linux-btrfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3 2/2] btrfs: Enhance chunk validation check
@ 2015-12-08  8:40 Qu Wenruo
  2015-12-29 10:11 ` Chandan Rajendra
  0 siblings, 1 reply; 4+ messages in thread
From: Qu Wenruo @ 2015-12-08  8:40 UTC (permalink / raw)
  To: linux-btrfs

Enhance chunk validation:
1) Num_stripes
   We already have such check but it's only in super block sys chunk
   array.
   Now check all on-disk chunks.

2) Chunk logical
   It should be aligned to sector size.
   This behavior should be *DOUBLE CHECKED* for 64K sector size like
   PPC64 or AArch64.
   Maybe we can found some hidden bugs.

3) Chunk length
   Same as chunk logical, should be aligned to sector size.

4) Stripe length
   It should be power of 2.

5) Chunk type
   Any bit out of TYPE_MAS | PROFILE_MASK is invalid.

With all these much restrict rules, several fuzzed image reported in
mail list should no longer cause kernel panic.

Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>

---
v3:
  Fix a typo which forgot to return -EIO after num_stripes check.
---
 fs/btrfs/volumes.c | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 9ea345f..bda84be 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -6199,6 +6199,7 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
 	struct extent_map *em;
 	u64 logical;
 	u64 length;
+	u64 stripe_len;
 	u64 devid;
 	u8 uuid[BTRFS_UUID_SIZE];
 	int num_stripes;
@@ -6207,6 +6208,37 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
 
 	logical = key->offset;
 	length = btrfs_chunk_length(leaf, chunk);
+	stripe_len = btrfs_chunk_stripe_len(leaf, chunk);
+	num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
+	/* Validation check */
+	if (!num_stripes) {
+		btrfs_err(root->fs_info, "invalid chunk num_stripes: %u",
+			  num_stripes);
+		return -EIO;
+	}
+	if (!IS_ALIGNED(logical, root->sectorsize)) {
+		btrfs_err(root->fs_info,
+			  "invalid chunk logical %llu", logical);
+		return -EIO;
+	}
+	if (!length || !IS_ALIGNED(length, root->sectorsize)) {
+		btrfs_err(root->fs_info,
+			"invalid chunk length %llu", length);
+		return -EIO;
+	}
+	if (!is_power_of_2(stripe_len)) {
+		btrfs_err(root->fs_info, "invalid chunk stripe length: %llu",
+			  stripe_len);
+		return -EIO;
+	}
+	if (~(BTRFS_BLOCK_GROUP_TYPE_MASK | BTRFS_BLOCK_GROUP_PROFILE_MASK) &
+	    btrfs_chunk_type(leaf, chunk)) {
+		btrfs_err(root->fs_info, "unrecognized chunk type: %llu",
+			  ~(BTRFS_BLOCK_GROUP_TYPE_MASK |
+			    BTRFS_BLOCK_GROUP_PROFILE_MASK) &
+			  btrfs_chunk_type(leaf, chunk));
+		return -EIO;
+	}
 
 	read_lock(&map_tree->map_tree.lock);
 	em = lookup_extent_mapping(&map_tree->map_tree, logical, 1);
@@ -6223,7 +6255,6 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
 	em = alloc_extent_map();
 	if (!em)
 		return -ENOMEM;
-	num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
 	map = kmalloc(map_lookup_size(num_stripes), GFP_NOFS);
 	if (!map) {
 		free_extent_map(em);
-- 
2.6.3




^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH v3 2/2] btrfs: Enhance chunk validation check
  2015-12-15  1:14 [PATCH v3 1/2] btrfs: Enhance super " Qu Wenruo
@ 2015-12-15  1:14 ` Qu Wenruo
  0 siblings, 0 replies; 4+ messages in thread
From: Qu Wenruo @ 2015-12-15  1:14 UTC (permalink / raw)
  To: linux-btrfs

Enhance chunk validation:
1) Num_stripes
   We already have such check but it's only in super block sys chunk
   array.
   Now check all on-disk chunks.

2) Chunk logical
   It should be aligned to sector size.
   This behavior should be *DOUBLE CHECKED* for 64K sector size like
   PPC64 or AArch64.
   Maybe we can found some hidden bugs.

3) Chunk length
   Same as chunk logical, should be aligned to sector size.

4) Stripe length
   It should be power of 2.

5) Chunk type
   Any bit out of TYPE_MAS | PROFILE_MASK is invalid.

With all these much restrict rules, several fuzzed image reported in
mail list should no longer cause kernel panic.

Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>

---
v2:
  Fix a typo which forgot to return -EIO after num_stripes check.
---
 fs/btrfs/volumes.c | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 9ea345f..bda84be 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -6199,6 +6199,7 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
 	struct extent_map *em;
 	u64 logical;
 	u64 length;
+	u64 stripe_len;
 	u64 devid;
 	u8 uuid[BTRFS_UUID_SIZE];
 	int num_stripes;
@@ -6207,6 +6208,37 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
 
 	logical = key->offset;
 	length = btrfs_chunk_length(leaf, chunk);
+	stripe_len = btrfs_chunk_stripe_len(leaf, chunk);
+	num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
+	/* Validation check */
+	if (!num_stripes) {
+		btrfs_err(root->fs_info, "invalid chunk num_stripes: %u",
+			  num_stripes);
+		return -EIO;
+	}
+	if (!IS_ALIGNED(logical, root->sectorsize)) {
+		btrfs_err(root->fs_info,
+			  "invalid chunk logical %llu", logical);
+		return -EIO;
+	}
+	if (!length || !IS_ALIGNED(length, root->sectorsize)) {
+		btrfs_err(root->fs_info,
+			"invalid chunk length %llu", length);
+		return -EIO;
+	}
+	if (!is_power_of_2(stripe_len)) {
+		btrfs_err(root->fs_info, "invalid chunk stripe length: %llu",
+			  stripe_len);
+		return -EIO;
+	}
+	if (~(BTRFS_BLOCK_GROUP_TYPE_MASK | BTRFS_BLOCK_GROUP_PROFILE_MASK) &
+	    btrfs_chunk_type(leaf, chunk)) {
+		btrfs_err(root->fs_info, "unrecognized chunk type: %llu",
+			  ~(BTRFS_BLOCK_GROUP_TYPE_MASK |
+			    BTRFS_BLOCK_GROUP_PROFILE_MASK) &
+			  btrfs_chunk_type(leaf, chunk));
+		return -EIO;
+	}
 
 	read_lock(&map_tree->map_tree.lock);
 	em = lookup_extent_mapping(&map_tree->map_tree, logical, 1);
@@ -6223,7 +6255,6 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
 	em = alloc_extent_map();
 	if (!em)
 		return -ENOMEM;
-	num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
 	map = kmalloc(map_lookup_size(num_stripes), GFP_NOFS);
 	if (!map) {
 		free_extent_map(em);
-- 
2.6.3




^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v3 2/2] btrfs: Enhance chunk validation check
  2015-12-08  8:40 [PATCH v3 2/2] btrfs: Enhance chunk validation check Qu Wenruo
@ 2015-12-29 10:11 ` Chandan Rajendra
  2015-12-30 12:02   ` Qu Wenruo
  0 siblings, 1 reply; 4+ messages in thread
From: Chandan Rajendra @ 2015-12-29 10:11 UTC (permalink / raw)
  To: Qu Wenruo; +Cc: linux-btrfs

On Tuesday 08 Dec 2015 16:40:42 Qu Wenruo wrote:
> Enhance chunk validation:
> 1) Num_stripes
>    We already have such check but it's only in super block sys chunk
>    array.
>    Now check all on-disk chunks.
> 
> 2) Chunk logical
>    It should be aligned to sector size.
>    This behavior should be *DOUBLE CHECKED* for 64K sector size like
>    PPC64 or AArch64.
>    Maybe we can found some hidden bugs.
> 

Sorry about the delayed response. I executed fstests on ppc64 with 64k block
size and all the tests that used to pass earlier (i.e. without patch applied)
continue to pass. Hence,

Tested-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>

-- 
chandan


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v3 2/2] btrfs: Enhance chunk validation check
  2015-12-29 10:11 ` Chandan Rajendra
@ 2015-12-30 12:02   ` Qu Wenruo
  0 siblings, 0 replies; 4+ messages in thread
From: Qu Wenruo @ 2015-12-30 12:02 UTC (permalink / raw)
  To: Chandan Rajendra, Qu Wenruo; +Cc: linux-btrfs

On 12/29/2015 06:11 PM, Chandan Rajendra wrote:
> On Tuesday 08 Dec 2015 16:40:42 Qu Wenruo wrote:
>> Enhance chunk validation:
>> 1) Num_stripes
>>     We already have such check but it's only in super block sys chunk
>>     array.
>>     Now check all on-disk chunks.
>>
>> 2) Chunk logical
>>     It should be aligned to sector size.
>>     This behavior should be *DOUBLE CHECKED* for 64K sector size like
>>     PPC64 or AArch64.
>>     Maybe we can found some hidden bugs.
>>
>
> Sorry about the delayed response. I executed fstests on ppc64 with 64k block
> size and all the tests that used to pass earlier (i.e. without patch applied)
> continue to pass. Hence,
>
> Tested-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
>
Very glad to hear that.

Thanks for all the test.
Qu

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-12-30 12:02 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-08  8:40 [PATCH v3 2/2] btrfs: Enhance chunk validation check Qu Wenruo
2015-12-29 10:11 ` Chandan Rajendra
2015-12-30 12:02   ` Qu Wenruo
  -- strict thread matches above, loose matches on Subject: below --
2015-12-15  1:14 [PATCH v3 1/2] btrfs: Enhance super " Qu Wenruo
2015-12-15  1:14 ` [PATCH v3 2/2] btrfs: Enhance chunk " Qu Wenruo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).