linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jan Kara <jack@suse.cz>
To: <linux-fsdevel@vger.kernel.org>
Cc: <linux-block@vger.kernel.org>,
	Christoph Hellwig <hch@infradead.org>,
	Christian Brauner <brauner@kernel.org>,
	Jens Axboe <axboe@kernel.dk>, Kees Cook <keescook@google.com>,
	Ted Tso <tytso@mit.edu>, syzkaller <syzkaller@googlegroups.com>,
	Alexander Popov <alex.popov@linux.com>,
	Eric Biggers <ebiggers@google.com>, <linux-xfs@vger.kernel.org>,
	linux-btrfs@vger.kernel.org, Dmitry Vyukov <dvyukov@google.com>,
	Jan Kara <jack@suse.cz>
Subject: [PATCH RFC 0/6 v2] block: Add config option to not allow writing to mounted devices
Date: Tue,  4 Jul 2023 14:56:48 +0200	[thread overview]
Message-ID: <20230704122727.17096-1-jack@suse.cz> (raw)

Hello!

This is second version of the patches to add config option to not allow writing
to mounted block devices. For motivation why this is interesting see patch 1/6.
I've been testing the patches more extensively this time and I've found couple
of things that get broken by disallowing writes to mounted block devices:
1) Bind mounts get broken because get_tree_bdev() / mount_bdev() first try to
   claim the bdev before searching whether it is already mounted. Patch 6
   reworks the mount code to avoid this problem.
2) btrfs mounting is likely having the same problem as 1). It should be fixable
   AFAICS but for now I've left it alone until we settle on the rest of the
   series.
3) "mount -o loop" gets broken because util-linux keeps the loop device open
   read-write when attempting to mount it. Hopefully fixable within util-linux.
4) resize2fs online resizing gets broken because it tries to open the block
   device read-write only to call resizing ioctl. Trivial to fix within
   e2fsprogs.

Likely there will be other breakage I didn't find yet but overall the breakage
looks minor enough that the option might be useful. Definitely good enough
for syzbot fuzzing and likely good enough for hardening of systems with
more tightened security.

This patch set is based on the patches making blkdev_get_by_*() return
bdev_handle [1].

Changes since v1:
* Added kernel cmdline argument to toggle whether writing to mounted block
  devices is allowed or not
* Fixed handling of partitions
* Limit write blocking only to devices open with explicit BLK_OPEN_BLOCK_WRITES
  flag

								Honza

[1] https://lore.kernel.org/all/20230629165206.383-1-jack@suse.cz

Previous versions:
v1: https://lore.kernel.org/all/20230612161614.10302-1-jack@suse.cz

             reply	other threads:[~2023-07-04 12:57 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-04 12:56 Jan Kara [this message]
2023-07-04 12:56 ` [PATCH 1/6] block: Add config option to not allow writing to mounted devices Jan Kara
2023-07-04 15:56   ` Colin Walters
2023-07-04 16:52     ` Eric Biggers
2023-08-14 16:41       ` Jan Kara
2023-08-14 16:43     ` Jan Kara
2023-07-04 18:44   ` Eric Biggers
2023-07-04 20:55     ` Theodore Ts'o
2023-07-05 10:30     ` Jan Kara
2023-07-05 15:12   ` Darrick J. Wong
2023-08-22  5:35   ` Eric Biggers
2023-08-22 10:11     ` Jan Kara
2023-10-19  9:16       ` Aleksandr Nogikh
2023-10-24 11:10         ` Jan Kara
2023-10-27 12:06           ` Aleksandr Nogikh
2023-11-08 10:10           ` Jan Kara
2023-11-08 18:24             ` Aleksandr Nogikh
2023-07-04 12:56 ` [PATCH 2/6] fs: Block writes to mounted block devices Jan Kara
2023-07-04 12:56 ` [PATCH 3/6] xfs: Block writes to log device Jan Kara
2023-07-04 15:53   ` Darrick J. Wong
2023-07-05 10:31     ` Jan Kara
2023-07-04 12:56 ` [PATCH 4/6] ext4: Block writes to journal device Jan Kara
2023-07-04 12:56 ` [PATCH 5/6] btrfs: Block writes to seed devices Jan Kara
2023-07-12 14:33   ` David Sterba
2023-07-04 12:56 ` [PATCH 6/6] fs: Make bind mounts work with bdev_allow_write_mounted=n Jan Kara
2023-07-04 13:59   ` Christian Brauner
2023-07-05 13:00     ` Jan Kara
2023-07-05 13:46       ` Christian Brauner
2023-07-05 16:14         ` Jan Kara
2023-07-06 15:55   ` Christoph Hellwig
2023-07-06 16:12     ` Jan Kara
2023-07-07  7:39       ` Christian Brauner
2023-07-07 10:48         ` Jan Kara
2023-07-07 11:31         ` Christoph Hellwig
2023-07-07 12:28           ` Jan Kara
2023-07-07 11:30       ` Christoph Hellwig
2023-07-04 13:40 ` [PATCH RFC 0/6 v2] block: Add config option to not allow writing to mounted devices Christian Brauner
2023-07-05 12:27 ` Mike Fleetwood
2023-08-14 16:39   ` Jan Kara

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230704122727.17096-1-jack@suse.cz \
    --to=jack@suse.cz \
    --cc=alex.popov@linux.com \
    --cc=axboe@kernel.dk \
    --cc=brauner@kernel.org \
    --cc=dvyukov@google.com \
    --cc=ebiggers@google.com \
    --cc=hch@infradead.org \
    --cc=keescook@google.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=syzkaller@googlegroups.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).