Linux 6.8 To Allow Blocking Writes To Mounted Block Devices

As part of the VFS changes submitted for the upcoming Linux 6.8 merge window, a new "BLK_DEV_WRITE_MOUNTED" Kconfig option is added that allows controlling whether writes are allowed to mounted block devices.

The new BLK_DEV_WRITE_MOUNTED option is a safety feature tackled by SUSE's Jan Kara. The goal is to allow preventing writes to mounted devices as it can likely lead to file-system corruption and/or crashes. Besides having the Kconfig tunable for kernel builds, the new feature adds a "bdev_allow_write_mounted=" boot option for the kernel command-line to allow manipulating the block device write control for mounted devices.

The Kconfig text explains of the BLK_DEV_WRITE_MOUNTED feature:

"When a block device is mounted, writing to its buffer cache is very likely going to cause filesystem corruption. It is also rather easy to crash the kernel in this way since the filesystem has no practical way of detecting these writes to buffer cache and verifying its metadata integrity. However there are some setups that need this capability like running fsck on read-only mounted root device, modifying some features on mounted ext4 filesystem, and similar. If you say N, the kernel will prevent processes from writing to block devices that are mounted by filesystems which provides some more protection from runaway privileged processes and generally makes it much harder to crash filesystem drivers. Note however that this does not prevent underlying device(s) from being modified by other means, e.g. by directly submitting SCSI commands or through access to lower layers of storage stack. If in doubt, say Y. The configuration can be overridden with the bdev_allow_write_mounted boot option."

This feature was sent out today for the Linux 6.8 merge window via the VFS super updates. That pull request also re-implements block device freezing and thawing as holder operations on the block device.