Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp2864087rwb;
        Mon, 15 Aug 2022 12:52:27 -0700 (PDT)
X-Google-Smtp-Source: AA6agR5eZxUFv8GzvDSaUxco+yfRvmHtNQbx2jFhJ3KVhmhVFqL80PzKwtNR2xLRKv0IIimz8GwX
X-Received: by 2002:a17:902:710e:b0:170:8d34:9447 with SMTP id a14-20020a170902710e00b001708d349447mr18439304pll.126.1660593147521;
        Mon, 15 Aug 2022 12:52:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660593147; cv=none;
        d=google.com; s=arc-20160816;
        b=Vt+R+FfjF9mZk8DELk5691zn5g8yFC7jh163dUMh0WuVLynkkKRRbkj6QjKoWha85l
         CT7s3QY0RhB2KJw3RvuK8ylkMGF+1TIaTIEI1Z+IjKiHxk+P5CJzCUF7k0q3rlQScz6l
         XcnXvlVzT6fvPNEedjcxLFjw5FYcKT5KLnNUkYZNjjPIUJWglTVriZexSW0c6kc3hh6p
         mo5nGZcNbzE+ZNXY4c34FhyewidMSB6vn/jBSNclT48rqDFRNR+7JY2w/DFUgY4hBzAk
         q3s9JoErrXUcXzD3uZwsQuTY5vrS/AzqVAHvoGfd2lGbEpHAns24lS1Bvn7npDOyOCaJ
         kD2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=gzrqztlK6bRx5FD0tA33b7JbvsaToack2GaCfEiMbYg=;
        b=swXz1UqTlP59rqmoXRQMH4eocK/n38R8Ui4et3rmMeDCBZSzEtVa+WbbB0RfPQpdKG
         aQFS20JUGgd4FfvnrzWwBDAhNJ0LOeH0XmMWG9bDLSjR/sLj0KlIY4BX1vxgp1d7wfLP
         FIDrcO6Bh3D+IvGKWmlfvL7XBnDwOcuHQ34UPTuDITPef3ZM7U8vJa3UH+WdnttwSAS3
         8hBH+KkMbHO9YhlB/iTYt0Lu24ufCBlyBNNJYXxzEO4C3wikQ7XxwBbRZE+G2hgHBnkq
         yWBgd0zpS0nGcOyOwnXJgiI6ua0NBH6p6AeKzWTGdDd9Jm6unGMgYBITv8nu9TNm7w2R
         K93Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DkEGoZw6;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id oc2-20020a17090b1c0200b001eccaceca72si13415379pjb.1.2022.08.15.12.52.15;
        Mon, 15 Aug 2022 12:52:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DkEGoZw6;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240371AbiHOSVN (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Mon, 15 Aug 2022 14:21:13 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42480 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240253AbiHOST2 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 15 Aug 2022 14:19:28 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4ABC72C116;
        Mon, 15 Aug 2022 11:16:30 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 9C10A612AB;
        Mon, 15 Aug 2022 18:16:29 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A260DC433D6;
        Mon, 15 Aug 2022 18:16:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1660587389;
        bh=sH5rG9uoPul61dSov+HrwWJVewCXj4uCwxxsQa5AiS0=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=DkEGoZw6FrAqngiHFsZQs0p/snWq3kEA5oCnEFBJToK7Nz6GPDY7oX+T1rz9CubDN
         S0zyuZKPiuSIYg7StUhWqPX6k6u4LBOhZwue4faNfdyQnLaQVmRuudBNEBibncURjQ
         2MmHgFPH4D0rpBonDU1JOi+nqDfWy/FwgSDao4Pw=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Qu Wenruo <wqu@suse.com>,
        David Sterba <dsterba@suse.com>
Subject: [PATCH 5.15 071/779] btrfs: reject log replay if there is unsupported RO compat flag
Date:   Mon, 15 Aug 2022 19:55:15 +0200
Message-Id: <20220815180340.317778775@linuxfoundation.org>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220815180337.130757997@linuxfoundation.org>
References: <20220815180337.130757997@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Qu Wenruo <wqu@suse.com>

commit dc4d31684974d140250f3ee612c3f0cab13b3146 upstream.

[BUG]
If we have a btrfs image with dirty log, along with an unsupported RO
compatible flag:

log_root		30474240
...
compat_flags		0x0
compat_ro_flags		0x40000003
			( FREE_SPACE_TREE |
			  FREE_SPACE_TREE_VALID |
			  unknown flag: 0x40000000 )

Then even if we can only mount it RO, we will still cause metadata
update for log replay:

  BTRFS info (device dm-1): flagging fs with big metadata feature
  BTRFS info (device dm-1): using free space tree
  BTRFS info (device dm-1): has skinny extents
  BTRFS info (device dm-1): start tree-log replay

This is definitely against RO compact flag requirement.

[CAUSE]
RO compact flag only forces us to do RO mount, but we will still do log
replay for plain RO mount.

Thus this will result us to do log replay and update metadata.

This can be very problematic for new RO compat flag, for example older
kernel can not understand v2 cache, and if we allow metadata update on
RO mount and invalidate/corrupt v2 cache.

[FIX]
Just reject the mount unless rescue=nologreplay is provided:

  BTRFS error (device dm-1): cannot replay dirty log with unsupport optional features (0x40000000), try rescue=nologreplay instead

We don't want to set rescue=nologreply directly, as this would make the
end user to read the old data, and cause confusion.

Since the such case is really rare, we're mostly fine to just reject the
mount with an error message, which also includes the proper workaround.

CC: stable@vger.kernel.org #4.9+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/disk-io.c |   14 ++++++++++++++
 1 file changed, 14 insertions(+)

--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -3557,6 +3557,20 @@ int __cold open_ctree(struct super_block
 		btrfs_err(fs_info, "failed to init dev_replace: %d", ret);
 		goto fail_block_groups;
 	}
+	/*
+	 * We have unsupported RO compat features, although RO mounted, we
+	 * should not cause any metadata write, including log replay.
+	 * Or we could screw up whatever the new feature requires.
+	 */
+	if (unlikely(features && btrfs_super_log_root(disk_super) &&
+		     !btrfs_test_opt(fs_info, NOLOGREPLAY))) {
+		btrfs_err(fs_info,
+"cannot replay dirty log with unsupported compat_ro features (0x%llx), try rescue=nologreplay",
+			  features);
+		err = -EINVAL;
+		goto fail_alloc;
+	}
+
 
 	ret = btrfs_check_zoned_mode(fs_info);
 	if (ret) {