From: Kent Overstreet <kent.overstreet@linux.dev>
To: linux-bcachefs@vger.kernel.org
Cc: Kent Overstreet <kent.overstreet@linux.dev>,
syzbot+73ed43fbe826227bd4e0@syzkaller.appspotmail.com
Subject: [PATCH 21/34] bcachefs: Guard against journal seq overflow
Date: Fri, 29 Nov 2024 15:27:20 -0500 [thread overview]
Message-ID: <20241129202736.2713679-22-kent.overstreet@linux.dev> (raw)
In-Reply-To: <20241129202736.2713679-1-kent.overstreet@linux.dev>
Wraparound is impractical to handle since in various places we use 0 as
a sentinal value - but 64 bits (or 56, because the btree write buffer
steals a few bits) is enough for all practical purposes.
Reported-by: syzbot+73ed43fbe826227bd4e0@syzkaller.appspotmail.com
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
---
fs/bcachefs/journal.c | 9 +++++++++
fs/bcachefs/journal_types.h | 3 +++
2 files changed, 12 insertions(+)
diff --git a/fs/bcachefs/journal.c b/fs/bcachefs/journal.c
index 95cccda3b22c..dc66521964b7 100644
--- a/fs/bcachefs/journal.c
+++ b/fs/bcachefs/journal.c
@@ -382,6 +382,10 @@ static int journal_entry_open(struct journal *j)
if (nr_unwritten_journal_entries(j) == ARRAY_SIZE(j->buf))
return JOURNAL_ERR_max_in_flight;
+ if (bch2_fs_fatal_err_on(journal_cur_seq(j) >= JOURNAL_SEQ_MAX,
+ c, "cannot start: journal seq overflow"))
+ return JOURNAL_ERR_insufficient_devices; /* -EROFS */
+
BUG_ON(!j->cur_entry_sectors);
buf->expires =
@@ -1270,6 +1274,11 @@ int bch2_fs_journal_start(struct journal *j, u64 cur_seq)
bool had_entries = false;
u64 last_seq = cur_seq, nr, seq;
+ if (cur_seq >= JOURNAL_SEQ_MAX) {
+ bch_err(c, "cannot start: journal seq overflow");
+ return -EINVAL;
+ }
+
genradix_for_each_reverse(&c->journal_entries, iter, _i) {
i = *_i;
diff --git a/fs/bcachefs/journal_types.h b/fs/bcachefs/journal_types.h
index 425d1abb257e..e9bd716fbb71 100644
--- a/fs/bcachefs/journal_types.h
+++ b/fs/bcachefs/journal_types.h
@@ -9,6 +9,9 @@
#include "super_types.h"
#include "fifo.h"
+/* btree write buffer steals 8 bits for its own purposes: */
+#define JOURNAL_SEQ_MAX ((1ULL << 56) - 1)
+
#define JOURNAL_BUF_BITS 2
#define JOURNAL_BUF_NR (1U << JOURNAL_BUF_BITS)
#define JOURNAL_BUF_MASK (JOURNAL_BUF_NR - 1)
--
2.45.2
next prev parent reply other threads:[~2024-11-29 20:28 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-29 20:26 [PATCH 00/34] a whole raft of bugfixes Kent Overstreet
2024-11-29 20:27 ` [PATCH 01/34] bcachefs: BCH_ERR_btree_node_read_error_cached Kent Overstreet
2024-11-29 20:27 ` [PATCH 02/34] bcachefs: Use separate rhltable for bch2_inode_or_descendents_is_open() Kent Overstreet
2024-11-29 20:27 ` [PATCH 03/34] bcachefs: errcode cleanup: journal errors Kent Overstreet
2024-11-29 20:27 ` [PATCH 04/34] bcachefs: disk_accounting: bch2_dev_rcu -> bch2_dev_rcu_noerror Kent Overstreet
2024-11-29 20:27 ` [PATCH 05/34] bcachefs: Fix accounting_read when we rewind Kent Overstreet
2024-11-29 20:27 ` [PATCH 06/34] bcachefs: backpointer_to_missing_ptr is now autofix Kent Overstreet
