Re: [PATCH 0/6] btrfs: Enhance tree checker and runtime checker to handle the new wave of fuzzed image attack

From: Qu Wenruo <quwenruo.btrfs@gmx.com>
To: Qu Wenruo <wqu@suse.com>, linux-btrfs@vger.kernel.org
Subject: Re: [PATCH 0/6] btrfs: Enhance tree checker and runtime checker to handle the new wave of fuzzed image attack
Date: Wed, 13 Mar 2019 17:01:12 +0800	[thread overview]
Message-ID: <5f3e48b8-3998-409a-2fc7-af2481b52c0f@gmx.com> (raw)
In-Reply-To: <20190313085511.23540-1-wqu@suse.com>

[-- Attachment #1.1: Type: text/plain, Size: 2440 bytes --]

Just forgot the repo:

It can be fetched from github:
https://github.com/adam900710/linux/tree/tree_checker_enhancement
Which is based on my previous write time tree checker patchset.

Although the patchset itself can also be applied to v5.0-rc7 tag without
manual modification.

Thanks,
Qu

On 2019/3/13 下午4:55, Qu Wenruo wrote:
> Thanks for the report from Yoon Jungyeon <jungyeon@gatech.edu>, we have
> more fuzzed image to torture btrfs.
> 
> Those images exposed the following problems:
> 
> - Chunk check is not comprehensive nor early enough
>   Chunk item check lacks profile bits check (e.g RAID|DUP profile is
>   invalid).
>   And for certain fuzzed image, the other copy can be valid, current
>   check timming is after tree block read, so no way to retry the other
>   copy.
> 
>   Address the check timing in the 1st patch, while for the profile bits,
>   check it in the 4th patch.
> 
> - Lack of device item check
>   Address it in the 2nd patch.
> 
> - First key and level check be exploited by cached extent buffer
>   Cached bad extent buffer can avoid first key and level check.
>   This is addressed in the 3rd patch.
> 
> - Inode type mismatch can lead to NULL dereference in endio function
>   If an inode claims itself as symlink but still has regular file
>   extent, then endio function will cause NULL pointer dereference.
>   Fix it by do extra inode mode and dir item type cross check, at
>   get_extent() time and inode lookup time.
>   Addressed in the 5th and 6th patch.
> 
> Qu Wenruo (6):
>   btrfs: tree-checker: Verify chunk items
>   btrfs: tree-checker: Verify dev item
>   btrfs: Check the first key and level for cached extent buffer
>   btrfs: tree-checker: Enhance chunk checker to validate chunk profiler
>   btrfs: tree-checker: Verify inode item
>   btrfs: inode: Verify inode mode to avoid NULL pointer dereference
> 
>  fs/btrfs/ctree.c             |  10 +
>  fs/btrfs/ctree.h             |   2 +
>  fs/btrfs/disk-io.c           |  10 +-
>  fs/btrfs/disk-io.h           |   3 +
>  fs/btrfs/inode.c             |  38 +++-
>  fs/btrfs/tests/inode-tests.c |   1 +
>  fs/btrfs/tree-checker.c      | 342 +++++++++++++++++++++++++++++++++++
>  fs/btrfs/tree-checker.h      |   3 +
>  fs/btrfs/volumes.c           | 103 +----------
>  fs/btrfs/volumes.h           |   9 +
>  10 files changed, 406 insertions(+), 115 deletions(-)
> 

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]