On Tue, Feb 27, 2024 at 01:45:35PM +1030, Qu Wenruo wrote: > [BUG] > Currently btrfs can create subvolume with an invalid qgroup inherit > without triggering any error: > > # mkfs.btrfs -O quota -f $dev > # mount $dev $mnt > # btrfs subvolume create -i 2/0 $mnt/subv1 > # btrfs qgroup show -prce --sync $mnt > Qgroupid Referenced Exclusive Path > -------- ---------- --------- ---- > 0/5 16.00KiB 16.00KiB <toplevel> > 0/256 16.00KiB 16.00KiB subv1 > > [CAUSE] > We only do a very basic size check for btrfs_qgroup_inherit structure, > but never really verify if the values are correct. > > Thus in btrfs_qgroup_inherit() function, we have to skip non-existing > qgroups, and never return any error. > > [FIX] > Fix the behavior and introduce extra checks: > > - Introduce early check for btrfs_qgroup_inherit structure > Not only the size, but also all the qgroup ids would be verifyed. > > And the timing is very early, so we can return error early. > This early check is very important for snapshot creation, as snapshot > is delayed to transaction commit. > > - Drop support for btrfs_qgroup_inherit::num_ref_copies and > num_excl_copies > Those two members are used to specify to copy refr/excl numbers from > other qgroups. > This would definitely mark qgroup inconsistent, and btrfs-progs has > dropped the support for them for a long time. > It's time to drop the support for kernel. > > - Verify the supported btrfs_qgroup_inherit::flags > Just in case we want to add extra flags for btrfs_qgroup_inherit. > > Now above subvolume creation would fail with -ENOENT other than silently > ignore the non-existing qgroup. > > CC: stable@xxxxxxxxxxxxxxx > Signed-off-by: Qu Wenruo <wqu@xxxxxxxx> Reviewed-by: David Sterba <dsterba@xxxxxxxx>
