From: Kent Overstreet <kent.overstreet@linux.dev>
To: linux-bcachefs@vger.kernel.org
Cc: Kent Overstreet <kent.overstreet@linux.dev>,
syzbot+026f1857b12f5eb3f9e9@syzkaller.appspotmail.com
Subject: [PATCH 11/34] bcachefs: Don't try to en/decrypt when encryption not available
Date: Fri, 29 Nov 2024 15:27:10 -0500 [thread overview]
Message-ID: <20241129202736.2713679-12-kent.overstreet@linux.dev> (raw)
In-Reply-To: <20241129202736.2713679-1-kent.overstreet@linux.dev>
If a btree node says it's encrypted, but the superblock never had an
encryptino key - whoops, that needs to be handled.
Reported-by: syzbot+026f1857b12f5eb3f9e9@syzkaller.appspotmail.com
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
---
fs/bcachefs/btree_io.c | 116 +++++++++++++++++-----------------
fs/bcachefs/btree_node_scan.c | 3 +
fs/bcachefs/checksum.c | 10 ++-
fs/bcachefs/errcode.h | 1 +
fs/bcachefs/io_read.c | 14 +++-
5 files changed, 83 insertions(+), 61 deletions(-)
diff --git a/fs/bcachefs/btree_io.c b/fs/bcachefs/btree_io.c
index 2b5da566fbac..5407f1212b4f 100644
--- a/fs/bcachefs/btree_io.c
+++ b/fs/bcachefs/btree_io.c
@@ -1045,39 +1045,50 @@ int bch2_btree_node_read_done(struct bch_fs *c, struct bch_dev *ca,
while (b->written < (ptr_written ?: btree_sectors(c))) {
unsigned sectors;
- struct nonce nonce;
bool first = !b->written;
- bool csum_bad;
- if (!b->written) {
+ if (first) {
i = &b->data->keys;
+ } else {
+ bne = write_block(b);
+ i = &bne->keys;
- btree_err_on(!bch2_checksum_type_valid(c, BSET_CSUM_TYPE(i)),
- -BCH_ERR_btree_node_read_err_want_retry,
- c, ca, b, i, NULL,
- bset_unknown_csum,
- "unknown checksum type %llu", BSET_CSUM_TYPE(i));
-
- nonce = btree_nonce(i, b->written << 9);
+ if (i->seq != b->data->keys.seq)
+ break;
+ }
- struct bch_csum csum = csum_vstruct(c, BSET_CSUM_TYPE(i), nonce, b->data);
- csum_bad = bch2_crc_cmp(b->data->csum, csum);
- if (csum_bad)
- bch2_io_error(ca, BCH_MEMBER_ERROR_checksum);
+ struct nonce nonce = btree_nonce(i, b->written << 9);
+ bool good_csum_type = bch2_checksum_type_valid(c, BSET_CSUM_TYPE(i));
- btree_err_on(csum_bad,
- -BCH_ERR_btree_node_read_err_want_retry,
- c, ca, b, i, NULL,
- bset_bad_csum,
- "%s",
- (printbuf_reset(&buf),
- bch2_csum_err_msg(&buf, BSET_CSUM_TYPE(i), b->data->csum, csum),
- buf.buf));
-
- ret = bset_encrypt(c, i, b->written << 9);
- if (bch2_fs_fatal_err_on(ret, c,
- "decrypting btree node: %s", bch2_err_str(ret)))
- goto fsck_err;
+ btree_err_on(!good_csum_type,
+ bch2_csum_type_is_encryption(BSET_CSUM_TYPE(i))
+ ? -BCH_ERR_btree_node_read_err_must_retry
+ : -BCH_ERR_btree_node_read_err_want_retry,
+ c, ca, b, i, NULL,
+ bset_unknown_csum,
+ "unknown checksum type %llu", BSET_CSUM_TYPE(i));
+
+ if (first) {
+ if (good_csum_type) {
+ struct bch_csum csum = csum_vstruct(c, BSET_CSUM_TYPE(i), nonce, b->data);
+ bool csum_bad = bch2_crc_cmp(b->data->csum, csum);
+ if (csum_bad)
+ bch2_io_error(ca, BCH_MEMBER_ERROR_checksum);
+
+ btree_err_on(csum_bad,
+ -BCH_ERR_btree_node_read_err_want_retry,
+ c, ca, b, i, NULL,
+ bset_bad_csum,
+ "%s",
+ (printbuf_reset(&buf),
+ bch2_csum_err_msg(&buf, BSET_CSUM_TYPE(i), b->data->csum, csum),
+ buf.buf));
+
+ ret = bset_encrypt(c, i, b->written << 9);
+ if (bch2_fs_fatal_err_on(ret, c,
+ "decrypting btree node: %s", bch2_err_str(ret)))
+ goto fsck_err;
+ }
btree_err_on(btree_node_type_is_extents(btree_node_type(b)) &&
!BTREE_NODE_NEW_EXTENT_OVERWRITE(b->data),
@@ -1088,37 +1099,26 @@ int bch2_btree_node_read_done(struct bch_fs *c, struct bch_dev *ca,
sectors = vstruct_sectors(b->data, c->block_bits);
} else {
- bne = write_block(b);
- i = &bne->keys;
-
- if (i->seq != b->data->keys.seq)
- break;
-
- btree_err_on(!bch2_checksum_type_valid(c, BSET_CSUM_TYPE(i)),
- -BCH_ERR_btree_node_read_err_want_retry,
- c, ca, b, i, NULL,
- bset_unknown_csum,
- "unknown checksum type %llu", BSET_CSUM_TYPE(i));
-
- nonce = btree_nonce(i, b->written << 9);
- struct bch_csum csum = csum_vstruct(c, BSET_CSUM_TYPE(i), nonce, bne);
- csum_bad = bch2_crc_cmp(bne->csum, csum);
- if (ca && csum_bad)
- bch2_io_error(ca, BCH_MEMBER_ERROR_checksum);
-
- btree_err_on(csum_bad,
- -BCH_ERR_btree_node_read_err_want_retry,
- c, ca, b, i, NULL,
- bset_bad_csum,
- "%s",
- (printbuf_reset(&buf),
- bch2_csum_err_msg(&buf, BSET_CSUM_TYPE(i), bne->csum, csum),
- buf.buf));
-
- ret = bset_encrypt(c, i, b->written << 9);
- if (bch2_fs_fatal_err_on(ret, c,
- "decrypting btree node: %s", bch2_err_str(ret)))
- goto fsck_err;
+ if (good_csum_type) {
+ struct bch_csum csum = csum_vstruct(c, BSET_CSUM_TYPE(i), nonce, bne);
+ bool csum_bad = bch2_crc_cmp(bne->csum, csum);
+ if (ca && csum_bad)
+ bch2_io_error(ca, BCH_MEMBER_ERROR_checksum);
+
+ btree_err_on(csum_bad,
+ -BCH_ERR_btree_node_read_err_want_retry,
+ c, ca, b, i, NULL,
+ bset_bad_csum,
+ "%s",
+ (printbuf_reset(&buf),
+ bch2_csum_err_msg(&buf, BSET_CSUM_TYPE(i), bne->csum, csum),
+ buf.buf));
+
+ ret = bset_encrypt(c, i, b->written << 9);
+ if (bch2_fs_fatal_err_on(ret, c,
+ "decrypting btree node: %s", bch2_err_str(ret)))
+ goto fsck_err;
+ }
sectors = vstruct_sectors(bne, c->block_bits);
}
diff --git a/fs/bcachefs/btree_node_scan.c b/fs/bcachefs/btree_node_scan.c
index 4b4df31d4b95..327f1a1859b9 100644
--- a/fs/bcachefs/btree_node_scan.c
+++ b/fs/bcachefs/btree_node_scan.c
@@ -159,6 +159,9 @@ static void try_read_btree_node(struct find_btree_nodes *f, struct bch_dev *ca,
return;
if (bch2_csum_type_is_encryption(BSET_CSUM_TYPE(&bn->keys))) {
+ if (!c->chacha20)
+ return;
+
struct nonce nonce = btree_nonce(&bn->keys, 0);
unsigned bytes = (void *) &bn->keys - (void *) &bn->flags;
diff --git a/fs/bcachefs/checksum.c b/fs/bcachefs/checksum.c
index ce8fc677bef9..23a383577d4c 100644
--- a/fs/bcachefs/checksum.c
+++ b/fs/bcachefs/checksum.c
@@ -2,6 +2,7 @@
#include "bcachefs.h"
#include "checksum.h"
#include "errcode.h"
+#include "error.h"
#include "super.h"
#include "super-io.h"
@@ -252,6 +253,10 @@ int bch2_encrypt(struct bch_fs *c, unsigned type,
if (!bch2_csum_type_is_encryption(type))
return 0;
+ if (bch2_fs_inconsistent_on(!c->chacha20,
+ c, "attempting to encrypt without encryption key"))
+ return -BCH_ERR_no_encryption_key;
+
return do_encrypt(c->chacha20, nonce, data, len);
}
@@ -337,8 +342,9 @@ int __bch2_encrypt_bio(struct bch_fs *c, unsigned type,
size_t sgl_len = 0;
int ret = 0;
- if (!bch2_csum_type_is_encryption(type))
- return 0;
+ if (bch2_fs_inconsistent_on(!c->chacha20,
+ c, "attempting to encrypt without encryption key"))
+ return -BCH_ERR_no_encryption_key;
darray_init(&sgl);
diff --git a/fs/bcachefs/errcode.h b/fs/bcachefs/errcode.h
index c989ce4f715f..a12050e9c191 100644
--- a/fs/bcachefs/errcode.h
+++ b/fs/bcachefs/errcode.h
@@ -260,6 +260,7 @@
x(EIO, no_device_to_read_from) \
x(EIO, missing_indirect_extent) \
x(EIO, invalidate_stripe_to_dev) \
+ x(EIO, no_encryption_key) \
x(BCH_ERR_btree_node_read_err, btree_node_read_err_fixable) \
x(BCH_ERR_btree_node_read_err, btree_node_read_err_want_retry) \
x(BCH_ERR_btree_node_read_err, btree_node_read_err_must_retry) \
diff --git a/fs/bcachefs/io_read.c b/fs/bcachefs/io_read.c
index eb8d12fd6398..4b6b6d25725b 100644
--- a/fs/bcachefs/io_read.c
+++ b/fs/bcachefs/io_read.c
@@ -830,7 +830,7 @@ int __bch2_read_extent(struct btree_trans *trans, struct bch_read_bio *orig,
if (!pick_ret)
goto hole;
- if (pick_ret < 0) {
+ if (unlikely(pick_ret < 0)) {
struct printbuf buf = PRINTBUF;
bch2_bkey_val_to_text(&buf, c, k);
@@ -843,6 +843,18 @@ int __bch2_read_extent(struct btree_trans *trans, struct bch_read_bio *orig,
goto err;
}
+ if (unlikely(bch2_csum_type_is_encryption(pick.crc.csum_type)) && !c->chacha20) {
+ struct printbuf buf = PRINTBUF;
+ bch2_bkey_val_to_text(&buf, c, k);
+
+ bch_err_inum_offset_ratelimited(c,
+ read_pos.inode, read_pos.offset << 9,
+ "attempting to read encrypted data without encryption key\n %s",
+ buf.buf);
+ printbuf_exit(&buf);
+ goto err;
+ }
+
struct bch_dev *ca = bch2_dev_get_ioref(c, pick.ptr.dev, READ);
/*
--
2.45.2
next prev parent reply other threads:[~2024-11-29 20:27 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-29 20:26 [PATCH 00/34] a whole raft of bugfixes Kent Overstreet
2024-11-29 20:27 ` [PATCH 01/34] bcachefs: BCH_ERR_btree_node_read_error_cached Kent Overstreet
2024-11-29 20:27 ` [PATCH 02/34] bcachefs: Use separate rhltable for bch2_inode_or_descendents_is_open() Kent Overstreet
2024-11-29 20:27 ` [PATCH 03/34] bcachefs: errcode cleanup: journal errors Kent Overstreet
2024-11-29 20:27 ` [PATCH 04/34] bcachefs: disk_accounting: bch2_dev_rcu -> bch2_dev_rcu_noerror Kent Overstreet
2024-11-29 20:27 ` [PATCH 05/34] bcachefs: Fix accounting_read when we rewind Kent Overstreet
2024-11-29 20:27 ` [PATCH 06/34] bcachefs: backpointer_to_missing_ptr is now autofix Kent Overstreet
2024-11-29 20:27 ` [PATCH 07/34] bcachefs: Fix btree node scan when unknown btree IDs are present Kent Overstreet
