Re: [PATCH v2 3/9] btrfs: Check name len on add_inode_ref call path

linux-btrfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Nikolay Borisov <nborisov@suse.com>
To: Su Yue <suy.fnst@cn.fujitsu.com>, linux-btrfs@vger.kernel.org
Cc: dsterba@suse.cz
Subject: Re: [PATCH v2 3/9] btrfs: Check name len on add_inode_ref call path
Date: Thu, 1 Jun 2017 12:53:53 +0300	[thread overview]
Message-ID: <08abcc0c-c17c-23e9-96e6-48c48a287a83@suse.com> (raw)
In-Reply-To: <20170601085716.25898-4-suy.fnst@cn.fujitsu.com>



On  1.06.2017 11:57, Su Yue wrote:
> 'add_inode_ref' calls 'ref_get_fields' and 'extref_get_fields' to read
> ref/extref name. Check namelen before read in those two.
> 
> The call path also includes 'btrfs_match_dir_item_name' to read
> dir_item name in the parent dir.
> Change it to verify every dir item while doing matches.
> 
> Signed-off-by: Su Yue <suy.fnst@cn.fujitsu.com>
> ---
>  fs/btrfs/dir-item.c |  4 ++--
>  fs/btrfs/tree-log.c | 27 ++++++++++++++++++---------
>  2 files changed, 20 insertions(+), 11 deletions(-)
> 
> diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c
> index f9d1ca76ca04..38dc5176cc5b 100644
> --- a/fs/btrfs/dir-item.c
> +++ b/fs/btrfs/dir-item.c
> @@ -395,8 +395,6 @@ struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info,
>  
>  	leaf = path->nodes[0];
>  	dir_item = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_dir_item);
> -	if (verify_dir_item(fs_info, leaf, path->slots[0], dir_item))
> -		return NULL;
>  
>  	total_len = btrfs_item_size_nr(leaf, path->slots[0]);
>  	while (cur < total_len) {
> @@ -405,6 +403,8 @@ struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info,
>  			btrfs_dir_data_len(leaf, dir_item);
>  		name_ptr = (unsigned long)(dir_item + 1);
>  
> +		if (verify_dir_item(fs_info, leaf, path->slots[0], dir_item))
> +			return NULL;
>  		if (btrfs_dir_name_len(leaf, dir_item) == name_len &&
>  		    memcmp_extent_buffer(leaf, name, name_ptr, name_len) == 0)
>  			return dir_item;
> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
> index 1930f28edcdd..7d98858df44f 100644
> --- a/fs/btrfs/tree-log.c
> +++ b/fs/btrfs/tree-log.c
> @@ -1175,15 +1175,19 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans,
>  	return 0;
>  }
>  
> -static int extref_get_fields(struct extent_buffer *eb, unsigned long ref_ptr,
> -			     u32 *namelen, char **name, u64 *index,
> -			     u64 *parent_objectid)
> +static int extref_get_fields(struct extent_buffer *eb, int slot,
> +			     unsigned long ref_ptr, u32 *namelen, char **name,
> +			     u64 *index, u64 *parent_objectid)
>  {
>  	struct btrfs_inode_extref *extref;
>  
>  	extref = (struct btrfs_inode_extref *)ref_ptr;
>  
>  	*namelen = btrfs_inode_extref_name_len(eb, extref);
> +	if (!btrfs_is_namelen_valid(eb, slot, (unsigned long)&extref->name,
> +				    *namelen))
> +		return -EIO;
> +
>  	*name = kmalloc(*namelen, GFP_NOFS);
>  	if (*name == NULL)
>  		return -ENOMEM;
> @@ -1198,14 +1202,19 @@ static int extref_get_fields(struct extent_buffer *eb, unsigned long ref_ptr,
>  	return 0;
>  }
>  
> -static int ref_get_fields(struct extent_buffer *eb, unsigned long ref_ptr,
> -			  u32 *namelen, char **name, u64 *index)
> +static int ref_get_fields(struct extent_buffer *eb, int slot,
> +			  unsigned long ref_ptr, u32 *namelen, char **name,
> +			  u64 *index)
>  {
>  	struct btrfs_inode_ref *ref;
>  
>  	ref = (struct btrfs_inode_ref *)ref_ptr;
>  
>  	*namelen = btrfs_inode_ref_name_len(eb, ref);
> +	if (!btrfs_is_namelen_valid(eb, slot, (unsigned long)(ref + 1),
> +				    *namelen))
> +		return -EIO;

