udf: disallow RW mount without valid integrity descriptor

Refuse to mount a volume read-write without a coherent Logical Volume
Integrity Descriptor, because we can't generate truly unique IDs without
one.

This fixes a bug where all inodes created on a UDF filesystem following
mount without a coherent LVID are assigned unique ID 0 which can then
confuse other UDF implementations.

Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Signed-off-by: Jan Kara <jack@suse.cz>

diff --git a/fs/udf/super.c b/fs/udf/super.c
index 2cf435c..a6940d9 100644 (file)
--- a/fs/udf/super.c
+++ b/fs/udf/super.c
@@ -1474,6 +1474,17 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
        if (lvd->integritySeqExt.extLength)
                udf_load_logicalvolint(sb, leea_to_cpu(lvd->integritySeqExt));
        ret = 0;
+
+       if (!sbi->s_lvid_bh) {
+               /* We can't generate unique IDs without a valid LVID */
+               if (sb_rdonly(sb)) {
+                       UDF_SET_FLAG(sb, UDF_FLAG_RW_INCOMPAT);
+               } else {
+                       udf_warn(sb, "Damaged or missing LVID, forcing "
+                                    "readonly mount\n");
+                       ret = -EACCES;
+               }
+       }
 out_bh:
        brelse(bh);
        return ret;