Thanks to fuzz testing, we can have invalid btree root node height.
Btrfs limits btree height to 7 and if the given height is 9, then btrfs
will have problems in both releasing root node's lock and freeing the node.
Signed-off-by: Liu Bo <bo.li....@oracle.com>
---
fs/btrfs/ctree.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index ec7928a..3fccbcc 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -2756,6 +2756,13 @@ again:
}
}
}
+ if (level > BTRFS_MAX_LEVEL - 1 || level < 0) {
+ WARN_ONCE(1, KERN_WARNING "Invalid btree height %d\n", level);
+ if (!p->skip_locking)
+ btrfs_tree_unlock_rw(b, root_lock);
+ free_extent_buffer(b);
+ return -EINVAL;
+ }
p->nodes[level] = b;
if (!p->skip_locking)
p->locks[level] = root_lock;
--
2.5.5
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
