Hello! On Tue 21-01-25 08:40:50, Xingyu Li wrote: > We noticed that patch 6f861765464f should be probably ported to Linux 6.6 > LTS. Its bug introducing commit is probably 05bdb9965305. The truth is we have always allowed writing to mounted block devices. This is traditional Unix behavior and Linux has been following it. So in principle any kernel before commit 6f861765464f or with CONFIG_BLKDEV_WRITE_MOUNTED=y is prone to the problem. Because unpriviledged users are not generally allowed to write to *any* block device, this is not a security problem. Also note that there are userspace programs (such as filesystem management tools) that need to write to mounted block devices so just disabling CONFIG_BLKDEV_WRITE_MOUNTED is not a generally acceptable option (also for example older versions of mount break if you do this). Hence backporting these changes to stable kernels makes little sense as people are unlikely to be able to use them. CONFIG_BLKDEV_WRITE_MOUNTED is generally useful only for setups doing system fuzzing or tighly controlled locked-down systems where even system administrator is not supposed to get arbitrary priviledges. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