2024-11-29 20:27 ` [PATCH 07/34] bcachefs: Fix btree node scan when unknown btree IDs are present Kent Overstreet
2024-11-29 20:27 ` [PATCH 08/34] bcachefs: Kill bch2_bucket_alloc_new_fs() Kent Overstreet
2024-11-29 20:27 ` [PATCH 09/34] bcachefs: Bad btree roots are now autofix Kent Overstreet
2024-11-29 20:27 ` [PATCH 10/34] bcachefs: Fix dup/misordered check in btree node read Kent Overstreet
2024-11-29 20:27 ` [PATCH 11/34] bcachefs: Don't try to en/decrypt when encryption not available Kent Overstreet
2024-11-29 20:27 ` [PATCH 12/34] bcachefs: Change "disk accounting version 0" check to commit only Kent Overstreet
2024-11-29 20:27 ` [PATCH 13/34] bcachefs: Fix bch2_btree_node_update_key_early() Kent Overstreet
2024-11-29 20:27 ` [PATCH 14/34] bcachefs: Go RW earlier, for normal rw mount Kent Overstreet
2024-11-29 20:27 ` [PATCH 15/34] bcachefs: Fix null ptr deref in btree_path_lock_root() Kent Overstreet
2024-11-29 20:27 ` [PATCH 16/34] bcachefs: Ignore empty btree root journal entries Kent Overstreet
2024-11-29 20:27 ` [PATCH 17/34] bcachefs: struct bkey_validate_context Kent Overstreet
2024-11-29 20:27 ` [PATCH 18/34] bcachefs: Make topology errors autofix Kent Overstreet
2024-11-29 20:27 ` [PATCH 19/34] bcachefs: BCH_FS_recovery_running Kent Overstreet
2024-11-29 20:27 ` [PATCH 20/34] bcachefs: dio write: Take ref on mm_struct when using asynchronously Kent Overstreet
2024-11-29 22:38 ` Jens Axboe
2024-12-05 1:55 ` Kent Overstreet
2024-11-29 20:27 ` Kent Overstreet [this message]
2024-11-29 20:27 ` [PATCH 22/34] bcachefs: Issue a transaction restart after commit in repair Kent Overstreet
2024-11-29 20:27 ` [PATCH 23/34] bcachefs: Guard against backpointers to unknown btrees Kent Overstreet
2024-11-29 20:27 ` [PATCH 24/34] bcachefs: Fix journal_iter list corruption Kent Overstreet
2024-11-29 20:27 ` [PATCH 25/34] bcachefs: add missing printbuf_reset() Kent Overstreet
2024-11-29 20:27 ` [PATCH 26/34] bcachefs: mark more errors AUTOFIX Kent Overstreet
2024-11-29 20:27 ` [PATCH 27/34] bcachefs: Don't error out when logging fsck error Kent Overstreet
2024-11-29 20:27 ` [PATCH 28/34] bcachefs: do_fsck_ask_yn() Kent Overstreet
2024-11-29 20:27 ` [PATCH 29/34] bcachefs: Check for bucket journal seq in the future Kent Overstreet
2024-11-29 20:27 ` [PATCH 30/34] bcachefs: Check for inode " Kent Overstreet
2024-11-29 20:27 ` [PATCH 31/34] bcachefs: cryptographic MACs on superblock are not (yet?) supported Kent Overstreet
2024-11-29 20:27 ` [PATCH 32/34] bcachefs: bch2_trans_relock() is trylock for lockdep Kent Overstreet
2024-11-29 20:27 ` [PATCH 33/34] bcachefs: Check for extent crc uncompressed/compressed size mismatch Kent Overstreet
2024-11-29 20:27 ` [PATCH 34/34] bcachefs: Don't recurse in check_discard_freespace_key Kent Overstreet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241129202736.2713679-22-kent.overstreet@linux.dev \
--to=kent.overstreet@linux.dev \
--cc=linux-bcachefs@vger.kernel.org \
--cc=syzbot+73ed43fbe826227bd4e0@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox