btrfs-progs: prevent silent damage when add dev to an invalid mntpnt
diff mbox

Message ID 1413424419-15237-3-git-send-email-guihc.fnst@cn.fujitsu.com
State Not Applicable
Headers show

Commit Message

Gui Hecheng Oct. 16, 2014, 1:53 a.m. UTC
Problem:
	# mkfs.btrfs -f /dev/sda1
	# btrfs dev add /dev/sda1 /dir -f   <== dir is not a mntpnt

btrfs dev add just report invalid ioctl but it has already made
changes to /dev/sda1 with @btrfs_prepare_device(), so the fs on
/dev/sda1 is damaged.

We could check whether /dev/sda1 is a valid mntpnt by calling
@find_mount_root() to prevent this silent damage.

Signed-off-by: Gui Hecheng <guihc.fnst@cn.fujitsu.com>
---
 cmds-device.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

Patch
diff mbox

diff --git a/cmds-device.c b/cmds-device.c
index a728f21..65815c3 100644
--- a/cmds-device.c
+++ b/cmds-device.c
@@ -53,6 +53,7 @@  static int cmd_add_dev(int argc, char **argv)
 	int discard = 1;
 	int force = 0;
 	char estr[100];
+	char rmntpnt[PATH_MAX];
 
 	while (1) {
 		int long_index;
@@ -84,6 +85,22 @@  static int cmd_add_dev(int argc, char **argv)
 
 	mntpnt = argv[optind + argc - 1];
 
+	if (!realpath(mntpnt, rmntpnt)) {
+		fprintf(stderr, "ERROR: %s\n", strerror(errno));
+		return 1;
+	}
+
+	ret = find_mount_root(rmntpnt, &mntpnt);
+	if (ret < 0) {
+		fprintf(stderr, "ERROR: find_mount_root failed on '%s': %s\n",
+				rmntpnt, strerror(-ret));
+		return 1;
+	} else if (ret > 0) {
+		fprintf(stderr, "ERROR: '%s' doesn't belong to btrfs mount point\n",
+			rmntpnt);
+		return 1;
+	}
+
 	fdmnt = open_file_or_dir(mntpnt, &dirstream);
 	if (fdmnt < 0) {
 		fprintf(stderr, "ERROR: can't access '%s'\n", mntpnt);