From: Nikolay Borisov <nborisov@suse.com>
To: Qu Wenruo <wqu@suse.com>, linux-btrfs@vger.kernel.org
Cc: Jungyeon Yoon <jungyeon.yoon@gmail.com>
Subject: Re: [PATCH v2 0/5] btrfs: Enhanced runtime defence against fuzzed images
Date: Thu, 25 Jul 2019 09:49:00 +0300 [thread overview]
Message-ID: <1c212f70-4863-7bcc-be23-893d145bff58@suse.com> (raw)
In-Reply-To: <20190725061222.9581-1-wqu@suse.com>
On 25.07.19 г. 9:12 ч., Qu Wenruo wrote:
> Another wave of defence enhancment, including:
>
> - Enhanced eb accessors
> Not really needed for the fuzzed images, as 448de471cd4c
> ("btrfs: Check the first key and level for cached extent buffer")
> already fixed half of the reported images.
> Just add a final layer of safe net.
>
> Just to complain here, two experienced btrfs developer have got
> confused by @start, @len in functions like read_extent_buffer() with
> logical address.
> The best example to solve the confusion is to check the
> read_extent_buffer() call in btree_read_extent_buffer_pages().
>
> I'm not sure why this confusion happens or even get spread.
> My guess is the extent_buffer::start naming causing the problem.
>
> If so, I would definitely rename extent_buffer::start to
> extent_buffer::bytenr at any cost.
> Hopes the new commend will address the problem for now.
it should either be bytenr or disk_bytenr or disk_addr or address.
Looking at the code base though, it seems there is already a convention
that bytenr means the byte number in the logical address space. So
indeed, bytenr should be ok.
>
> - BUG_ON() hunt in __btrfs_free_extent()
> Kill BUG_ON()s in __btrfs_free_extent(), replace with error reporting
> and why it shouldn't happen.
>
> Also add comment on what __btrfs_free_extent() is designed to do, with
> two dump-tree examples for newcomers.
>
> - BUG_ON() hunt in __btrfs_inc_extent_ref()
> Just like __btrfs_free_extent(), but less comment as
> comment for __btrfs_free_extent() should also work for
> __btrfs_inc_extent_ref(), and __btrfs_inc_extent_ref() has a better
> structure than __btrfs_free_extent().
>
> - Defence against unbalanced empty leaf
>
> - Defence against bad key order across two tree blocks
>
> The last two cases can't be rejected by tree-checker and they are all
> cross-eb cases.
> Thankfully we can reuse existing first_key check against unbalanced
> empty leaf, but needs extra check deep into ctree.c for tree block
> merging time check.
>
> Reported-by: Jungyeon Yoon <jungyeon.yoon@gmail.com>
> [ Not to mail bombarding the report, thus only RB tag in cover letter ]
>
> Changelog:
> v2:
> - Remove duplicated error message in WARN() call.
> Changed to WARN_ON(IS_ENABLED(CONFIG_BTRFS_DEBUG))
> Also move WARN() after btrfs error message.
>
> - Fix a comment error in __btrfs_free_extent()
> It's not adding refs to a tree block, but adding the same refs
> to an existing tree block ref.
> It's impossible a btrfs tree owning the same tree block directly twice.
>
> - Add comment for eb accessors about @start and @len
> If anyone could tell me why such confusion between @start @len and
> logical address is here, I will definitely solve the root cause no
> matter how many codes need to be modified.
>
> - Use bool to replace int where only two values are returned
> Also rename to follow the bool type.
>
> - Remove one unrelated change for the error handler in
> btrfs_inc_extent_ref()
>
> - Add Reviewed-by tag
>
> Qu Wenruo (5):
> btrfs: extent_io: Do extra check for extent buffer read write
> functions
> btrfs: extent-tree: Kill BUG_ON() in __btrfs_free_extent() and do
> better comment
> btrfs: Detect unbalanced tree with empty leaf before crashing btree
> operations
> btrfs: extent-tree: Kill the BUG_ON() in
> insert_inline_extent_backref()
> btrfs: ctree: Checking key orders before merged tree blocks
>
> fs/btrfs/ctree.c | 68 +++++++++++++++++
> fs/btrfs/disk-io.c | 8 ++
> fs/btrfs/extent-tree.c | 164 ++++++++++++++++++++++++++++++++++++----
> fs/btrfs/extent_io.c | 76 ++++++++++---------
> fs/btrfs/tree-checker.c | 6 ++
> 5 files changed, 271 insertions(+), 51 deletions(-)
>
prev parent reply other threads:[~2019-07-25 6:49 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-25 6:12 [PATCH v2 0/5] btrfs: Enhanced runtime defence against fuzzed images Qu Wenruo
2019-07-25 6:12 ` [PATCH v2 1/5] btrfs: extent_io: Do extra check for extent buffer read write functions Qu Wenruo
2019-07-25 6:44 ` Nikolay Borisov
2019-07-25 6:58 ` Qu Wenruo
2019-07-31 13:47 ` David Sterba
2019-07-25 6:12 ` [PATCH v2 2/5] btrfs: extent-tree: Kill BUG_ON() in __btrfs_free_extent() and do better comment Qu Wenruo
2019-07-25 8:39 ` Nikolay Borisov
2019-07-25 9:31 ` Qu Wenruo
2019-07-30 14:59 ` kbuild test robot
2019-07-25 6:12 ` [PATCH v2 3/5] btrfs: Detect unbalanced tree with empty leaf before crashing btree operations Qu Wenruo
2019-07-25 9:26 ` Nikolay Borisov
2019-07-25 9:34 ` Qu Wenruo
2019-08-06 13:58 ` David Sterba
2019-08-06 14:04 ` Qu Wenruo
2019-08-06 17:47 ` David Sterba
2019-08-07 2:22 ` Qu Wenruo
2019-08-07 6:08 ` Qu Wenruo
2019-07-25 6:12 ` [PATCH v2 4/5] btrfs: extent-tree: Kill the BUG_ON() in insert_inline_extent_backref() Qu Wenruo
2019-07-25 10:20 ` Nikolay Borisov
2019-07-25 6:12 ` [PATCH v2 5/5] btrfs: ctree: Checking key orders before merged tree blocks Qu Wenruo
2019-07-25 6:49 ` Nikolay Borisov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1c212f70-4863-7bcc-be23-893d145bff58@suse.com \
--to=nborisov@suse.com \
--cc=jungyeon.yoon@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).