From owner-freebsd-stable@freebsd.org  Tue Mar  2 08:55:20 2021
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C5DA45612DF
 for <freebsd-stable@mailman.nyi.freebsd.org>;
 Tue,  2 Mar 2021 08:55:20 +0000 (UTC) (envelope-from avg@FreeBSD.org)
Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net
 [217.70.183.199])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4DqWDS19h6z3K4H
 for <freebsd-stable@freebsd.org>; Tue,  2 Mar 2021 08:55:19 +0000 (UTC)
 (envelope-from avg@FreeBSD.org)
X-Originating-IP: 195.64.148.76
Received: from [192.168.0.88] (unknown [195.64.148.76])
 (Authenticated sender: andriy.gapon@uabsd.com)
 by relay9-d.mail.gandi.net (Postfix) with ESMTPSA id 33FA7FF807;
 Tue,  2 Mar 2021 08:55:16 +0000 (UTC)
Subject: Re: Trying do mount a slice containing a r/o mounted partition makes
 the filesystem unreadable
To: Arrigo Marchiori <ardovm@yahoo.it>, freebsd-stable@freebsd.org
References: <YDpCaI/sNgHcf08n@nuvolo>
 <202102271443.11REhqps070102@nuc.oldach.net> <YDpmnBNO9J4e1p4C@nuvolo>
 <YD3uRz5wgf9lmvPH@nuvolo>
From: Andriy Gapon <avg@FreeBSD.org>
Message-ID: <4ccaadf5-922f-37ee-e3f5-9f02db60516e@FreeBSD.org>
Date: Tue, 2 Mar 2021 10:55:15 +0200
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101
 Firefox/78.0 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <YD3uRz5wgf9lmvPH@nuvolo>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4DqWDS19h6z3K4H
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [0.00 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 ASN(0.00)[asn:29169, ipnet:217.70.176.0/20, country:FR]
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2021 08:55:20 -0000

On 02/03/2021 09:50, Arrigo Marchiori via freebsd-stable wrote:
> Dear All,
> 
> On Sat, Feb 27, 2021 at 04:34:52PM +0100, Arrigo Marchiori via freebsd-stable wrote:
> 
>> Hello Helge, and thank you for replying again.
>>
>> On Sat, Feb 27, 2021 at 03:43:52PM +0100, Helge Oldach wrote:
>>
>>> Arrigo Marchiori via freebsd-stable wrote on Sat, 27 Feb 2021 14:00:24 +0100 (CET):
>>>> On the memstick, the root filesystem is mounted read-only.  I
>>>> apologize, I should have told it explicitly.  The ``invalid'' attempt
>>>> is to mount it read-write (no mode is indicated on the command line).
>>>
>>> Try to make it r/w mounted (which I suspect you are attempting to
>>> achieve):
>>>
>>> mount -uw /
>>
>> Ok, I will try this.
>>
>> But just for the record: I am not try to achieve anything.  I gave the
>> ``invalid'' mount command by mistake (I wanted to mount a partition
>> from another disk and wrote "da0" instead of "da1") and I saw that the
>> system became unstable. I thought that this should not happen and I
>> reported it here.
> 
> I have two updates.
> 
>  1- the da0s2a slice starts 16 (blocks?) after the beginning of da0s2.
>     bsdlabel(8) output (copied by hand):
> # /dev/da0s2:
> 8 partitions:
> #       size     offset    fstype    [fsize  bsize bps/cpg]
>   a: 1491200         16    4.2BSD         0      0     0
>   c: 1491216          0    unused         0      0     # "raw" part, don't edit
> 
>  2- if I mount the partition rw, then the mount command _always_ fails
>  with error "operation not permitted" and the system _always_ remains
>  stable. This is independent from mounting from /dev/ufs/label or
>  /dev/da0s2a.
> 
> Therefore I can change the description of this problem report as:
> 
> ----8<--------8<--------8<--------8<--------8<--------8<--------8<---------
> 
> When a BSD partition is mounted _read_only_ to / (suppose
> /dev/da0s2a), if I try to mount its containing slice (/dev/da0s2) I
> receive a ``strange'' error message, and from that moment the mounted
> filesystem becomes unreadable.
> 
>  - If the partition is mounted from /dev/ufs/label, then mount(8)
> reports "Operation not permitted" and the system remains stable.
> This is the expected behavior IMHO.
> 
>  - If the partition is mounted read_write, from any special device,
>    then mount(8) reports:
>      - "Operation not permitted" if I try to mount the slice rw,
>      - the same strange error message if I try to mount the slice ro,
>    and the system remains stable.
> 
>  - The "strange error message" is "invalid argument" on 11.4-STABLE.
> 
> ----8<--------8<--------8<--------8<--------8<--------8<--------8<---------
> 
> Now to the question: is this worth a PR? Was it already reported?  Or
> is it just something that ``should not happen'' because root should be
> allowed to shoot themselves in the foot?
> 
> Thank you in advance and best regards,

I think that this is worth a PR.
I think that even when mounting read-only the underlying GEOM object should be
marked for exclusive use.
I vaguely recall that UFS has some quirk in this respect to allow for
modifications by fsck.  That is supposed to be limited to the root filesystem.
Maybe it should further be limited to certain boot stages to prevent
foot-shooting after a system is fully booted.


-- 
Andriy Gapon