xfs: check for unknown v5 feature bits in superblock write verifier

Make sure we never try to write the superblock with unknown feature bits
set.  We checked those at mount time, so if they're set now then memory
is corrupt.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>

diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c
index 05e7ed1b80225c6b6ffa8c5e07ff68b9a255de88..ca1b3a7a917172d6125eace7002b363ed03f0f9e 100644 (file)
--- a/fs/xfs/libxfs/xfs_sb.c
+++ b/fs/xfs/libxfs/xfs_sb.c
@@ -166,7 +166,40 @@ xfs_validate_sb_write(
        if (XFS_SB_VERSION_NUM(sbp) != XFS_SB_VERSION_5)
                return 0;
 
-       /* XXX: For write validation, we don't need to check feature masks?? */
+       /*
+        * Version 5 superblock feature mask validation. Reject combinations
+        * the kernel cannot support since we checked for unsupported bits in
+        * the read verifier, which means that memory is corrupt.
+        */
+       if (xfs_sb_has_compat_feature(sbp, XFS_SB_FEAT_COMPAT_UNKNOWN)) {
+               xfs_warn(mp,
+"Corruption detected in superblock compatible features (0x%x)!",
+                       (sbp->sb_features_compat & XFS_SB_FEAT_COMPAT_UNKNOWN));
+               return -EFSCORRUPTED;
+       }
+
+       if (xfs_sb_has_ro_compat_feature(sbp, XFS_SB_FEAT_RO_COMPAT_UNKNOWN)) {
+               xfs_alert(mp,
+"Corruption detected in superblock read-only compatible features (0x%x)!",
+                       (sbp->sb_features_ro_compat &
+                                       XFS_SB_FEAT_RO_COMPAT_UNKNOWN));
+               return -EFSCORRUPTED;
+       }
+       if (xfs_sb_has_incompat_feature(sbp, XFS_SB_FEAT_INCOMPAT_UNKNOWN)) {
+               xfs_warn(mp,
+"Corruption detected in superblock incompatible features (0x%x)!",
+                       (sbp->sb_features_incompat &
+                                       XFS_SB_FEAT_INCOMPAT_UNKNOWN));
+               return -EFSCORRUPTED;
+       }
+       if (xfs_sb_has_incompat_log_feature(sbp,
+                       XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)) {
+               xfs_warn(mp,
+"Corruption detected in superblock incompatible log features (0x%x)!",
+                       (sbp->sb_features_log_incompat &
+                                       XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN));
+               return -EFSCORRUPTED;
+       }
 
        /*
         * We can't read verify the sb LSN because the read verifier is called