From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Qu Wenruo <wqu@suse.com>,
Nikolay Borisov <nborisov@suse.com>,
Su Yue <suy.fnst@cn.fujitsu.com>, David Sterba <dsterba@suse.com>,
Ben Hutchings <ben.hutchings@codethink.co.uk>
Subject: [PATCH 4.4 23/51] btrfs: tree-checker: Add checker for dir item
Date: Tue, 15 Jan 2019 17:35:19 +0100 [thread overview]
Message-ID: <20190115154849.982067263@linuxfoundation.org> (raw)
In-Reply-To: <20190115154846.928796000@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
commit ad7b0368f33cffe67fecd302028915926e50ef7e upstream.
Add checker for dir item, for key types DIR_ITEM, DIR_INDEX and
XATTR_ITEM.
This checker does comprehensive checks for:
1) dir_item header and its data size
Against item boundary and maximum name/xattr length.
This part is mostly the same as old verify_dir_item().
2) dir_type
Against maximum file types, and against key type.
Since XATTR key should only have FT_XATTR dir item, and normal dir
item type should not have XATTR key.
The check between key->type and dir_type is newly introduced by this
patch.
3) name hash
For XATTR and DIR_ITEM key, key->offset is name hash (crc32c).
Check the hash of the name against the key to ensure it's correct.
The name hash check is only found in btrfs-progs before this patch.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Su Yue <suy.fnst@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4: BTRFS_MAX_XATTR_SIZE() takes a root instead of an
fs_info, and yields a value of type size_t instead of unsigned int]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-checker.c | 141 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 141 insertions(+)
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -30,6 +30,7 @@
#include "tree-checker.h"
#include "disk-io.h"
#include "compression.h"
+#include "hash.h"
#define CORRUPT(reason, eb, root, slot) \
btrfs_crit(root->fs_info, \
@@ -176,6 +177,141 @@ static int check_csum_item(struct btrfs_
}
/*
+ * Customized reported for dir_item, only important new info is key->objectid,
+ * which represents inode number
+ */
+__printf(4, 5)
+static void dir_item_err(const struct btrfs_root *root,
+ const struct extent_buffer *eb, int slot,
+ const char *fmt, ...)
+{
+ struct btrfs_key key;
+ struct va_format vaf;
+ va_list args;
+
+ btrfs_item_key_to_cpu(eb, &key, slot);
+ va_start(args, fmt);
+
+ vaf.fmt = fmt;
+ vaf.va = &args;
+
+ btrfs_crit(root->fs_info,
+ "corrupt %s: root=%llu block=%llu slot=%d ino=%llu, %pV",
+ btrfs_header_level(eb) == 0 ? "leaf" : "node", root->objectid,
+ btrfs_header_bytenr(eb), slot, key.objectid, &vaf);
+ va_end(args);
+}
+
+static int check_dir_item(struct btrfs_root *root,
+ struct extent_buffer *leaf,
+ struct btrfs_key *key, int slot)
+{
+ struct btrfs_dir_item *di;
+ u32 item_size = btrfs_item_size_nr(leaf, slot);
+ u32 cur = 0;
+
