[PATCH 3.16 033/245] Btrfs: improve check_node to avoid reading corrupted nodes

From: Ben Hutchings
Date: Thu Apr 23 2020 - 19:24:55 EST

Next message: Ben Hutchings: "[PATCH 3.16 024/245] btrfs: handle invalid num_stripes in sys_array"
Previous message: Ben Hutchings: "[PATCH 3.16 028/245] Btrfs: fix em leak in find_first_block_group"
In reply to: Ben Hutchings: "[PATCH 3.16 028/245] Btrfs: fix em leak in find_first_block_group"
Next in thread: Ben Hutchings: "[PATCH 3.16 024/245] btrfs: handle invalid num_stripes in sys_array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.16.83-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Liu Bo <bo.li.liu@xxxxxxxxxx>

commit 6b722c1747d533ac6d4df110dc8233db46918b65 upstream.

We need to check items in a node to make sure that we're reading
a valid one, otherwise we could get various crashes while processing
delayed_refs.

Signed-off-by: Liu Bo <bo.li.liu@xxxxxxxxxx>
Reviewed-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: Ben Hutchings <ben.hutchings@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
fs/btrfs/disk-io.c | 32 ++++++++++++++++++++++++++++----
1 file changed, 28 insertions(+), 4 deletions(-)

--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -508,9 +508,10 @@ static int check_tree_block_fsid(struct
}

#define CORRUPT(reason, eb, root, slot) \
- btrfs_crit(root->fs_info, "corrupt leaf, %s: block=%llu," \
- "root=%llu, slot=%d", reason, \
- btrfs_header_bytenr(eb), root->objectid, slot)
+ btrfs_crit(root->fs_info, "corrupt %s, %s: block=%llu," \
+ " root=%llu, slot=%d", \
+ btrfs_header_level(eb) == 0 ? "leaf" : "node",\
+ reason, btrfs_header_bytenr(eb), root->objectid, slot)

static noinline int check_leaf(struct btrfs_root *root,
struct extent_buffer *leaf)
@@ -601,6 +602,10 @@ static noinline int check_leaf(struct bt
static int check_node(struct btrfs_root *root, struct extent_buffer *node)
{
unsigned long nr = btrfs_header_nritems(node);
+ struct btrfs_key key, next_key;
+ int slot;
+ u64 bytenr;
+ int ret = 0;

if (nr == 0 || nr > BTRFS_NODEPTRS_PER_BLOCK(root)) {
btrfs_crit(root->fs_info,
@@ -608,7 +613,26 @@ static int check_node(struct btrfs_root
node->start, root->objectid, nr);
return -EIO;
}
- return 0;
+
+ for (slot = 0; slot < nr - 1; slot++) {
+ bytenr = btrfs_node_blockptr(node, slot);
+ btrfs_node_key_to_cpu(node, &key, slot);
+ btrfs_node_key_to_cpu(node, &next_key, slot + 1);
+
+ if (!bytenr) {
+ CORRUPT("invalid item slot", node, root, slot);
+ ret = -EIO;
+ goto out;
+ }
+
+ if (btrfs_comp_cpu_keys(&key, &next_key) >= 0) {
+ CORRUPT("bad key order", node, root, slot);
+ ret = -EIO;
+ goto out;
+ }
+ }
+out:
+ return ret;
}

static int btree_readpage_end_io_hook(struct btrfs_io_bio *io_bio,

Next message: Ben Hutchings: "[PATCH 3.16 024/245] btrfs: handle invalid num_stripes in sys_array"
Previous message: Ben Hutchings: "[PATCH 3.16 028/245] Btrfs: fix em leak in find_first_block_group"
In reply to: Ben Hutchings: "[PATCH 3.16 028/245] Btrfs: fix em leak in find_first_block_group"
Next in thread: Ben Hutchings: "[PATCH 3.16 024/245] btrfs: handle invalid num_stripes in sys_array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]