-08-23 22:35:23, Eric Biggers wrote: > > On Tue, Jul 04, 2023 at 02:56:49PM +0200, Jan Kara wrote: > > > Writing to mounted devices is dangerous and can lead to filesystem > > > corruption as well as crashes. Furthermore syzbot comes with more and > > > more involved examples how to corrupt block device under a mounted > > > filesystem leading to kernel crashes and reports we can do nothing > > > about. Add tracking of writers to each block device and a kernel cmdline > > > argument which controls whether writes to block devices open with > > > BLK_OPEN_BLOCK_WRITES flag are allowed. We will make filesystems use > > > this flag for used devices. > > > > > > Syzbot can use this cmdline argument option to avoid uninteresting > > > crashes. Also users whose userspace setup does not need writing to > > > mounted block devices can set this option for hardening. > > > > > > Link: https://lore.kernel.org/all/60788e5d-5c7c-1142-e554-c21d709acfd9@xxxxxxxxxx > > > Signed-off-by: Jan Kara <jack@xxxxxxx> > > > > Can you make it clear that the important thing this patch prevents is > > writes to the block device's buffer cache, not writes to the underlying > > storage? It's super important not to confuse the two cases. > > Right, I've already updated the description of the help text in the kconfig > to explicitely explain that this does not prevent underlying device content > from being modified, it just prevents writes the the block device itself. > But I guess I can also explain this (with a bit more technical details) in > the changelog. Good idea. > > > Related to this topic, I wonder if there is any value in providing an option > > that would allow O_DIRECT writes but forbid buffered writes? Would that be > > useful for any of the known use cases for writing to mounted block devices? > > I'm not sure how useful that would be but it would be certainly rather > difficult to implement. The problem is we can currently fallback from > direct to buffered IO as we see fit, also we need to invalidate page cache > while doing direct IO which can fail etc. So it will be a rather nasty can > of worms to open... > > Honza > -- > Jan Kara <jack@xxxxxxxx> > SUSE Labs, CR >
