From: Liu Bo <bo.li.liu@oracle.com>
To: Anand Jain <anand.jain@oracle.com>
Cc: linux-btrfs@vger.kernel.org, vegard.nossum@oracle.com, sterba@suse.com
Subject: Re: [PATCH 2/2] Btrfs: add valid checks for chunk loading
Date: Tue, 3 May 2016 16:33:07 -0700 [thread overview]
Message-ID: <20160503233307.GF21008@localhost.localdomain> (raw)
In-Reply-To: <57283CBE.6000503@oracle.com>
On Tue, May 03, 2016 at 01:53:02PM +0800, Anand Jain wrote:
>
>
>
> On 05/03/2016 02:15 AM, Liu Bo wrote:
> >To prevent fuzz filesystem images from panic the whole system,
> >we need various validation checks to refuse to mount such an image
> >if btrfs finds any invalid value during loading chunks, including
> >both sys_array and regular chunks.
> >
> >Note that these checks may not be sufficient to cover all corner cases,
> >feel free to add more checks.
> >
> >Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
> >Reported-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
> >Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
> >---
> > fs/btrfs/volumes.c | 84 +++++++++++++++++++++++++++++++++++++++++++-----------
> > 1 file changed, 68 insertions(+), 16 deletions(-)
> >
> >diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
> >index bd0f45f..1075573 100644
> >--- a/fs/btrfs/volumes.c
> >+++ b/fs/btrfs/volumes.c
> >@@ -6206,27 +6206,23 @@ struct btrfs_device *btrfs_alloc_device(struct btrfs_fs_info *fs_info,
> > return dev;
> > }
> >
> >-static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
> >- struct extent_buffer *leaf,
> >- struct btrfs_chunk *chunk)
> >+/* Return -EIO if any error, otherwise return 0. */
> >+static int btrfs_check_chunk_valid(struct btrfs_root *root,
> >+ struct extent_buffer *leaf,
> >+ struct btrfs_chunk *chunk, u64 logical)
> > {
> >- struct btrfs_mapping_tree *map_tree = &root->fs_info->mapping_tree;
> >- struct map_lookup *map;
> >- struct extent_map *em;
> >- u64 logical;
> > u64 length;
> > u64 stripe_len;
> >- u64 devid;
> >- u8 uuid[BTRFS_UUID_SIZE];
> >- int num_stripes;
> >- int ret;
> >- int i;
> >+ u16 num_stripes;
> >+ u16 sub_stripes;
> >+ u64 type;
> >
> >- logical = key->offset;
> > length = btrfs_chunk_length(leaf, chunk);
> > stripe_len = btrfs_chunk_stripe_len(leaf, chunk);
> > num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
> >- /* Validation check */
> >+ sub_stripes = btrfs_chunk_sub_stripes(leaf, chunk);
> >+ type = btrfs_chunk_type(leaf, chunk);
> >+
> > if (!num_stripes) {
> > btrfs_err(root->fs_info, "invalid chunk num_stripes: %u",
> > num_stripes);
> >@@ -6237,24 +6233,70 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
> > "invalid chunk logical %llu", logical);
> > return -EIO;
> > }
> >+ if (btrfs_chunk_sector_size(leaf, chunk) != root->sectorsize) {
> >+ btrfs_err(root->fs_info, "invalid chunk sectorsize %llu",
> >+ (unsigned long long)btrfs_chunk_sector_size(leaf,
> >+ chunk));
> >+ return -EIO;
> >+ }
> > if (!length || !IS_ALIGNED(length, root->sectorsize)) {
> > btrfs_err(root->fs_info,
> > "invalid chunk length %llu", length);
> > return -EIO;
> > }
> >- if (!is_power_of_2(stripe_len)) {
> >+ if (stripe_len != BTRFS_STRIPE_LEN) {
> > btrfs_err(root->fs_info, "invalid chunk stripe length: %llu",
> > stripe_len);
> > return -EIO;
> > }
> > if (~(BTRFS_BLOCK_GROUP_TYPE_MASK | BTRFS_BLOCK_GROUP_PROFILE_MASK) &
> >- btrfs_chunk_type(leaf, chunk)) {
> >+ type) {
> > btrfs_err(root->fs_info, "unrecognized chunk type: %llu",
> > ~(BTRFS_BLOCK_GROUP_TYPE_MASK |
> > BTRFS_BLOCK_GROUP_PROFILE_MASK) &
> > btrfs_chunk_type(leaf, chunk));
> > return -EIO;
> > }
> >+ if ((type & BTRFS_BLOCK_GROUP_RAID10 && sub_stripes == 0) ||
> >+ (type & BTRFS_BLOCK_GROUP_RAID1 && num_stripes < 1) ||
> >+ (type & BTRFS_BLOCK_GROUP_RAID5 && num_stripes < 2) ||
>
>
> >+ (type & BTRFS_BLOCK_GROUP_RAID5 && num_stripes < 3) ||
>
> It should be BTRFS_BLOCK_GROUP_RAID6
NICE catching!
Thanks,
-liubo
>
> Thanks, Anand
>
>
>
>
>
> >+ (type & BTRFS_BLOCK_GROUP_DUP && num_stripes > 2) ||
> >+ ((type & BTRFS_BLOCK_GROUP_PROFILE_MASK) == 0 &&
> >+ num_stripes != 1)) {
> >+ btrfs_err(root->fs_info, "Invalid num_stripes:sub_stripes %u:%u for profile %llu",
> >+ num_stripes, sub_stripes,
> >+ type & BTRFS_BLOCK_GROUP_PROFILE_MASK);
> >+ return -EIO;
> >+ }
> >+
> >+ return 0;
> >+}
> >+
> >+static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
> >+ struct extent_buffer *leaf,
> >+ struct btrfs_chunk *chunk)
> >+{
> >+ struct btrfs_mapping_tree *map_tree = &root->fs_info->mapping_tree;
> >+ struct map_lookup *map;
> >+ struct extent_map *em;
> >+ u64 logical;
> >+ u64 length;
> >+ u64 stripe_len;
> >+ u64 devid;
> >+ u8 uuid[BTRFS_UUID_SIZE];
> >+ int num_stripes;
> >+ int ret;
> >+ int i;
> >+
> >+ logical = key->offset;
> >+ length = btrfs_chunk_length(leaf, chunk);
> >+ stripe_len = btrfs_chunk_stripe_len(leaf, chunk);
> >+ num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
> >+ /* Validation check */
> >+ ret = btrfs_check_chunk_valid(root, leaf, chunk, logical);
> >+ if (ret)
> >+ return ret;
> >
> > read_lock(&map_tree->map_tree.lock);
> > em = lookup_extent_mapping(&map_tree->map_tree, logical, 1);
> >@@ -6502,6 +6544,7 @@ int btrfs_read_sys_array(struct btrfs_root *root)
> > u32 array_size;
> > u32 len = 0;
> > u32 cur_offset;
> >+ u64 type;
> > struct btrfs_key key;
> >
> > ASSERT(BTRFS_SUPER_INFO_SIZE <= root->nodesize);
> >@@ -6568,6 +6611,15 @@ int btrfs_read_sys_array(struct btrfs_root *root)
> > break;
> > }
> >
> >+ type = btrfs_chunk_type(sb, chunk);
> >+ if ((type & BTRFS_BLOCK_GROUP_SYSTEM) == 0) {
> >+ printk(KERN_ERR
> >+ "BTRFS: invalid chunk type %llu in sys_array at offset %u\n",
> >+ type, cur_offset);
> >+ ret = -EIO;
> >+ break;
> >+ }
> >+
> > len = btrfs_chunk_item_size(num_stripes);
> > if (cur_offset + len > array_size)
> > goto out_short_read;
> >
next prev parent reply other threads:[~2016-05-03 23:32 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-02 18:15 [PATCH 1/2] Btrfs: add more valid checks for superblock Liu Bo
2016-05-02 18:15 ` [PATCH 2/2] Btrfs: add valid checks for chunk loading Liu Bo
2016-05-03 1:12 ` Qu Wenruo
2016-05-03 23:36 ` Liu Bo
2016-05-05 1:03 ` Qu Wenruo
2016-05-03 5:53 ` Anand Jain
2016-05-03 23:33 ` Liu Bo [this message]
2016-05-04 13:56 ` David Sterba
2016-05-13 23:57 ` Liu Bo
2016-05-17 13:37 ` David Sterba
2016-05-02 18:23 ` [PATCH 1/2] Btrfs: add more valid checks for superblock Liu Bo
2016-05-03 1:02 ` Qu Wenruo
2016-05-03 23:32 ` Liu Bo
2016-05-04 13:23 ` David Sterba
2016-05-04 17:44 ` Liu Bo
2016-05-05 1:08 ` Qu Wenruo
2016-05-06 14:35 ` David Sterba
2016-05-09 1:31 ` Qu Wenruo
2016-05-13 18:14 ` Liu Bo
2016-05-13 23:42 ` Qu Wenruo
2016-05-17 13:47 ` David Sterba
2016-05-04 13:29 ` David Sterba
2016-05-04 17:40 ` Liu Bo
2016-05-06 14:39 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160503233307.GF21008@localhost.localdomain \
--to=bo.li.liu@oracle.com \
--cc=anand.jain@oracle.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=sterba@suse.com \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).