From: Qu Wenruo <quwenruo.btrfs@gmx.com>
To: dsterba@suse.cz, Edward Adam Davis <eadavis@qq.com>
Cc: syzbot+5d2b33d7835870519b5f@syzkaller.appspotmail.com,
clm@fb.com, dsterba@suse.com, josef@toxicpanda.com,
linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [PATCH] btrfs: add a sanity check for csum root before fill the data csum
Date: Sat, 26 Oct 2024 07:45:18 +1030 [thread overview]
Message-ID: <09b446c0-0c47-4822-b14f-5df1e7e4f4de@gmx.com> (raw)
In-Reply-To: <20241025184424.GL31418@twin.jikos.cz>
在 2024/10/26 05:14, David Sterba 写道:
> On Wed, Oct 23, 2024 at 07:04:40PM +0800, Edward Adam Davis wrote:
>> Syzbot reported a null-ptr-deref in btrfs_lookup_csums_bitmap.
>> The btrfs info contains IGNOREDATACSUMS, which prevents the csum root from
>> being loaded.
>> Before filling in the csum data, check the flag BTRFS_FS_STATE_NO_DATA_CSUMS
>> to confirm that the csum root has been loaded.
>>
>> Reported-and-tested-by: syzbot+5d2b33d7835870519b5f@syzkaller.appspotmail.com
>> Closes: https://syzkaller.appspot.com/bug?extid=5d2b33d7835870519b5f
>> Signed-off-by: Edward Adam Davis <eadavis@qq.com>
>
> Added to for-next, thanks.
Wait for a second, I believe LiZhi Xu's solution is better.
And sorry I didn't notice that until his patch is submitted.
The problem for this fix is, although it fixes the crash, it also gives
a false feel of safety that scrub is finding nothing wrong.
But the truth is, there is no csum root, and everything can go wrong.
Thus I'd prefer LiZhi's solution which error out and terminate the scrub
immediately.
Thanks,
Qu
>
>> ---
>> fs/btrfs/scrub.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
>> index 3a3427428074..1ba4d8ba902b 100644
>> --- a/fs/btrfs/scrub.c
>> +++ b/fs/btrfs/scrub.c
>> @@ -1602,7 +1602,8 @@ static int scrub_find_fill_first_stripe(struct btrfs_block_group *bg,
>> }
>>
>> /* Now fill the data csum. */
>> - if (bg->flags & BTRFS_BLOCK_GROUP_DATA) {
>> + if (!test_bit(BTRFS_FS_STATE_NO_DATA_CSUMS, &fs_info->fs_state) &&
>
> I've updatd the coment as this is double negation that could be
> confusing on a quick read.
>
>> + bg->flags & BTRFS_BLOCK_GROUP_DATA) {
>> int sector_nr;
>> unsigned long csum_bitmap = 0;
>>
>> --
>> 2.43.0
>>
>
next prev parent reply other threads:[~2024-10-25 21:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-23 9:08 [syzbot] [btrfs?] general protection fault in btrfs_lookup_csums_bitmap syzbot
2024-10-23 11:04 ` [PATCH] btrfs: add a sanity check for csum root before fill the data csum Edward Adam Davis
2024-10-23 21:07 ` Qu Wenruo
2024-10-25 18:44 ` David Sterba
2024-10-25 21:15 ` Qu Wenruo [this message]
2024-10-29 20:55 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=09b446c0-0c47-4822-b14f-5df1e7e4f4de@gmx.com \
--to=quwenruo.btrfs@gmx.com \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=dsterba@suse.cz \
--cc=eadavis@qq.com \
--cc=josef@toxicpanda.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+5d2b33d7835870519b5f@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox