Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3702218imu; Mon, 28 Jan 2019 09:17:30 -0800 (PST) X-Google-Smtp-Source: ALg8bN7Aqyp/gknowfJEDKKacwu2Gt9Ae8S5sRc5q8qaHTvPKIGC5y7V55cotAHweDvmeSy20AZe X-Received: by 2002:a63:8043:: with SMTP id j64mr20910328pgd.405.1548695850205; Mon, 28 Jan 2019 09:17:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548695850; cv=none; d=google.com; s=arc-20160816; b=jq9nZDtm2AhYffFvLIlhL7ua5VSK/75UzYDpBWIHk1MxiJAwQDWC0DjszwR6cyaecX eOAvodZwSRlcSkqkqhtrZY6wP9Q3cPr1Hm4A8elsbRSSl+NCY8nBFARH7Cou7PAOApme wQoGuLLFthcHbwGbjIdoqGZ2BBiIJC7CDFcLMPYqnbsMVwOunLwQn0bkKjiVthBjHfCH 1gokhlbE9OOtRy4rzK53/3DkWufYpjmm25qrZd8m9G/9WW3QF8t7NgNX98VTeopgOqFG xlXN4mJh6PzX3TX5Xo80nWH4OxaBK0IBMucjqxpPcr9kfT/lOmgrcbKxqqB6Ruzk7ULM HG6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=rDhtbmyx2cVu2wzSU0vcIhU5qbjElbV6C2NPJ8WDvlA=; b=FXu6mX4HTOPJm02AYUrvKWJkZP+1p67x3lnnEzK1S1fmQXRuhn4Q5VERWMaEQhd7+X OGCCEQuzynLERnINUoI1dnpSiLeyP7VmWvk9UCcAuuHdssW40IC8dP7w2KFg5Y853gXP iDLAKPypuuJEY7WVPVraZXQREuLOEvJn909Kflzthw389ObI3jKYWGqP8t/HqkCxIUSv y2L/cl01bEQRyiSOVNWcgbJb0PeN9GD504co5UK5vwjiJ4OycpIyFqAkaZWBs6p6LC5z /aCLvpX0fma51PzxaX/0K3QLf9Yc4gy9DzpNzafq0rxgO2R0eAjH3GbZbYLXlTuZHcvi RJrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jeRnMzy2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f82si7221969pfa.221.2019.01.28.09.17.14; Mon, 28 Jan 2019 09:17:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jeRnMzy2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731992AbfA1RPp (ORCPT + 99 others); Mon, 28 Jan 2019 12:15:45 -0500 Received: from mail.kernel.org ([198.145.29.99]:56756 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732066AbfA1QG5 (ORCPT ); Mon, 28 Jan 2019 11:06:57 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 473E62171F; Mon, 28 Jan 2019 16:06:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1548691616; bh=0ReZJLp+6Zdsk9K0ZuGkqTQRlgPouPm6ynB9K7ngDa4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jeRnMzy2HcrnZRk9UCsmfcbJUmXjEcCQDNSlPU7T47Ui1AWYhhUjNQ50jV8ZxVh8r KQ1q3bpm6We3Jjv5GC+mGBerJPGOGxSPDJvTVEoN4lLLp4F1rXXP0Xht/yelbAoYAb 3JvIVcfY+7DZ1+Fcm3dqRcf5qMuoeevqujQBZWxY= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Anand Jain , David Sterba , Sasha Levin , linux-btrfs@vger.kernel.org Subject: [PATCH AUTOSEL 4.19 160/258] btrfs: harden agaist duplicate fsid on scanned devices Date: Mon, 28 Jan 2019 10:57:46 -0500 Message-Id: <20190128155924.51521-160-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190128155924.51521-1-sashal@kernel.org> References: <20190128155924.51521-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Anand Jain [ Upstream commit a9261d4125c97ce8624e9941b75dee1b43ad5df9 ] It's not that impossible to imagine that a device OR a btrfs image is copied just by using the dd or the cp command. Which in case both the copies of the btrfs will have the same fsid. If on the system with automount enabled, the copied FS gets scanned. We have a known bug in btrfs, that we let the device path be changed after the device has been mounted. So using this loop hole the new copied device would appears as if its mounted immediately after it's been copied. For example: Initially.. /dev/mmcblk0p4 is mounted as / $ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT mmcblk0 179:0 0 29.2G 0 disk |-mmcblk0p4 179:4 0 4G 0 part / |-mmcblk0p2 179:2 0 500M 0 part /boot |-mmcblk0p3 179:3 0 256M 0 part [SWAP] `-mmcblk0p1 179:1 0 256M 0 part /boot/efi $ btrfs fi show Label: none uuid: 07892354-ddaa-4443-90ea-f76a06accaba Total devices 1 FS bytes used 1.40GiB devid 1 size 4.00GiB used 3.00GiB path /dev/mmcblk0p4 Copy mmcblk0 to sda $ dd if=/dev/mmcblk0 of=/dev/sda And immediately after the copy completes the change in the device superblock is notified which the automount scans using btrfs device scan and the new device sda becomes the mounted root device. $ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 1 14.9G 0 disk |-sda4 8:4 1 4G 0 part / |-sda2 8:2 1 500M 0 part |-sda3 8:3 1 256M 0 part `-sda1 8:1 1 256M 0 part mmcblk0 179:0 0 29.2G 0 disk |-mmcblk0p4 179:4 0 4G 0 part |-mmcblk0p2 179:2 0 500M 0 part /boot |-mmcblk0p3 179:3 0 256M 0 part [SWAP] `-mmcblk0p1 179:1 0 256M 0 part /boot/efi $ btrfs fi show / Label: none uuid: 07892354-ddaa-4443-90ea-f76a06accaba Total devices 1 FS bytes used 1.40GiB devid 1 size 4.00GiB used 3.00GiB path /dev/sda4 The bug is quite nasty that you can't either unmount /dev/sda4 or /dev/mmcblk0p4. And the problem does not get solved until you take sda out of the system on to another system to change its fsid using the 'btrfstune -u' command. Signed-off-by: Anand Jain Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/volumes.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index 0ee1cd4b56fb..285f64f2de5f 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -850,6 +850,35 @@ static noinline struct btrfs_device *device_list_add(const char *path, return ERR_PTR(-EEXIST); } + /* + * We are going to replace the device path for a given devid, + * make sure it's the same device if the device is mounted + */ + if (device->bdev) { + struct block_device *path_bdev; + + path_bdev = lookup_bdev(path); + if (IS_ERR(path_bdev)) { + mutex_unlock(&fs_devices->device_list_mutex); + return ERR_CAST(path_bdev); + } + + if (device->bdev != path_bdev) { + bdput(path_bdev); + mutex_unlock(&fs_devices->device_list_mutex); + btrfs_warn_in_rcu(device->fs_info, + "duplicate device fsid:devid for %pU:%llu old:%s new:%s", + disk_super->fsid, devid, + rcu_str_deref(device->name), path); + return ERR_PTR(-EEXIST); + } + bdput(path_bdev); + btrfs_info_in_rcu(device->fs_info, + "device fsid %pU devid %llu moved old:%s new:%s", + disk_super->fsid, devid, + rcu_str_deref(device->name), path); + } + name = rcu_string_strdup(path, GFP_NOFS); if (!name) { mutex_unlock(&fs_devices->device_list_mutex); -- 2.19.1