+ di = btrfs_item_ptr(leaf, slot, struct btrfs_dir_item);
+ while (cur < item_size) {
+ char namebuf[max(BTRFS_NAME_LEN, XATTR_NAME_MAX)];
+ u32 name_len;
+ u32 data_len;
+ u32 max_name_len;
+ u32 total_size;
+ u32 name_hash;
+ u8 dir_type;
+
+ /* header itself should not cross item boundary */
+ if (cur + sizeof(*di) > item_size) {
+ dir_item_err(root, leaf, slot,
+ "dir item header crosses item boundary, have %lu boundary %u",
+ cur + sizeof(*di), item_size);
+ return -EUCLEAN;
+ }
+
+ /* dir type check */
+ dir_type = btrfs_dir_type(leaf, di);
+ if (dir_type >= BTRFS_FT_MAX) {
+ dir_item_err(root, leaf, slot,
+ "invalid dir item type, have %u expect [0, %u)",
+ dir_type, BTRFS_FT_MAX);
+ return -EUCLEAN;
+ }
+
+ if (key->type == BTRFS_XATTR_ITEM_KEY &&
+ dir_type != BTRFS_FT_XATTR) {
+ dir_item_err(root, leaf, slot,
+ "invalid dir item type for XATTR key, have %u expect %u",
+ dir_type, BTRFS_FT_XATTR);
+ return -EUCLEAN;
+ }
+ if (dir_type == BTRFS_FT_XATTR &&
+ key->type != BTRFS_XATTR_ITEM_KEY) {
+ dir_item_err(root, leaf, slot,
+ "xattr dir type found for non-XATTR key");
+ return -EUCLEAN;
+ }
+ if (dir_type == BTRFS_FT_XATTR)
+ max_name_len = XATTR_NAME_MAX;
+ else
+ max_name_len = BTRFS_NAME_LEN;
+
+ /* Name/data length check */
+ name_len = btrfs_dir_name_len(leaf, di);
+ data_len = btrfs_dir_data_len(leaf, di);
+ if (name_len > max_name_len) {
+ dir_item_err(root, leaf, slot,
+ "dir item name len too long, have %u max %u",
+ name_len, max_name_len);
+ return -EUCLEAN;
+ }
+ if (name_len + data_len > BTRFS_MAX_XATTR_SIZE(root)) {
+ dir_item_err(root, leaf, slot,
+ "dir item name and data len too long, have %u max %zu",
+ name_len + data_len,
+ BTRFS_MAX_XATTR_SIZE(root));
+ return -EUCLEAN;
+ }
+
+ if (data_len && dir_type != BTRFS_FT_XATTR) {
+ dir_item_err(root, leaf, slot,
+ "dir item with invalid data len, have %u expect 0",
+ data_len);
+ return -EUCLEAN;
+ }
+
+ total_size = sizeof(*di) + name_len + data_len;
+
+ /* header and name/data should not cross item boundary */
+ if (cur + total_size > item_size) {
+ dir_item_err(root, leaf, slot,
+ "dir item data crosses item boundary, have %u boundary %u",
+ cur + total_size, item_size);
+ return -EUCLEAN;
+ }
+
+ /*
+ * Special check for XATTR/DIR_ITEM, as key->offset is name
+ * hash, should match its name
+ */
+ if (key->type == BTRFS_DIR_ITEM_KEY ||
+ key->type == BTRFS_XATTR_ITEM_KEY) {
+ read_extent_buffer(leaf, namebuf,
+ (unsigned long)(di + 1), name_len);
+ name_hash = btrfs_name_hash(namebuf, name_len);
+ if (key->offset != name_hash) {
+ dir_item_err(root, leaf, slot,
+ "name hash mismatch with key, have 0x%016x expect 0x%016llx",
+ name_hash, key->offset);
+ return -EUCLEAN;
+ }
+ }
+ cur += total_size;
+ di = (struct btrfs_dir_item *)((void *)di + total_size);
+ }
+ return 0;
+}
+
+/*
* Common point to switch the item-specific validation.