2024-11-29 20:27 ` [PATCH 08/34] bcachefs: Kill bch2_bucket_alloc_new_fs() Kent Overstreet
2024-11-29 20:27 ` [PATCH 09/34] bcachefs: Bad btree roots are now autofix Kent Overstreet
2024-11-29 20:27 ` [PATCH 10/34] bcachefs: Fix dup/misordered check in btree node read Kent Overstreet
2024-11-29 20:27 ` Kent Overstreet [this message]
2024-11-29 20:27 ` [PATCH 12/34] bcachefs: Change "disk accounting version 0" check to commit only Kent Overstreet
2024-11-29 20:27 ` [PATCH 13/34] bcachefs: Fix bch2_btree_node_update_key_early() Kent Overstreet
2024-11-29 20:27 ` [PATCH 14/34] bcachefs: Go RW earlier, for normal rw mount Kent Overstreet
2024-11-29 20:27 ` [PATCH 15/34] bcachefs: Fix null ptr deref in btree_path_lock_root() Kent Overstreet
2024-11-29 20:27 ` [PATCH 16/34] bcachefs: Ignore empty btree root journal entries Kent Overstreet
2024-11-29 20:27 ` [PATCH 17/34] bcachefs: struct bkey_validate_context Kent Overstreet
2024-11-29 20:27 ` [PATCH 18/34] bcachefs: Make topology errors autofix Kent Overstreet
2024-11-29 20:27 ` [PATCH 19/34] bcachefs: BCH_FS_recovery_running Kent Overstreet
2024-11-29 20:27 ` [PATCH 20/34] bcachefs: dio write: Take ref on mm_struct when using asynchronously Kent Overstreet
2024-11-29 22:38 ` Jens Axboe
2024-12-05 1:55 ` Kent Overstreet
2024-11-29 20:27 ` [PATCH 21/34] bcachefs: Guard against journal seq overflow Kent Overstreet
2024-11-29 20:27 ` [PATCH 22/34] bcachefs: Issue a transaction restart after commit in repair Kent Overstreet
2024-11-29 20:27 ` [PATCH 23/34] bcachefs: Guard against backpointers to unknown btrees Kent Overstreet
2024-11-29 20:27 ` [PATCH 24/34] bcachefs: Fix journal_iter list corruption Kent Overstreet
2024-11-29 20:27 ` [PATCH 25/34] bcachefs: add missing printbuf_reset() Kent Overstreet
2024-11-29 20:27 ` [PATCH 26/34] bcachefs: mark more errors AUTOFIX Kent Overstreet
2024-11-29 20:27 ` [PATCH 27/34] bcachefs: Don't error out when logging fsck error Kent Overstreet
2024-11-29 20:27 ` [PATCH 28/34] bcachefs: do_fsck_ask_yn() Kent Overstreet
2024-11-29 20:27 ` [PATCH 29/34] bcachefs: Check for bucket journal seq in the future Kent Overstreet
2024-11-29 20:27 ` [PATCH 30/34] bcachefs: Check for inode " Kent Overstreet
2024-11-29 20:27 ` [PATCH 31/34] bcachefs: cryptographic MACs on superblock are not (yet?) supported Kent Overstreet
2024-11-29 20:27 ` [PATCH 32/34] bcachefs: bch2_trans_relock() is trylock for lockdep Kent Overstreet
2024-11-29 20:27 ` [PATCH 33/34] bcachefs: Check for extent crc uncompressed/compressed size mismatch Kent Overstreet
2024-11-29 20:27 ` [PATCH 34/34] bcachefs: Don't recurse in check_discard_freespace_key Kent Overstreet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241129202736.2713679-12-kent.overstreet@linux.dev \
--to=kent.overstreet@linux.dev \
--cc=linux-bcachefs@vger.kernel.org \
--cc=syzbot+026f1857b12f5eb3f9e9@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox