From: Anand Jain <anand.jain@oracle.com>
To: Su Yue <l@damenly.su>
Cc: linux-btrfs@vger.kernel.org
Subject: Re: [PATCH v2 2/2] btrfs: tree-checker: check if chunk item end oveflows
Date: Tue, 5 Jan 2021 11:31:07 +0800 [thread overview]
Message-ID: <9be541dd-153a-dbb8-99ef-e890437c37fe@oracle.com> (raw)
In-Reply-To: <y2h9kqqx.fsf@damenly.su>
>>> The image has a chunk item which has a logical start 37748736 and length
>>> 18446744073701163008. The calculated end 29360127 is overflowed
>>> obviously.
>>> -EEXIST was caught by insert_state() because of the duplicate end and
>>> extent_io_tree_panic() was called.
>>> Add overflow check of chunk item end in tree checker then the image will
>>> be rejected to be mounted.
>>> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=208929
>>> Signed-off-by: Su Yue <l@damenly.su>
>>> ---
>>> fs/btrfs/tree-checker.c | 7 +++++++
>>> 1 file changed, 7 insertions(+)
>>> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
>>> index 028e733e42f3..39c65c1cbe96 100644
>>> --- a/fs/btrfs/tree-checker.c
>>> +++ b/fs/btrfs/tree-checker.c
>>> @@ -760,6 +760,7 @@ int btrfs_check_chunk_valid(struct extent_buffer
>>> *leaf,
>>> {
>>> struct btrfs_fs_info *fs_info = leaf->fs_info;
>>> u64 length;
>>> + u64 chunk_end;
>>> u64 stripe_len;
>>> u16 num_stripes;
>>> u16 sub_stripes;
>>> @@ -814,6 +815,12 @@ int btrfs_check_chunk_valid(struct extent_buffer
>>> *leaf,
>>> "invalid chunk length, have %llu", length);
>>> return -EUCLEAN;
>>> }
>>> + if (unlikely(check_add_overflow(logical, length, &chunk_end))) {
>>> + chunk_err(leaf, chunk, logical,
>>> + "invalid chunk logical/length, have logical %llu
>>> length %llu",
>>> + logical, length);
>>> + return -EUCLEAN;
>>> + }
>>> if (unlikely(!is_power_of_2(stripe_len) || stripe_len !=
>>> BTRFS_STRIPE_LEN)) {
>>> chunk_err(leaf, chunk, logical,
>>> "invalid chunk stripe length: %llu",
>>>
>>
>> So this is a system chunk? It is not so evident from the trace above.
>>
> It's a chunk item located in chunk tree leaf, not in system chunk array.
> Tree checker checks chunk items in both locations.
Ok. Thanks.
Reviewed-by: Anand Jain <anand.jain@oracle.com>
next prev parent reply other threads:[~2021-01-05 3:34 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-03 9:28 [PATCH v2 0/2] btrfs: fix issues when mouting the poc image Su Yue
2021-01-03 9:28 ` [PATCH v2 1/2] btrfs: prevent NULL pointer dereference in extent_io_tree_panic() Su Yue
2021-01-04 7:33 ` Anand Jain
2021-01-03 9:28 ` [PATCH v2 2/2] btrfs: tree-checker: check if chunk item end oveflows Su Yue
2021-01-04 8:31 ` Anand Jain
2021-01-04 9:15 ` Su Yue
2021-01-05 3:31 ` Anand Jain [this message]
2021-01-04 15:59 ` David Sterba
2021-01-04 15:58 ` [PATCH v2 0/2] btrfs: fix issues when mouting the poc image David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9be541dd-153a-dbb8-99ef-e890437c37fe@oracle.com \
--to=anand.jain@oracle.com \
--cc=l@damenly.su \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox