[PATCHES][RFC] set_blocksize() rework

From: Al Viro <viro@zeniv.linux.org.uk>
To: linux-fsdevel@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	Christian Brauner <brauner@kernel.org>,
	Christoph Hellwig <hch@lst.de>,
	linux-block@vger.kernel.org, Jens Axboe <axboe@kernel.dk>,
	linux-btrfs@vger.kernel.org,
	"Rafael J. Wysocki" <rafael@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCHES][RFC] set_blocksize() rework
Date: Sat, 27 Apr 2024 22:09:20 +0100	[thread overview]
Message-ID: <20240427210920.GR2118490@ZenIV> (raw)

	Any buffer-cache based filesystem is going to be FUBAR
if somebody manages to change block size of device under it,
since primitives (sb_bread(), sb_getblk(), etc.) operate in
terms of block numbers.  If block size suddenly doubles, so
will the offsets from the beginning of device.  Results are
not pretty, obviously.

	The thing that (mostly) prevents that kind of mess
is that most of the mechanisms that lead to block size
change require the device being opened exclusive.  However,
there are several exceptions that allow to do that without
an exclusive open.  Fortunately, all of them require
CAP_SYS_ADMIN, so it's not a security problem - anyone
who already has that level of access can screw the system
into the ground in any number of ways.  However, security
problems or not, that crap should be fixed.

	The series below eliminates these calls of set_blocksize()
and changes calling conventsion of set_blocksize() so that it
uses struct file * instead of struct block_device * to tell
which device to act upon.  Unlike struct block_device, struct
file has enough information to tell an exclusive open from
non-exclusive one, so we can reject the operation in non-exclusive
case.

	The branch is available at
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #work.set_blocksize
Individual patches in followups.

Review (and testing, obviously) would be very welcome.

Shortlog:
Al Viro (7):
      bcache_register(): don't bother with set_blocksize()
      pktcdvd: sort set_blocksize() calls out
      swapon(2)/swapoff(2): don't bother with block size
      swapon(2): open swap with O_EXCL
      swsusp: don't bother with setting block size
      btrfs_get_dev_args_from_path(): don't call set_blocksize()
      set_blocksize(): switch to passing struct file *, fail if it's not opened exclusive

Diffstat:
 block/bdev.c              | 14 ++++++++++----
 block/ioctl.c             | 21 ++++++++++++---------
 drivers/block/pktcdvd.c   |  7 +------
 drivers/md/bcache/super.c |  4 ----
 fs/btrfs/dev-replace.c    |  2 +-
 fs/btrfs/volumes.c        | 13 ++++++++-----
 fs/ext4/super.c           |  2 +-
 fs/reiserfs/journal.c     |  5 ++---
 fs/xfs/xfs_buf.c          |  2 +-
 include/linux/blkdev.h    |  2 +-
 include/linux/swap.h      |  2 --
 kernel/power/swap.c       |  7 +------
 mm/swapfile.c             | 29 ++---------------------------
 13 files changed, 40 insertions(+), 70 deletions(-)