From: "Gu, Jinxiang" <gujx@cn.fujitsu.com>
To: Qu Wenruo <wqu@suse.com>,
"linux-btrfs@vger.kernel.org" <linux-btrfs@vger.kernel.org>
Subject: RE: [PATCH v2 1/2] btrfs: Check each block group has corresponding chunk at mount time
Date: Fri, 6 Jul 2018 08:06:25 +0000 [thread overview]
Message-ID: <516DDBE5B1D92D42BCF7A2E37F045A5D01A8A2ABB2@G08CNEXMBPEKD02.g08.fujitsu.local> (raw)
In-Reply-To: <20180706053554.18476-1-wqu@suse.com>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="gb2312", Size: 3504 bytes --]
> -----Original Message-----
> From: linux-btrfs-owner@vger.kernel.org [mailto:linux-btrfs-owner@vger.kernel.org] On Behalf Of Qu Wenruo
> Sent: Friday, July 06, 2018 1:36 PM
> To: linux-btrfs@vger.kernel.org
> Subject: [PATCH v2 1/2] btrfs: Check each block group has corresponding chunk at mount time
>
> A crafted btrfs with incorrect chunk<->block group mapping, it could leads
> to a lot of unexpected behavior.
>
> Although the crafted image can be catched by block group item checker
> added in "[PATCH] btrfs: tree-checker: Verify block_group_item", if one
> crafted a valid enough block group item which can pass above check but
> still mismatch with existing chunk, it could cause a lot of undefined
> behavior.
>
> This patch will add extra block group -> chunk mapping check, to ensure
> we have a completely matching (start, len, flags) chunk for each block
> group at mount time.
>
> Here we reuse the original find_first_block_group(), which is already
> doing basic bg -> chunk check, adding more check on start/len and type
> flags.
>
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=199837
> Reported-by: Xu Wen <wen.xu@gatech.edu>
> Signed-off-by: Qu Wenruo <wqu@suse.com>
> ---
> changelog:
> v2:
> Reuse existing find_first_block_group() to do the verification,
> pointed out by Gu.
> ---
> fs/btrfs/extent-tree.c | 29 ++++++++++++++++++++++++++++-
> 1 file changed, 28 insertions(+), 1 deletion(-)
>
> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
> index 3d9fe58c0080..63a6b5d36ac1 100644
> --- a/fs/btrfs/extent-tree.c
> +++ b/fs/btrfs/extent-tree.c
> @@ -9717,6 +9717,8 @@ static int find_first_block_group(struct btrfs_fs_info *fs_info,
> int ret = 0;
> struct btrfs_key found_key;
> struct extent_buffer *leaf;
> + struct btrfs_block_group_item bg;
> + u64 flags;
> int slot;
>
> ret = btrfs_search_slot(NULL, root, key, path, 0, 0);
> @@ -9751,8 +9753,33 @@ static int find_first_block_group(struct btrfs_fs_info *fs_info,
> "logical %llu len %llu found bg but no related chunk",
> found_key.objectid, found_key.offset);
> ret = -ENOENT;
> + } else if (em->start != found_key.objectid ||
> + em->len != found_key.offset) {
> + btrfs_err(fs_info,
> + "block group %llu len %llu mismatch with chunk %llu len %llu",
> + found_key.objectid, found_key.offset,
> + em->start, em->len);
> + ret = -EUCLEAN;
> } else {
> - ret = 0;
> + read_extent_buffer(leaf, &bg,
> + btrfs_item_ptr_offset(leaf, slot),
> + sizeof(bg));
> + flags = btrfs_block_group_flags(&bg) &
> + BTRFS_BLOCK_GROUP_TYPE_MASK;
> +
> + if (flags != (em->map_lookup->type &
> + BTRFS_BLOCK_GROUP_TYPE_MASK)) {
> + btrfs_err(fs_info,
> +"block group %llu len %llu type flags 0x%llx mismatch with chunk type flags 0x%llx",
> + found_key.objectid,
> + found_key.offset,
> + flags,
> + (BTRFS_BLOCK_GROUP_TYPE_MASK &
> + em->map_lookup->type));
> + ret = -EUCLEAN;
> + } else {
> + ret = 0;
> + }
> }
> free_extent_map(em);
> goto out;
> --
Reviewed-by: Gu Jinxiang <gujx@cn.fujitsu.com>
> 2.18.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
ÿôèº{.nÇ+‰·Ÿ®‰†+%ŠËÿ±éݶ\x17¥Šwÿº{.nÇ+‰·¥Š{±ý»k~ÏâžØ^n‡r¡ö¦zË\x1aëh™¨èÚ&£ûàz¿äz¹Þ—ú+€Ê+zf£¢·hšˆ§~††Ûiÿÿïêÿ‘êçz_è®\x0fæj:+v‰¨þ)ߣøm
next prev parent reply other threads:[~2018-07-06 8:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-06 5:35 [PATCH v2 1/2] btrfs: Check each block group has corresponding chunk at mount time Qu Wenruo
2018-07-06 5:35 ` [PATCH v2 2/2] btrfs: Verify every chunk has corresponding block group " Qu Wenruo
2018-07-06 8:06 ` Gu, Jinxiang [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-07-03 8:08 [PATCH v2 1/2] btrfs: Check each block group has corresponding chunk " Qu Wenruo
2018-07-03 8:33 ` Nikolay Borisov
2018-07-03 8:40 ` Nikolay Borisov
2018-07-03 8:47 ` Qu Wenruo
2018-07-03 9:08 ` Nikolay Borisov
2018-07-03 18:58 ` Martin Steigerwald
2018-07-04 15:37 ` David Sterba
2018-07-04 15:45 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=516DDBE5B1D92D42BCF7A2E37F045A5D01A8A2ABB2@G08CNEXMBPEKD02.g08.fujitsu.local \
--to=gujx@cn.fujitsu.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.