linux-btrfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Qu Wenruo <wqu@suse.com>
To: dsterba@suse.cz, linux-btrfs@vger.kernel.org,
	Josef Bacik <josef@toxicpanda.com>
Subject: Re: [PATCH v5 1/4] btrfs: extent_io: do extra check for extent buffer read write functions
Date: Thu, 20 Aug 2020 07:14:13 +0800	[thread overview]
Message-ID: <66f629fa-e636-6ab5-eda8-5299d996b2f4@suse.com> (raw)
In-Reply-To: <20200819171159.GT2026@twin.jikos.cz>



On 2020/8/20 上午1:11, David Sterba wrote:
> On Wed, Aug 19, 2020 at 02:35:47PM +0800, Qu Wenruo wrote:
>> --- a/fs/btrfs/extent_io.c
>> +++ b/fs/btrfs/extent_io.c
>> @@ -5620,6 +5620,34 @@ int read_extent_buffer_pages(struct extent_buffer *eb, int wait, int mirror_num)
>>  	return ret;
>>  }
>>  
>> +static void report_eb_range(const struct extent_buffer *eb, unsigned long start,
>> +			    unsigned long len)
>> +{
>> +	btrfs_warn(eb->fs_info,
>> +"btrfs: bad eb rw request, eb bytenr=%llu len=%lu rw start=%lu len=%lu\n",
> 
> No "btrfs:" prefix needed, no "\n" at the end of the string.

Oh sorry, should re-check the message.

> The format
> now uses the 'key=value' style, while we have the 'key value' in many
> other places, this should be consistent.

Indeed, I just checked tree-checker, which does use 'key value'.

> 
>> +		   eb->start, eb->len, start, len);
>> +	WARN_ON(IS_ENABLED(CONFIG_BTRFS_DEBUG));
>> +}
>> +
>> +/*
>> + * Check if the [start, start + len) range is valid before reading/writing
>> + * the eb.
>> + * NOTE: @start and @len are offset *INSIDE* the eb, *NOT* logical address.
>> + *
>> + * Caller should not touch the dst/src memory if this function returns error.
>> + */
>> +static inline int check_eb_range(const struct extent_buffer *eb,
>> +				 unsigned long start, unsigned long len)
>> +{
>> +	/* start, start + len should not go beyond eb->len nor overflow */
>> +	if (unlikely(start > eb->len || start + len > eb->len ||
>> +		     len > eb->len)) {
> 
> Can the number of condition be reduced? If 'start + len' overflows, then
> we don't need to check 'start > eb->len', and for the case where
> start = 1024 and len = -1024 the 'len > eb-len' would be enough.

I'm afraid not.
Although 'start > eb->len || len > eb->len' is enough to detect overflow
case, it no longer detects cases like 'start = 2k, len = 3k' while
eb->len == 4K case.

So we still need all 3 checks.

Thanks,
Qu

> 
>> +		report_eb_range(eb, start, len);
>> +		return -EINVAL;
> 
> This could be simply
> 
> 		return report_eb_range(...);
> 
> It's not a big difference though, compiler produces the same code.
> 


  reply	other threads:[~2020-08-19 23:14 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-19  6:35 [PATCH v5 0/4] btrfs: Enhanced runtime defence against fuzzed images Qu Wenruo
2020-08-19  6:35 ` [PATCH v5 1/4] btrfs: extent_io: do extra check for extent buffer read write functions Qu Wenruo
2020-08-19 17:11   ` David Sterba
2020-08-19 23:14     ` Qu Wenruo [this message]
2020-08-20  9:50       ` David Sterba
2020-08-20  9:58         ` Qu Wenruo
2020-08-20 14:46           ` David Sterba
2020-08-20 15:18             ` David Sterba
2020-08-20 23:39             ` Qu Wenruo
2020-08-19  6:35 ` [PATCH v5 2/4] btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent() and do better comment Qu Wenruo
2020-08-19  6:35 ` [PATCH v5 3/4] btrfs: extent-tree: kill the BUG_ON() in insert_inline_extent_backref() Qu Wenruo
2020-08-19  6:35 ` [PATCH v5 4/4] btrfs: ctree: checking key orders before merged tree blocks Qu Wenruo
2020-08-27 14:47 ` [PATCH v5 0/4] btrfs: Enhanced runtime defence against fuzzed images David Sterba

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=66f629fa-e636-6ab5-eda8-5299d996b2f4@suse.com \
    --to=wqu@suse.com \
    --cc=dsterba@suse.cz \
    --cc=josef@toxicpanda.com \
    --cc=linux-btrfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).