ext4: prohibit fstrim in norecovery mode The ext4 fstrim implementation uses the block bitmaps to find free space that can be discarded. If we haven't replayed the journal, the bitmaps will be stale and we absolutely *cannot* use stale metadata to zap the underlying storage. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>

commit: 18915b5873f07e5030e6fb108a050fa7c71c59fb [log] [tgz]
author: Darrick J. Wong <darrick.wong@oracle.com> Sat Mar 23 12:10:29 2019 -0400
committer: Theodore Ts'o <tytso@mit.edu> Sat Mar 23 12:10:29 2019 -0400
tree: fab8aa9846d7b0b6d835191ecf9d59ea05c29f30
parent: 5e86bdda41534e17621d5a071b294943cae4376e [diff] [blame]
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index eb8ca8d..7343544 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c

@@ -1000,6 +1000,13 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 		if (!blk_queue_discard(q))
 			return -EOPNOTSUPP;
 
+		/*
+		 * We haven't replayed the journal, so we cannot use our
+		 * block-bitmap-guided storage zapping commands.
+		 */
+		if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
+			return -EROFS;
+
 		if (copy_from_user(&range, (struct fstrim_range __user *)arg,
 		    sizeof(range)))
 			return -EFAULT;
commit	18915b5873f07e5030e6fb108a050fa7c71c59fb	[log] [tgz]
author	Darrick J. Wong <darrick.wong@oracle.com>	Sat Mar 23 12:10:29 2019 -0400
committer	Theodore Ts'o <tytso@mit.edu>	Sat Mar 23 12:10:29 2019 -0400
tree	fab8aa9846d7b0b6d835191ecf9d59ea05c29f30
parent	5e86bdda41534e17621d5a071b294943cae4376e [diff] [blame]