Re: [PATCH] block: deny zone management ioctl on mounted fs

From: Damien Le Moal <Damien.LeMoal@wdc.com>
To: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>,
	Jens Axboe <axboe@kernel.dk>
Cc: "linux-block @ vger . kernel . org" <linux-block@vger.kernel.org>,
	Christoph Hellwig <hch@lst.de>, Coly Li <colyli@suse.de>
Subject: Re: [PATCH] block: deny zone management ioctl on mounted fs
Date: Fri, 15 May 2020 04:52:27 +0000	[thread overview]
Message-ID: <BY5PR04MB69006DE86D1050620B5EDAA4E7BD0@BY5PR04MB6900.namprd04.prod.outlook.com> (raw)
In-Reply-To: 20200514162643.11880-1-johannes.thumshirn@wdc.com

On 2020/05/15 1:26, Johannes Thumshirn wrote:
> If a user submits a zone management ioctl from user-space, like a zone
> reset and a file-system (like zonefs or f2fs) is mounted on the zoned
> block device, the zone will get reset and the file-system's cached value
> of the zone's write-pointer becomes invalid.
> 
> Subsequent writes to this zone from the file-system will result in
> unaligned writes and the drive will error out.
> 
> Deny zone management ioctls when a super_block is found on the block
> device.

Zone management ioctls can only be executed by users that have SYS_CAP_ADMIN
capabilities. If these start doing stupid things, the system is probably in for
a lot of troubles beyond what this patch is trying to prevent.

In addition, there are so many other ways that a mounted zoned block device can
be corrupted beyond these ioctls that I am not sure this patch is very useful.
E.g. any raw block device write in a zone would also cause the FS to see
unaligned writes, and any other raw block device access is also possible for
SYS_CAP_ADMIN users. Preventing only these ioctls does not really improve
anything I think. That may even be harmful has that would prevent things like
inline file system check utilities to run.

> 
> Reported-by: Coly Li <colyli@suse.de>
> Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
> ---
> 
> Is there a better way to check for a mounted FS than get_super()/drop_super()?
> 
>  block/blk-zoned.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/block/blk-zoned.c b/block/blk-zoned.c
> index 23831fa8701d..6923695ec414 100644
> --- a/block/blk-zoned.c
> +++ b/block/blk-zoned.c
> @@ -325,6 +325,7 @@ int blkdev_zone_mgmt_ioctl(struct block_device *bdev, fmode_t mode,
>  			   unsigned int cmd, unsigned long arg)
>  {
>  	void __user *argp = (void __user *)arg;
> +	struct super_block *sb;
>  	struct request_queue *q;
>  	struct blk_zone_range zrange;
>  	enum req_opf op;
> @@ -345,6 +346,12 @@ int blkdev_zone_mgmt_ioctl(struct block_device *bdev, fmode_t mode,
>  	if (!(mode & FMODE_WRITE))
>  		return -EBADF;
>  
> +	sb = get_super(bdev);
> +	if (sb) {
> +		drop_super(sb);
> +		return -EINVAL;
> +	}
> +
>  	if (copy_from_user(&zrange, argp, sizeof(struct blk_zone_range)))
>  		return -EFAULT;
>  
> 

-- 
Damien Le Moal
Western Digital Research