I'd like to use this to raise a point - shouldn't btrfs actually try to
utilize a bit more the EUCLEAN error code. Both xfs/ext4 do define their
EFSCORRUPTED to EUCLEAN and signal that a structure is corrupted and
needs cleaning. Presumably when we btrfs_is_namelen_valid fails (or
other validation function) this means the data on=disk is corrupted
rather than there was an error during I/O which -EIO implies. Currently
btrfs uses EUCLEAN in only 3 instances in disk-io.c I'd like to solicit
opinions from other developers what their take on that is?


> +
>  	*name = kmalloc(*namelen, GFP_NOFS);
>  	if (*name == NULL)
>  		return -ENOMEM;
> @@ -1280,8 +1289,8 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans,
>  
>  	while (ref_ptr < ref_end) {
>  		if (log_ref_ver) {
> -			ret = extref_get_fields(eb, ref_ptr, &namelen, &name,
> -						&ref_index, &parent_objectid);
> +			ret = extref_get_fields(eb, slot, ref_ptr, &namelen,
> +					  &name, &ref_index, &parent_objectid);
>  			/*
>  			 * parent object can change from one array
>  			 * item to another.
> @@ -1293,8 +1302,8 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans,
>  				goto out;
>  			}
>  		} else {
> -			ret = ref_get_fields(eb, ref_ptr, &namelen, &name,
> -					     &ref_index);
> +			ret = ref_get_fields(eb, slot, ref_ptr, &namelen,
> +					     &name, &ref_index);
>  		}
>  		if (ret)
>  			goto out;
>

next prev parent reply	other threads:[~2017-06-01  9:53 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-01  8:57 [PATCH v2 0/9] btrfs: check namelen before read name Su Yue
2017-06-01  8:57 ` [PATCH v2 1/9] btrfs: Introduce btrfs_is_namelen_valid to avoid reading beyond boundary Su Yue
2017-06-01  9:44   ` Nikolay Borisov
2017-06-02  3:55     ` Su Yue
2017-06-01  8:57 ` [PATCH v2 2/9] btrfs: Check namelen with boundary in verify dir_item Su Yue
2017-06-01  8:57 ` [PATCH v2 3/9] btrfs: Check name len on add_inode_ref call path Su Yue
2017-06-01  9:53   ` Nikolay Borisov [this message]
2017-06-01 17:18     ` David Sterba
2017-06-01  8:57 ` [PATCH v2 4/9] btrfs: Verify dir_item in 'replay_xattr_deletes' Su Yue
2017-06-01  8:57 ` [PATCH v2 5/9] btrfs: Check namelen in 'btrfs_check_ref_name_override' Su Yue
2017-06-01  8:57 ` [PATCH v2 6/9] btrfs: Check name before read in 'iterate_dir_item' Su Yue
2017-06-01  9:58   ` Nikolay Borisov
2017-06-02 17:07     ` David Sterba
2017-06-01  8:57 ` [PATCH v2 7/9] btrfs: Check namelen before read in 'btrfs_get_name' Su Yue
2017-06-01  8:57 ` [PATCH v2 8/9] btrfs: Check namelen before in 'btrfs_del_root_ref' Su Yue
2017-06-05 15:12   ` David Sterba
2017-06-01  8:57 ` [PATCH v2 9/9] btrfs: Verify dir_item 'in iterate_object_props' Su Yue
2017-06-02 17:34 ` [PATCH v2 0/9] btrfs: check namelen before read name David Sterba
2017-06-02 18:01   ` David Sterba

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=08abcc0c-c17c-23e9-96e6-48c48a287a83@suse.com \
    --to=nborisov@suse.com \
    --cc=dsterba@suse.cz \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=suy.fnst@cn.fujitsu.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).