All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro()
@ 2017-11-09 18:44 Ilya Dryomov
  2017-11-09 18:45 ` [PATCH 1/2] block: fail op_is_write() requests to read-only partitions Ilya Dryomov
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Ilya Dryomov @ 2017-11-09 18:44 UTC (permalink / raw)
  To: linux-block; +Cc: Christoph Hellwig, Jens Axboe, Tejun Heo, David Disseldorp

Hello,

I was doing some cleanup work on rbd BLKROSET handler and discovered
that we ignore partition rw/ro setting (hd_struct->policy) for pretty
much everything but straight writes.

David (CCed) has blktests patches standing by.

(Another aspect of this is that we don't enforce open(2) mode.  Tejun
took a stab at this a few years ago, but his patch had to be reverted:

  75f1dc0d076d ("block: check bdev_read_only() from blkdev_get()")
  e51900f7d38c ("block: revert block_dev read-only check")

It is a separate issue and refusing writes to read-only devices is
obviously more important, but perhaps it's time to revisit that as
well?)

Thanks,

                Ilya


Ilya Dryomov (2):
  block: fail op_is_write() requests to read-only partitions
  block: add bdev_read_only() checks to common helpers

 block/blk-core.c | 23 ++++++++++++++++++++++-
 block/blk-lib.c  | 12 ++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

-- 
2.4.3

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH 1/2] block: fail op_is_write() requests to read-only partitions
  2017-11-09 18:44 [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro() Ilya Dryomov
@ 2017-11-09 18:45 ` Ilya Dryomov
  2017-11-28  9:07   ` Sagi Grimberg
  2017-11-09 18:45 ` [PATCH 2/2] block: add bdev_read_only() checks to common helpers Ilya Dryomov
  2017-11-16  9:02 ` [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro() Ilya Dryomov
  2 siblings, 1 reply; 6+ messages in thread
From: Ilya Dryomov @ 2017-11-09 18:45 UTC (permalink / raw)
  To: linux-block; +Cc: Christoph Hellwig, Jens Axboe, Tejun Heo, David Disseldorp

Regular block device writes go through blkdev_write_iter(), which does
bdev_read_only(), while zeroout/discard/etc requests are never checked,
both userspace- and kernel-triggered.  Add a generic catch-all check to
generic_make_request_checks() to actually enforce ioctl(BLKROSET) and
set_disk_ro(), which is used by quite a few drivers for things like
snapshots, read-only backing files/images, etc.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---
 block/blk-core.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/block/blk-core.c b/block/blk-core.c
index b8d1aa2d1008..139ff47caf4a 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -2022,6 +2022,20 @@ static inline int bio_check_eod(struct bio *bio, unsigned int nr_sectors)
 	return 0;
 }
 
+static inline bool bio_check_ro(struct bio *bio)
+{
+	struct hd_struct *p;
+	int ret = false;
+
+	rcu_read_lock();
+	p = __disk_get_part(bio->bi_disk, bio->bi_partno);
+	if (!p || (p->policy && op_is_write(bio_op(bio))))
+		ret = true;
+	rcu_read_unlock();
+
+	return ret;
+}
+
 static noinline_for_stack bool
 generic_make_request_checks(struct bio *bio)
 {
@@ -2044,11 +2058,18 @@ generic_make_request_checks(struct bio *bio)
 		goto end_io;
 	}
 
+	if (bio_check_ro(bio)) {
+		printk(KERN_ERR
+		       "generic_make_request: Trying to write "
+			"to read-only block-device %s (partno %d)\n",
+			bio_devname(bio, b), bio->bi_partno);
+		goto end_io;
+	}
+
 	/*
 	 * For a REQ_NOWAIT based request, return -EOPNOTSUPP
 	 * if queue is not a request based queue.
 	 */
-
 	if ((bio->bi_opf & REQ_NOWAIT) && !queue_is_rq_based(q))
 		goto not_supported;
 
-- 
2.4.3

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH 2/2] block: add bdev_read_only() checks to common helpers
  2017-11-09 18:44 [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro() Ilya Dryomov
  2017-11-09 18:45 ` [PATCH 1/2] block: fail op_is_write() requests to read-only partitions Ilya Dryomov
@ 2017-11-09 18:45 ` Ilya Dryomov
  2017-11-16  9:02 ` [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro() Ilya Dryomov
  2 siblings, 0 replies; 6+ messages in thread
From: Ilya Dryomov @ 2017-11-09 18:45 UTC (permalink / raw)
  To: linux-block; +Cc: Christoph Hellwig, Jens Axboe, Tejun Heo, David Disseldorp

Similar to blkdev_write_iter(), return -EPERM if the partition is
read-only.  This covers ioctl(), fallocate() and most in-kernel users
but isn't meant to be exhaustive -- everything else will be caught in
generic_make_request_checks(), fail with -EIO and can be fixed later.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---
 block/blk-lib.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/block/blk-lib.c b/block/blk-lib.c
index f625fda5f095..64fe863ae43a 100644
--- a/block/blk-lib.c
+++ b/block/blk-lib.c
@@ -36,6 +36,9 @@ int __blkdev_issue_discard(struct block_device *bdev, sector_t sector,
 	if (!q)
 		return -ENXIO;
 
+	if (bdev_read_only(bdev))
+		return -EPERM;
+
 	if (flags & BLKDEV_DISCARD_SECURE) {
 		if (!blk_queue_secure_erase(q))
 			return -EOPNOTSUPP;
@@ -155,6 +158,9 @@ static int __blkdev_issue_write_same(struct block_device *bdev, sector_t sector,
 	if (!q)
 		return -ENXIO;
 
+	if (bdev_read_only(bdev))
+		return -EPERM;
+
 	bs_mask = (bdev_logical_block_size(bdev) >> 9) - 1;
 	if ((sector | nr_sects) & bs_mask)
 		return -EINVAL;
@@ -232,6 +238,9 @@ static int __blkdev_issue_write_zeroes(struct block_device *bdev,
 	if (!q)
 		return -ENXIO;
 
+	if (bdev_read_only(bdev))
+		return -EPERM;
+
 	/* Ensure that max_write_zeroes_sectors doesn't overflow bi_size */
 	max_write_zeroes_sectors = bdev_write_zeroes_sectors(bdev);
 
@@ -286,6 +295,9 @@ static int __blkdev_issue_zero_pages(struct block_device *bdev,
 	if (!q)
 		return -ENXIO;
 
+	if (bdev_read_only(bdev))
+		return -EPERM;
+
 	while (nr_sects != 0) {
 		bio = next_bio(bio, __blkdev_sectors_to_bio_pages(nr_sects),
 			       gfp_mask);
-- 
2.4.3

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro()
  2017-11-09 18:44 [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro() Ilya Dryomov
  2017-11-09 18:45 ` [PATCH 1/2] block: fail op_is_write() requests to read-only partitions Ilya Dryomov
  2017-11-09 18:45 ` [PATCH 2/2] block: add bdev_read_only() checks to common helpers Ilya Dryomov
@ 2017-11-16  9:02 ` Ilya Dryomov
  2017-11-27  9:19   ` Ilya Dryomov
  2 siblings, 1 reply; 6+ messages in thread
From: Ilya Dryomov @ 2017-11-16  9:02 UTC (permalink / raw)
  To: Christoph Hellwig, Jens Axboe; +Cc: linux-block, Tejun Heo, David Disseldorp

On Thu, Nov 9, 2017 at 7:44 PM, Ilya Dryomov <idryomov@gmail.com> wrote:
> Hello,
>
> I was doing some cleanup work on rbd BLKROSET handler and discovered
> that we ignore partition rw/ro setting (hd_struct->policy) for pretty
> much everything but straight writes.
>
> David (CCed) has blktests patches standing by.
>
> (Another aspect of this is that we don't enforce open(2) mode.  Tejun
> took a stab at this a few years ago, but his patch had to be reverted:
>
>   75f1dc0d076d ("block: check bdev_read_only() from blkdev_get()")
>   e51900f7d38c ("block: revert block_dev read-only check")
>
> It is a separate issue and refusing writes to read-only devices is
> obviously more important, but perhaps it's time to revisit that as
> well?)
>
> Thanks,
>
>                 Ilya
>
>
> Ilya Dryomov (2):
>   block: fail op_is_write() requests to read-only partitions
>   block: add bdev_read_only() checks to common helpers
>
>  block/blk-core.c | 23 ++++++++++++++++++++++-
>  block/blk-lib.c  | 12 ++++++++++++
>  2 files changed, 34 insertions(+), 1 deletion(-)

Ping...  Christoph, Jens, could one of you please take a look?

Thanks,

                Ilya

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro()
  2017-11-16  9:02 ` [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro() Ilya Dryomov
@ 2017-11-27  9:19   ` Ilya Dryomov
  0 siblings, 0 replies; 6+ messages in thread
From: Ilya Dryomov @ 2017-11-27  9:19 UTC (permalink / raw)
  To: Christoph Hellwig, Jens Axboe; +Cc: linux-block, Tejun Heo, David Disseldorp

On Thu, Nov 16, 2017 at 10:02 AM, Ilya Dryomov <idryomov@gmail.com> wrote:
> On Thu, Nov 9, 2017 at 7:44 PM, Ilya Dryomov <idryomov@gmail.com> wrote:
>> Hello,
>>
>> I was doing some cleanup work on rbd BLKROSET handler and discovered
>> that we ignore partition rw/ro setting (hd_struct->policy) for pretty
>> much everything but straight writes.
>>
>> David (CCed) has blktests patches standing by.
>>
>> (Another aspect of this is that we don't enforce open(2) mode.  Tejun
>> took a stab at this a few years ago, but his patch had to be reverted:
>>
>>   75f1dc0d076d ("block: check bdev_read_only() from blkdev_get()")
>>   e51900f7d38c ("block: revert block_dev read-only check")
>>
>> It is a separate issue and refusing writes to read-only devices is
>> obviously more important, but perhaps it's time to revisit that as
>> well?)
>>
>> Thanks,
>>
>>                 Ilya
>>
>>
>> Ilya Dryomov (2):
>>   block: fail op_is_write() requests to read-only partitions
>>   block: add bdev_read_only() checks to common helpers
>>
>>  block/blk-core.c | 23 ++++++++++++++++++++++-
>>  block/blk-lib.c  | 12 ++++++++++++
>>  2 files changed, 34 insertions(+), 1 deletion(-)
>
> Ping...  Christoph, Jens, could one of you please take a look?

Ping?

Thanks,

                Ilya

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 1/2] block: fail op_is_write() requests to read-only partitions
  2017-11-09 18:45 ` [PATCH 1/2] block: fail op_is_write() requests to read-only partitions Ilya Dryomov
@ 2017-11-28  9:07   ` Sagi Grimberg
  0 siblings, 0 replies; 6+ messages in thread
From: Sagi Grimberg @ 2017-11-28  9:07 UTC (permalink / raw)
  To: Ilya Dryomov, linux-block
  Cc: Christoph Hellwig, Jens Axboe, Tejun Heo, David Disseldorp


> +	if (bio_check_ro(bio)) {

I'd place unlikely statement here, but other than that, looks good to me

Reviewed-by: Sagi Grimberg <sagi@grimberg.me>

> +		printk(KERN_ERR
> +		       "generic_make_request: Trying to write "
> +			"to read-only block-device %s (partno %d)\n",
> +			bio_devname(bio, b), bio->bi_partno);
> +		goto end_io;
> +	}
> +
>   	/*
>   	 * For a REQ_NOWAIT based request, return -EOPNOTSUPP
>   	 * if queue is not a request based queue.
>   	 */
> -
>   	if ((bio->bi_opf & REQ_NOWAIT) && !queue_is_rq_based(q))
>   		goto not_supported;
>   
> 

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2017-11-28  9:07 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-09 18:44 [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro() Ilya Dryomov
2017-11-09 18:45 ` [PATCH 1/2] block: fail op_is_write() requests to read-only partitions Ilya Dryomov
2017-11-28  9:07   ` Sagi Grimberg
2017-11-09 18:45 ` [PATCH 2/2] block: add bdev_read_only() checks to common helpers Ilya Dryomov
2017-11-16  9:02 ` [PATCH 0/2] block: enforce ioctl(BLKROSET) and set_disk_ro() Ilya Dryomov
2017-11-27  9:19   ` Ilya Dryomov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.