From: Qu Wenruo <quwenruo@cn.fujitsu.com>
To: <linux-btrfs@vger.kernel.org>
Subject: Re: [PATCH 1/2] btrfs: Add more check before read_extent_buffer() to avoid read overflow.
Date: Thu, 23 Oct 2014 15:31:15 +0800 [thread overview]
Message-ID: <5448AEC3.2080308@cn.fujitsu.com> (raw)
In-Reply-To: <1411012892-17481-1-git-send-email-quwenruo@cn.fujitsu.com>
I'm sorry that this patch is not needed since inline extent will not go
into this routine,
so no overflow.
Please ignore the patch,
Thanks,
Qu
-------- Original Message --------
Subject: [PATCH 1/2] btrfs: Add more check before read_extent_buffer()
to avoid read overflow.
From: Qu Wenruo <quwenruo@cn.fujitsu.com>
To: <linux-btrfs@vger.kernel.org>
Date: 2014年09月18日 12:01
> Before this patch, when replay_one_extent() find an existing file
> extent item, btrfs will call read_extent_buffer() to read out the file
> extent.
> However it lacks enough check, and may read out the inline file extent
> using the wrong size(currently it always uses
> sizeof(btrfs_file_extent_item))
>
> If a inline file extent's size is smaller than normal file extent
> size(53 bytes) and unfortunately the inline file extent lies at the end
> of a full leaf, WARN_ON in read_extent_buffer() will be triggered.
>
> This patch will check the file extent type before calling
> read_extent_buffer(), since the if the logged one and the existing one
> are all preallocated/regular file extent item, their size must be
> sizeof(struct btrfs_file_extent_item) and will avoid the read overflow.
>
> Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
> ---
> fs/btrfs/tree-log.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
> index 7e0e6e3..1ea2b10 100644
> --- a/fs/btrfs/tree-log.c
> +++ b/fs/btrfs/tree-log.c
> @@ -620,6 +620,8 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans,
> existing = btrfs_item_ptr(leaf, path->slots[0],
> struct btrfs_file_extent_item);
>
> + if (btrfs_file_extent_type(leaf, existing) != found_type)
> + goto no_compare;
> read_extent_buffer(eb, &cmp1, (unsigned long)item,
> sizeof(cmp1));
> read_extent_buffer(leaf, &cmp2, (unsigned long)existing,
> @@ -634,6 +636,7 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans,
> goto out;
> }
> }
> +no_compare:
> btrfs_release_path(path);
>
> /* drop any overlapping extents */
prev parent reply other threads:[~2014-10-23 7:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-18 4:01 [PATCH 1/2] btrfs: Add more check before read_extent_buffer() to avoid read overflow Qu Wenruo
2014-09-18 4:01 ` [PATCH 2/2] btrfs: Add support for nocow write into prealloc space with compression Qu Wenruo
2014-11-06 2:46 ` Qu Wenruo
2014-10-23 7:31 ` Qu Wenruo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5448AEC3.2080308@cn.fujitsu.com \
--to=quwenruo@cn.fujitsu.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.