[PATCH 4/4] btrfs: tree-checker: Verify location key for DIR_ITEM/DIR_INDEX

public inbox for linux-btrfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Qu Wenruo <wqu@suse.com>
To: linux-btrfs@vger.kernel.org
Cc: Mike Gilbert <floppymaster@gmail.com>
Subject: [PATCH 4/4] btrfs: tree-checker: Verify location key for DIR_ITEM/DIR_INDEX
Date: Mon,  9 Dec 2019 18:54:35 +0800	[thread overview]
Message-ID: <20191209105435.36041-4-wqu@suse.com> (raw)
In-Reply-To: <20191209105435.36041-1-wqu@suse.com>

[PROBLEM]
There is a user report in the mail list, showing the following corrupted
tree blocks:

       item 62 key (486836 DIR_ITEM 2543451757) itemoff 6273 itemsize 74
               location key (4065004 INODE_ITEM 1073741824) type FILE
               transid 21397 data_len 0 name_len 44
               name: 0390cb341d248c589c419007da68b2-7351.manifest

Note that location key, its offset should be 0 for all INODE_ITEMS.

This caused btrfs kernel failed to lookup the inode.

[CAUSE]
That offending value, 1073741824, is 0x40000000. So this looks like a
memory bit flip.

[FIX]
This patch will enhance tree-checker to check location key of
DIR_INDEX/DIR_ITEM/XATTR_ITEM.

There are several different combinations needs to check:
- item_key.type == DIR_INDEX/DIR_ITEM
  * location_key.type == BTRFS_INODE_ITEM_KEY
    This location_key should follow the check in inode_item check.
  * location_key.type == BTRFS_ROOT_ITEM_KEY
    Despite the existing check, DIR_INDEX/DIR_ITEM can only points to
    subvolume trees.
  * All other keys are not allowed.

- item_key.type == XATTR_ITEM
  location_key should be all 0.

Reported-by: Mike Gilbert <floppymaster@gmail.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
---
 fs/btrfs/tree-checker.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 9a6743ee874a..7bd1a2f986c4 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -468,12 +468,14 @@ static int check_dir_item(struct extent_buffer *leaf,
 		return -EUCLEAN;
 	di = btrfs_item_ptr(leaf, slot, struct btrfs_dir_item);
 	while (cur < item_size) {
+		struct btrfs_key location_key;
 		u32 name_len;
 		u32 data_len;
 		u32 max_name_len;
 		u32 total_size;
 		u32 name_hash;
 		u8 dir_type;
+		int ret;
 
 		/* header itself should not cross item boundary */
 		if (cur + sizeof(*di) > item_size) {
@@ -483,6 +485,24 @@ static int check_dir_item(struct extent_buffer *leaf,
 			return -EUCLEAN;
 		}
 
+		/* Location key check */
+		btrfs_dir_item_key_to_cpu(leaf, di, &location_key);
+		if (location_key.type == BTRFS_ROOT_ITEM_KEY) {
+			ret = check_root_key(leaf, &location_key, slot);
+			if (ret < 0)
+				return ret;
+		} else if (location_key.type == BTRFS_INODE_ITEM_KEY ||
+			   location_key.type == 0) {
+			ret = check_inode_key(leaf, &location_key, slot);
+			if (ret < 0)
+				return ret;
+		} else {
+			dir_item_err(leaf, slot,
+			"invalid location key type, have %u, expect %u or %u",
+				     location_key.type, BTRFS_ROOT_ITEM_KEY,
+				     BTRFS_INODE_ITEM_KEY);
+			return -EUCLEAN;
+		}
 		/* dir type check */
 		dir_type = btrfs_dir_type(leaf, di);
 		if (dir_type >= BTRFS_FT_MAX) {
-- 
2.24.0

next prev parent reply	other threads:[~2019-12-09 10:54 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-09 10:54 [PATCH 1/4] btrfs: tree-checker: Clean up fs_info parameter from error message wrapper Qu Wenruo
2019-12-09 10:54 ` [PATCH 2/4] btrfs: tree-checker: Refactor inode key check into seperate function Qu Wenruo
2019-12-09 12:11   ` Nikolay Borisov
2019-12-10 14:42   ` Su Yue
2019-12-11  0:24     ` Qu WenRuo
2019-12-09 10:54 ` [PATCH 3/4] btrfs: tree-checker: Refactor root key check into separate function Qu Wenruo
2019-12-09 12:12   ` Nikolay Borisov
2019-12-09 10:54 ` Qu Wenruo [this message]
2019-12-09 12:07 ` [PATCH 1/4] btrfs: tree-checker: Clean up fs_info parameter from error message wrapper Nikolay Borisov
2020-01-02 15:04 ` David Sterba

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9a6743ee874 dfblob:7bd1a2f986c )
 OR (
bs:"[PATCH 4/4] btrfs: tree-checker: Verify location key for DIR_ITEM/DIR_INDEX" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191209105435.36041-4-wqu@suse.com \
    --to=wqu@suse.com \
    --cc=floppymaster@gmail.com \
    --cc=linux-btrfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox