Re: [PATCH] btrfs-progs: check/lowmem: Fix access on uninitialized memory

public inbox for linux-btrfs@vger.kernel.org
 help / color / mirror / Atom feed

From: David Sterba <dsterba@suse.cz>
To: Qu Wenruo <wqu@suse.com>
Cc: linux-btrfs@vger.kernel.org
Subject: Re: [PATCH] btrfs-progs: check/lowmem: Fix access on uninitialized memory
Date: Tue, 24 Mar 2020 19:08:54 +0100	[thread overview]
Message-ID: <20200324180854.GR12659@twin.jikos.cz> (raw)
In-Reply-To: <20200324030855.29245-1-wqu@suse.com>

On Tue, Mar 24, 2020 at 11:08:55AM +0800, Qu Wenruo wrote:
> [BUG]
> There are some reports on fsck/001 test segfault failure with lowmem mode.
> 
> While I failed to reproduce it, valgrind still catches it with the
> following output:
> 
>   Delete backref in extent [12845056 1048576]
>   ERROR: file extent [257, 0] has unaligned disk bytenr: 755944791, should be aligned to 4096
>   ERROR: file extent[257 0] root 5 owner 5 backref lost
>   Deleted root 5 item[257, 108, 0]
>   ==29080== Conditional jump or move depends on uninitialised value(s)
>   ==29080==    at 0x1A81D7: btrfs_release_path (ctree.c:97)
>   ==29080==    by 0x192C33: repair_extent_data_item (mode-lowmem.c:3330)
>   ==29080==    by 0x1962FF: check_leaf_items (mode-lowmem.c:4696)
>   ==29080==    by 0x196ABF: walk_down_tree (mode-lowmem.c:4858)
>   ==29080==    by 0x197762: check_btrfs_root (mode-lowmem.c:5157)
>   ==29080==    by 0x198335: check_chunks_and_extents_lowmem (mode-lowmem.c:5450)
>   ==29080==    by 0x166414: do_check_chunks_and_extents (main.c:8829)
>   ==29080==    by 0x169CF7: cmd_check (main.c:10313)
>   ==29080==    by 0x11CDC6: cmd_execute (commands.h:125)
>   ==29080==    by 0x11D712: main (btrfs.c:386)
>   ==29080==
> 
> [CAUSE]
> In repair_extent_data_item() if we find unaligned file extent, we just
> delete it and kick in hole punch procedure.
> 
> The problem is, file extent deletion is done before initializing @path.
> And when the deletion is done without problem, we will goto out tag,
> which will release @path, containing uninitialized values, and
> triggering segfault.
> 
> [FIX]
> Don't try to abort trans nor free path if we're going through file
> extent deletion routine.
> 
> Fixes: 0617bde3bc15 ("btrfs-progs: lowmem: delete unaligned bytes extent data under repair")
> Signed-off-by: Qu Wenruo <wqu@suse.com>

Added to devel, thanks.

     prev parent reply	other threads:[~2020-03-24 18:09 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-24  3:08 [PATCH] btrfs-progs: check/lowmem: Fix access on uninitialized memory Qu Wenruo
2020-03-24 18:08 ` David Sterba [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200324180854.GR12659@twin.jikos.cz \
    --to=dsterba@suse.cz \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=wqu@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox