From: Anand Jain <anand.jain@oracle.com>
To: Liu Bo <bo.li.liu@oracle.com>, linux-btrfs@vger.kernel.org
Cc: vegard.nossum@oracle.com, sterba@suse.com
Subject: Re: [PATCH 2/2] Btrfs: add valid checks for chunk loading
Date: Tue, 3 May 2016 13:53:02 +0800 [thread overview]
Message-ID: <57283CBE.6000503@oracle.com> (raw)
In-Reply-To: <1462212951-28113-2-git-send-email-bo.li.liu@oracle.com>
On 05/03/2016 02:15 AM, Liu Bo wrote:
> To prevent fuzz filesystem images from panic the whole system,
> we need various validation checks to refuse to mount such an image
> if btrfs finds any invalid value during loading chunks, including
> both sys_array and regular chunks.
>
> Note that these checks may not be sufficient to cover all corner cases,
> feel free to add more checks.
>
> Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
> Reported-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
> Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
> ---
> fs/btrfs/volumes.c | 84 +++++++++++++++++++++++++++++++++++++++++++-----------
> 1 file changed, 68 insertions(+), 16 deletions(-)
>
> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
> index bd0f45f..1075573 100644
> --- a/fs/btrfs/volumes.c
> +++ b/fs/btrfs/volumes.c
> @@ -6206,27 +6206,23 @@ struct btrfs_device *btrfs_alloc_device(struct btrfs_fs_info *fs_info,
> return dev;
> }
>
> -static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
> - struct extent_buffer *leaf,
> - struct btrfs_chunk *chunk)
> +/* Return -EIO if any error, otherwise return 0. */
> +static int btrfs_check_chunk_valid(struct btrfs_root *root,
> + struct extent_buffer *leaf,
> + struct btrfs_chunk *chunk, u64 logical)
> {
> - struct btrfs_mapping_tree *map_tree = &root->fs_info->mapping_tree;
> - struct map_lookup *map;
> - struct extent_map *em;
> - u64 logical;
> u64 length;
> u64 stripe_len;
> - u64 devid;
> - u8 uuid[BTRFS_UUID_SIZE];
> - int num_stripes;
> - int ret;
> - int i;
> + u16 num_stripes;
> + u16 sub_stripes;
> + u64 type;
>
> - logical = key->offset;
> length = btrfs_chunk_length(leaf, chunk);
> stripe_len = btrfs_chunk_stripe_len(leaf, chunk);
> num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
> - /* Validation check */
> + sub_stripes = btrfs_chunk_sub_stripes(leaf, chunk);
> + type = btrfs_chunk_type(leaf, chunk);
> +
> if (!num_stripes) {
> btrfs_err(root->fs_info, "invalid chunk num_stripes: %u",
> num_stripes);
> @@ -6237,24 +6233,70 @@ static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
> "invalid chunk logical %llu", logical);
> return -EIO;
> }
> + if (btrfs_chunk_sector_size(leaf, chunk) != root->sectorsize) {
> + btrfs_err(root->fs_info, "invalid chunk sectorsize %llu",
> + (unsigned long long)btrfs_chunk_sector_size(leaf,
> + chunk));
> + return -EIO;
> + }
> if (!length || !IS_ALIGNED(length, root->sectorsize)) {
> btrfs_err(root->fs_info,
> "invalid chunk length %llu", length);
> return -EIO;
> }
> - if (!is_power_of_2(stripe_len)) {
> + if (stripe_len != BTRFS_STRIPE_LEN) {
> btrfs_err(root->fs_info, "invalid chunk stripe length: %llu",
> stripe_len);
> return -EIO;
> }
> if (~(BTRFS_BLOCK_GROUP_TYPE_MASK | BTRFS_BLOCK_GROUP_PROFILE_MASK) &
> - btrfs_chunk_type(leaf, chunk)) {
> + type) {
> btrfs_err(root->fs_info, "unrecognized chunk type: %llu",
> ~(BTRFS_BLOCK_GROUP_TYPE_MASK |
> BTRFS_BLOCK_GROUP_PROFILE_MASK) &
> btrfs_chunk_type(leaf, chunk));
> return -EIO;
> }
> + if ((type & BTRFS_BLOCK_GROUP_RAID10 && sub_stripes == 0) ||
> + (type & BTRFS_BLOCK_GROUP_RAID1 && num_stripes < 1) ||
> + (type & BTRFS_BLOCK_GROUP_RAID5 && num_stripes < 2) ||
> + (type & BTRFS_BLOCK_GROUP_RAID5 && num_stripes < 3) ||
It should be BTRFS_BLOCK_GROUP_RAID6
Thanks, Anand
> + (type & BTRFS_BLOCK_GROUP_DUP && num_stripes > 2) ||
> + ((type & BTRFS_BLOCK_GROUP_PROFILE_MASK) == 0 &&
> + num_stripes != 1)) {
> + btrfs_err(root->fs_info, "Invalid num_stripes:sub_stripes %u:%u for profile %llu",
> + num_stripes, sub_stripes,
> + type & BTRFS_BLOCK_GROUP_PROFILE_MASK);
> + return -EIO;
> + }
> +
> + return 0;
> +}
> +
> +static int read_one_chunk(struct btrfs_root *root, struct btrfs_key *key,
> + struct extent_buffer *leaf,
> + struct btrfs_chunk *chunk)
> +{
> + struct btrfs_mapping_tree *map_tree = &root->fs_info->mapping_tree;
> + struct map_lookup *map;
> + struct extent_map *em;
> + u64 logical;
> + u64 length;
> + u64 stripe_len;
> + u64 devid;
> + u8 uuid[BTRFS_UUID_SIZE];
> + int num_stripes;
> + int ret;
> + int i;
> +
> + logical = key->offset;
> + length = btrfs_chunk_length(leaf, chunk);
> + stripe_len = btrfs_chunk_stripe_len(leaf, chunk);
> + num_stripes = btrfs_chunk_num_stripes(leaf, chunk);
> + /* Validation check */
> + ret = btrfs_check_chunk_valid(root, leaf, chunk, logical);
> + if (ret)
> + return ret;
>
> read_lock(&map_tree->map_tree.lock);
> em = lookup_extent_mapping(&map_tree->map_tree, logical, 1);
> @@ -6502,6 +6544,7 @@ int btrfs_read_sys_array(struct btrfs_root *root)
> u32 array_size;
> u32 len = 0;
> u32 cur_offset;
> + u64 type;
> struct btrfs_key key;
>
> ASSERT(BTRFS_SUPER_INFO_SIZE <= root->nodesize);
> @@ -6568,6 +6611,15 @@ int btrfs_read_sys_array(struct btrfs_root *root)
> break;
> }
>
> + type = btrfs_chunk_type(sb, chunk);
> + if ((type & BTRFS_BLOCK_GROUP_SYSTEM) == 0) {
> + printk(KERN_ERR
> + "BTRFS: invalid chunk type %llu in sys_array at offset %u\n",
> + type, cur_offset);
> + ret = -EIO;
> + break;
> + }
> +
> len = btrfs_chunk_item_size(num_stripes);
> if (cur_offset + len > array_size)
> goto out_short_read;
>
next prev parent reply other threads:[~2016-05-03 5:53 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-02 18:15 [PATCH 1/2] Btrfs: add more valid checks for superblock Liu Bo
2016-05-02 18:15 ` [PATCH 2/2] Btrfs: add valid checks for chunk loading Liu Bo
2016-05-03 1:12 ` Qu Wenruo
2016-05-03 23:36 ` Liu Bo
2016-05-05 1:03 ` Qu Wenruo
2016-05-03 5:53 ` Anand Jain [this message]
2016-05-03 23:33 ` Liu Bo
2016-05-04 13:56 ` David Sterba
2016-05-13 23:57 ` Liu Bo
2016-05-17 13:37 ` David Sterba
2016-05-02 18:23 ` [PATCH 1/2] Btrfs: add more valid checks for superblock Liu Bo
2016-05-03 1:02 ` Qu Wenruo
2016-05-03 23:32 ` Liu Bo
2016-05-04 13:23 ` David Sterba
2016-05-04 17:44 ` Liu Bo
2016-05-05 1:08 ` Qu Wenruo
2016-05-06 14:35 ` David Sterba
2016-05-09 1:31 ` Qu Wenruo
2016-05-13 18:14 ` Liu Bo
2016-05-13 23:42 ` Qu Wenruo
2016-05-17 13:47 ` David Sterba
2016-05-04 13:29 ` David Sterba
2016-05-04 17:40 ` Liu Bo
2016-05-06 14:39 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57283CBE.6000503@oracle.com \
--to=anand.jain@oracle.com \
--cc=bo.li.liu@oracle.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=sterba@suse.com \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).