On 3/26/15 3:59 PM, Dave Chinner wrote:
> On Thu, Mar 26, 2015 at 03:03:30PM -0500, Eric Sandeen wrote:
>> There's a bit of a loophole in norecovery mount handling right
>> now: an initial mount must be readonly, but nothing prevents
>> a mount -o remount,rw from producing a writable, unrecovered
>> xfs filesystem.
>>
>> It might be possible to try to perform a log recovery when this
>> is requested, but I'm not sure it's worth the effort. For now,
>> simply disallow this sort of transition.
>>
>> Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
>
> Good catch.
>
> Shouldn't this also check for a ro block device, and disallow the
> rw remount if the block dev is ro?
Seems to be covered already:
# blockdev --setro /dev/sdb1
# mount /dev/sdb1 /mnt/test
mount: block device /dev/sdb1 is write-protected, mounting read-only
# grep sdb1 /proc/mounts
/dev/sdb1 /mnt/test xfs ro,seclabel,relatime,attr2,inode64,noquota 0 0
# mount -o remount,rw /mnt/test
mount: cannot remount block device /dev/sdb1 read-write, is write-protected
from strace:
mount("/dev/sdb1", "/mnt/test", 0x7ff230271d90, MS_MGC_VAL|MS_REMOUNT, NULL) =
-1 EACCES (Permission denied)
Ah, from fs/super.c:
do_remount_sb()
...
#ifdef CONFIG_BLOCK
if (!(flags & MS_RDONLY) && bdev_read_only(sb->s_bdev))
return -EACCES;
#endif
-Eric
|