From: Qu Wenruo <wqu@suse.com>
To: linux-btrfs@vger.kernel.org
Cc: Jungyeon Yoon <jungyeon.yoon@gmail.com>
Subject: [PATCH 0/5] btrfs: Enhanced runtime defence against fuzzed images
Date: Wed, 10 Jul 2019 16:02:38 +0800 [thread overview]
Message-ID: <20190710080243.15988-1-wqu@suse.com> (raw)
Another wave of defence enhancment, including:
- Enhanced eb accessors
Not really needed for the fuzzed images, as 448de471cd4c
("btrfs: Check the first key and level for cached extent buffer")
already fixed half of the reported images.
Just add a final layer of safe net.
- BUG_ON() hunt in __btrfs_free_extent()
Kill BUG_ON()s in __btrfs_free_extent(), replace with error reporting
and why it shouldn't happen.
Also add comment on what __btrfs_free_extent() is designed to do, with
two dump-tree examples for newcomers.
- BUG_ON() hunt in __btrfs_inc_extent_ref()
Just like __btrfs_free_extent(), but less comment as
comment for __btrfs_free_extent() should also work for
__btrfs_inc_extent_ref(), and __btrfs_inc_extent_ref() has a better
structure than __btrfs_free_extent().
- Defence against unbalanced empty leaf
- Defence against bad key order across two tree blocks
The last two cases can't be rejected by tree-checker and they are all
cross-eb cases.
Thankfully we can reuse existing first_key check against unbalanced
empty leaf, but needs extra check deep into ctree.c for tree block
merging time check.
Reported-by: Jungyeon Yoon <jungyeon.yoon@gmail.com>
[ Not to mail bombarding the report, thus only RB tag in cover letter ]
Qu Wenruo (5):
btrfs: extent_io: Do extra check for extent buffer read write
functions
btrfs: extent-tree: Kill BUG_ON() in __btrfs_free_extent() and do
better comment
btrfs: Detect unbalanced tree with empty leaf before crashing btree
operations
btrfs: extent-tree: Kill the BUG_ON() in
insert_inline_extent_backref()
btrfs: ctree: Checking key orders before merged tree blocks
fs/btrfs/ctree.c | 63 +++++++++++++++
fs/btrfs/disk-io.c | 9 +++
fs/btrfs/extent-tree.c | 168 ++++++++++++++++++++++++++++++++++++----
fs/btrfs/extent_io.c | 79 ++++++++++---------
fs/btrfs/tree-checker.c | 6 ++
5 files changed, 273 insertions(+), 52 deletions(-)
--
2.22.0
next reply other threads:[~2019-07-10 8:02 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-10 8:02 Qu Wenruo [this message]
2019-07-10 8:02 ` [PATCH 1/5] btrfs: extent_io: Do extra check for extent buffer read write functions Qu Wenruo
2019-07-10 10:42 ` Nikolay Borisov
2019-07-10 10:58 ` WenRuo Qu
2019-07-24 16:00 ` David Sterba
2019-07-24 22:54 ` Qu Wenruo
2019-07-25 6:39 ` Nikolay Borisov
2019-07-10 8:02 ` [PATCH 2/5] btrfs: extent-tree: Kill BUG_ON() in __btrfs_free_extent() and do better comment Qu Wenruo
2019-07-10 10:48 ` Nikolay Borisov
2019-07-10 11:00 ` WenRuo Qu
2019-07-10 8:02 ` [PATCH 3/5] btrfs: Detect unbalanced tree with empty leaf before crashing btree operations Qu Wenruo
2019-07-10 10:54 ` Nikolay Borisov
2019-07-10 8:02 ` [PATCH 4/5] btrfs: extent-tree: Kill the BUG_ON() in insert_inline_extent_backref() Qu Wenruo
2019-07-10 11:12 ` Nikolay Borisov
2019-07-10 8:02 ` [PATCH 5/5] btrfs: ctree: Checking key orders before merged tree blocks Qu Wenruo
2019-07-10 11:19 ` Nikolay Borisov
2019-07-10 12:02 ` Qu Wenruo
2019-07-10 12:12 ` Nikolay Borisov
2019-07-24 16:24 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190710080243.15988-1-wqu@suse.com \
--to=wqu@suse.com \
--cc=jungyeon.yoon@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox