Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp2864087rwb; Mon, 15 Aug 2022 12:52:27 -0700 (PDT) X-Google-Smtp-Source: AA6agR5eZxUFv8GzvDSaUxco+yfRvmHtNQbx2jFhJ3KVhmhVFqL80PzKwtNR2xLRKv0IIimz8GwX X-Received: by 2002:a17:902:710e:b0:170:8d34:9447 with SMTP id a14-20020a170902710e00b001708d349447mr18439304pll.126.1660593147521; Mon, 15 Aug 2022 12:52:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660593147; cv=none; d=google.com; s=arc-20160816; b=Vt+R+FfjF9mZk8DELk5691zn5g8yFC7jh163dUMh0WuVLynkkKRRbkj6QjKoWha85l CT7s3QY0RhB2KJw3RvuK8ylkMGF+1TIaTIEI1Z+IjKiHxk+P5CJzCUF7k0q3rlQScz6l XcnXvlVzT6fvPNEedjcxLFjw5FYcKT5KLnNUkYZNjjPIUJWglTVriZexSW0c6kc3hh6p mo5nGZcNbzE+ZNXY4c34FhyewidMSB6vn/jBSNclT48rqDFRNR+7JY2w/DFUgY4hBzAk q3s9JoErrXUcXzD3uZwsQuTY5vrS/AzqVAHvoGfd2lGbEpHAns24lS1Bvn7npDOyOCaJ kD2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=gzrqztlK6bRx5FD0tA33b7JbvsaToack2GaCfEiMbYg=; b=swXz1UqTlP59rqmoXRQMH4eocK/n38R8Ui4et3rmMeDCBZSzEtVa+WbbB0RfPQpdKG aQFS20JUGgd4FfvnrzWwBDAhNJ0LOeH0XmMWG9bDLSjR/sLj0KlIY4BX1vxgp1d7wfLP FIDrcO6Bh3D+IvGKWmlfvL7XBnDwOcuHQ34UPTuDITPef3ZM7U8vJa3UH+WdnttwSAS3 8hBH+KkMbHO9YhlB/iTYt0Lu24ufCBlyBNNJYXxzEO4C3wikQ7XxwBbRZE+G2hgHBnkq yWBgd0zpS0nGcOyOwnXJgiI6ua0NBH6p6AeKzWTGdDd9Jm6unGMgYBITv8nu9TNm7w2R K93Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DkEGoZw6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id oc2-20020a17090b1c0200b001eccaceca72si13415379pjb.1.2022.08.15.12.52.15; Mon, 15 Aug 2022 12:52:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DkEGoZw6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240371AbiHOSVN (ORCPT + 99 others); Mon, 15 Aug 2022 14:21:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240253AbiHOST2 (ORCPT ); Mon, 15 Aug 2022 14:19:28 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4ABC72C116; Mon, 15 Aug 2022 11:16:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9C10A612AB; Mon, 15 Aug 2022 18:16:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A260DC433D6; Mon, 15 Aug 2022 18:16:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1660587389; bh=sH5rG9uoPul61dSov+HrwWJVewCXj4uCwxxsQa5AiS0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DkEGoZw6FrAqngiHFsZQs0p/snWq3kEA5oCnEFBJToK7Nz6GPDY7oX+T1rz9CubDN S0zyuZKPiuSIYg7StUhWqPX6k6u4LBOhZwue4faNfdyQnLaQVmRuudBNEBibncURjQ 2MmHgFPH4D0rpBonDU1JOi+nqDfWy/FwgSDao4Pw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Qu Wenruo , David Sterba Subject: [PATCH 5.15 071/779] btrfs: reject log replay if there is unsupported RO compat flag Date: Mon, 15 Aug 2022 19:55:15 +0200 Message-Id: <20220815180340.317778775@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220815180337.130757997@linuxfoundation.org> References: <20220815180337.130757997@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Qu Wenruo commit dc4d31684974d140250f3ee612c3f0cab13b3146 upstream. [BUG] If we have a btrfs image with dirty log, along with an unsupported RO compatible flag: log_root 30474240 ... compat_flags 0x0 compat_ro_flags 0x40000003 ( FREE_SPACE_TREE | FREE_SPACE_TREE_VALID | unknown flag: 0x40000000 ) Then even if we can only mount it RO, we will still cause metadata update for log replay: BTRFS info (device dm-1): flagging fs with big metadata feature BTRFS info (device dm-1): using free space tree BTRFS info (device dm-1): has skinny extents BTRFS info (device dm-1): start tree-log replay This is definitely against RO compact flag requirement. [CAUSE] RO compact flag only forces us to do RO mount, but we will still do log replay for plain RO mount. Thus this will result us to do log replay and update metadata. This can be very problematic for new RO compat flag, for example older kernel can not understand v2 cache, and if we allow metadata update on RO mount and invalidate/corrupt v2 cache. [FIX] Just reject the mount unless rescue=nologreplay is provided: BTRFS error (device dm-1): cannot replay dirty log with unsupport optional features (0x40000000), try rescue=nologreplay instead We don't want to set rescue=nologreply directly, as this would make the end user to read the old data, and cause confusion. Since the such case is really rare, we're mostly fine to just reject the mount with an error message, which also includes the proper workaround. CC: stable@vger.kernel.org #4.9+ Signed-off-by: Qu Wenruo Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/disk-io.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -3557,6 +3557,20 @@ int __cold open_ctree(struct super_block btrfs_err(fs_info, "failed to init dev_replace: %d", ret); goto fail_block_groups; } + /* + * We have unsupported RO compat features, although RO mounted, we + * should not cause any metadata write, including log replay. + * Or we could screw up whatever the new feature requires. + */ + if (unlikely(features && btrfs_super_log_root(disk_super) && + !btrfs_test_opt(fs_info, NOLOGREPLAY))) { + btrfs_err(fs_info, +"cannot replay dirty log with unsupported compat_ro features (0x%llx), try rescue=nologreplay", + features); + err = -EINVAL; + goto fail_alloc; + } + ret = btrfs_check_zoned_mode(fs_info); if (ret) {