RE: [PATCH v2 1/2] btrfs: Check each block group has corresponding chunk at mount time

Fri, 06 Jul 2018 01:07:06 -0700 


> -----Original Message-----
> From: linux-btrfs-ow...@vger.kernel.org 
> [mailto:linux-btrfs-ow...@vger.kernel.org] On Behalf Of Qu Wenruo
> Sent: Friday, July 06, 2018 1:36 PM
> To: linux-btrfs@vger.kernel.org
> Subject: [PATCH v2 1/2] btrfs: Check each block group has corresponding chunk 
> at mount time
> 
> A crafted btrfs with incorrect chunk<->block group mapping, it could leads
> to a lot of unexpected behavior.
> 
> Although the crafted image can be catched by block group item checker
> added in "[PATCH] btrfs: tree-checker: Verify block_group_item", if one
> crafted a valid enough block group item which can pass above check but
> still mismatch with existing chunk, it could cause a lot of undefined
> behavior.
> 
> This patch will add extra block group -> chunk mapping check, to ensure
> we have a completely matching (start, len, flags) chunk for each block
> group at mount time.
> 
> Here we reuse the original find_first_block_group(), which is already
> doing basic bg -> chunk check, adding more check on start/len and type
> flags.
> 
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=199837
> Reported-by: Xu Wen <wen...@gatech.edu>
> Signed-off-by: Qu Wenruo <w...@suse.com>
> ---
> changelog:
> v2:
>   Reuse existing find_first_block_group() to do the verification,
>   pointed out by Gu.
> ---
>  fs/btrfs/extent-tree.c | 29 ++++++++++++++++++++++++++++-
>  1 file changed, 28 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
> index 3d9fe58c0080..63a6b5d36ac1 100644
> --- a/fs/btrfs/extent-tree.c
> +++ b/fs/btrfs/extent-tree.c
> @@ -9717,6 +9717,8 @@ static int find_first_block_group(struct btrfs_fs_info 
> *fs_info,
>       int ret = 0;
>       struct btrfs_key found_key;
>       struct extent_buffer *leaf;
> +     struct btrfs_block_group_item bg;
> +     u64 flags;
>       int slot;
> 
>       ret = btrfs_search_slot(NULL, root, key, path, 0, 0);
> @@ -9751,8 +9753,33 @@ static int find_first_block_group(struct btrfs_fs_info 
> *fs_info,
>                       "logical %llu len %llu found bg but no related chunk",
>                                         found_key.objectid, found_key.offset);
>                               ret = -ENOENT;
> +                     } else if (em->start != found_key.objectid ||
> +                                em->len != found_key.offset) {
> +                             btrfs_err(fs_info,
> +             "block group %llu len %llu mismatch with chunk %llu len %llu",
> +                                       found_key.objectid, found_key.offset,
> +                                       em->start, em->len);
> +                             ret = -EUCLEAN;
>                       } else {
> -                             ret = 0;
> +                             read_extent_buffer(leaf, &bg,
> +                                     btrfs_item_ptr_offset(leaf, slot),
> +                                     sizeof(bg));
> +                             flags = btrfs_block_group_flags(&bg) &
> +                                     BTRFS_BLOCK_GROUP_TYPE_MASK;
> +
> +                             if (flags != (em->map_lookup->type &
> +                                           BTRFS_BLOCK_GROUP_TYPE_MASK)) {
> +                                     btrfs_err(fs_info,
> +"block group %llu len %llu type flags 0x%llx mismatch with chunk type flags 
> 0x%llx",
> +                                             found_key.objectid,
> +                                             found_key.offset,
> +                                             flags,
> +                                             (BTRFS_BLOCK_GROUP_TYPE_MASK &
> +                                              em->map_lookup->type));
> +                                     ret = -EUCLEAN;
> +                             } else {
> +                                     ret = 0;
> +                             }
>                       }
>                       free_extent_map(em);
>                       goto out;
> --

Reviewed-by: Gu Jinxiang <g...@cn.fujitsu.com>

> 2.18.0
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 



N�Р骒r��y����b�X�肚�v�^�)藓{.n�+�伐�{�n谶�)��骅w*jg�报�����茛j/�赇z罐���2���ㄨ��&�)摺�a囤���G���h��j:+v���w��佶

Reply via email to