*/
static int check_leaf_item(struct btrfs_root *root,
@@ -191,6 +327,11 @@ static int check_leaf_item(struct btrfs_
case BTRFS_EXTENT_CSUM_KEY:
ret = check_csum_item(root, leaf, key, slot);
break;
+ case BTRFS_DIR_ITEM_KEY:
+ case BTRFS_DIR_INDEX_KEY:
+ case BTRFS_XATTR_ITEM_KEY:
+ ret = check_dir_item(root, leaf, key, slot);
+ break;
}
return ret;
}
next prev parent reply other threads:[~2019-01-15 16:59 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 16:34 [PATCH 4.4 00/51] 4.4.171-stable review Greg Kroah-Hartman
2019-01-15 16:34 ` [PATCH 4.4 01/51] ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 Greg Kroah-Hartman
2019-01-15 16:34 ` [PATCH 4.4 02/51] btrfs: cleanup, stop casting for extent_map->lookup everywhere Greg Kroah-Hartman
2019-01-15 16:34 ` [PATCH 4.4 03/51] btrfs: Enhance chunk validation check Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 04/51] Btrfs: add validadtion checks for chunk loading Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 05/51] Btrfs: check inconsistence between chunk and block group Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 06/51] Btrfs: fix em leak in find_first_block_group Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 07/51] Btrfs: detect corruption when non-root leaf has zero item Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 08/51] Btrfs: check btree nodes nritems Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 09/51] Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 10/51] Btrfs: memset to avoid stale content in btree node block Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 11/51] Btrfs: improve check_node to avoid reading corrupted nodes Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 12/51] Btrfs: kill BUG_ON in run_delayed_tree_ref Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 13/51] Btrfs: memset to avoid stale content in btree leaf Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 14/51] Btrfs: fix emptiness check for dirtied extent buffers at check_leaf() Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 15/51] btrfs: struct-funcs, constify readers Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 16/51] btrfs: Refactor check_leaf function for later expansion Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 17/51] btrfs: Check if item pointer overlaps with the item itself Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 18/51] btrfs: Add sanity check for EXTENT_DATA when reading out leaf Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 19/51] btrfs: Add checker for EXTENT_CSUM Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 20/51] btrfs: Move leaf and node validation checker to tree-checker.c Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 21/51] btrfs: tree-checker: Enhance btrfs_check_node output Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 22/51] btrfs: tree-checker: Fix false panic for sanity test Greg Kroah-Hartman
2019-01-15 16:35 ` Greg Kroah-Hartman [this message]
2019-01-15 16:35 ` [PATCH 4.4 24/51] btrfs: tree-checker: use %zu format string for size_t Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 25/51] btrfs: tree-check: reduce stack consumption in check_dir_item Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 26/51] btrfs: tree-checker: Verify block_group_item Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 27/51] btrfs: tree-checker: Detect invalid and empty essential trees Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 28/51] btrfs: validate type when reading a chunk Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 29/51] btrfs: Check that each block group has corresponding chunk at mount time Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 30/51] btrfs: Verify that every chunk has corresponding block group " Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 31/51] btrfs: tree-checker: Check level for leaves and nodes Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 32/51] btrfs: tree-checker: Fix misleading group system information Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 33/51] CIFS: Do not hide EINTR after sending network packets Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 34/51] cifs: Fix potential OOB access of lock element array Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 35/51] usb: cdc-acm: send ZLP for Telit 3G Intel based modems Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 36/51] USB: storage: dont insert sane sense for SPC3+ when bad sense specified Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 37/51] USB: storage: add quirk for SMI SM3350 Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 38/51] USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 39/51] slab: alien caches must not be initialized if the allocation of the alien cache failed Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 40/51] PCI: altera: Fix altera_pcie_link_is_up() Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 41/51] PCI: altera: Reorder read/write functions Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 42/51] PCI: altera: Check link status before retrain link Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 43/51] PCI: altera: Poll for link up status after retraining the link Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 44/51] PCI: altera: Poll for link training " Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 45/51] PCI: altera: Rework config accessors for use without a struct pci_bus Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 46/51] PCI: altera: Move retrain from fixup to altera_pcie_host_init() Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 47/51] ACPI: power: Skip duplicate power resource references in _PRx Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 48/51] i2c: dev: prevent adapter retries and timeout being set as minus value Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 49/51] crypto: cts - fix crash on short inputs Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 50/51] ext4: fix a potential fiemap/page fault deadlock w/ inline_data Greg Kroah-Hartman
2019-01-15 16:35 ` [PATCH 4.4 51/51] sunrpc: use-after-free in svc_process_common() Greg Kroah-Hartman
2019-01-16 1:24 ` [PATCH 4.4 00/51] 4.4.171-stable review shuah
2019-01-16 11:55 ` Naresh Kamboju
2019-01-16 20:36 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190115154849.982067263@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ben.hutchings@codethink.co.uk \
--cc=dsterba@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nborisov@suse.com \
--cc=stable@vger.kernel.org \
--cc=suy.fnst@cn.fujitsu.com \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.