[PATCH] hfs: fix oops on mount with corrupted btree extent records

[PATCH] hfs: fix oops on mount with corrupted btree extent records

[Jeff Mahoney]

 A particular fsfuzzer run caused an hfs file system to crash on mount. This
 is due to a corrupted MDB extent record causing a miscalculation of
 HFS_I(inode)->first_blocks for the extent tree. If the extent records
 are zereod out, it won't trigger the first_blocks special case. Instead
 it falls through to the extent code which we're still in the middle
 of initializing.

 This patch catches the 0 size extent records, reports the corruption,
 and fails the mount.

Reported-by: Ramon de Carvalho Valle <rcvalle@linux.vnet.ibm.com>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 fs/hfs/btree.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/fs/hfs/btree.c
+++ b/fs/hfs/btree.c
@@ -58,6 +58,11 @@ struct hfs_btree *hfs_btree_open(struct
 	}
 	unlock_new_inode(tree->inode);
 
+	if (!HFS_I(tree->inode)->first_blocks) {
+		printk(KERN_ERR "hfs: invalid btree extent records (0 size).\n");
+		goto free_inode;
+	}
+
 	mapping = tree->inode->i_mapping;
 	page = read_mapping_page(mapping, 0, NULL);
 	if (IS_ERR(page))
-- 
Jeff Mahoney
SUSE Labs

Re: [PATCH] hfs: fix oops on mount with corrupted btree extent records

[Valdis.Kletnieks]

[-- Attachment #1: Type: text/plain, Size: 781 bytes --]

On Mon, 12 Oct 2009 20:41:37 EDT, Jeff Mahoney said:
>  A particular fsfuzzer run caused an hfs file system to crash on mount. This
>  is due to a corrupted MDB extent record causing a miscalculation of
>  HFS_I(inode)->first_blocks for the extent tree. If the extent records
>  are zereod out, it won't trigger the first_blocks special case. Instead
>  it falls through to the extent code which we're still in the middle
>  of initializing.
> 
>  This patch catches the 0 size extent records, reports the corruption,
>  and fails the mount.

Just for completeness - does the current fsck.hfs already know how to fix it, or
at least heave stuff over the side so the filesystem is self-consistent again?
Or will a user who hits this need a new fsck.hfs to get it back to mountable?

[-- Attachment #2: Type: application/pgp-signature, Size: 227 bytes --]

Re: [PATCH] hfs: fix oops on mount with corrupted btree extent records

[Jeff Mahoney]

On 10/13/2009 12:12 AM, Valdis.Kletnieks@vt.edu wrote:
> On Mon, 12 Oct 2009 20:41:37 EDT, Jeff Mahoney said:
>>  A particular fsfuzzer run caused an hfs file system to crash on mount. This
>>  is due to a corrupted MDB extent record causing a miscalculation of
>>  HFS_I(inode)->first_blocks for the extent tree. If the extent records
>>  are zereod out, it won't trigger the first_blocks special case. Instead
>>  it falls through to the extent code which we're still in the middle
>>  of initializing.
>>
>>  This patch catches the 0 size extent records, reports the corruption,
>>  and fails the mount.
> 
> Just for completeness - does the current fsck.hfs already know how to fix it, or
> at least heave stuff over the side so the filesystem is self-consistent again?
> Or will a user who hits this need a new fsck.hfs to get it back to mountable?

Sorry, I don't actually know. We don't ship a fsck.hfs so I haven't
tested it.

-Jeff

-- 
Jeff Mahoney
SUSE Labs