On Wed, Mar 20, 2019 at 02:37:08PM +0800, Qu Wenruo wrote: > This patchset can be fetched from github: > It can be fetched from github: > https://github.com/adam900710/linux/tree/tree_checker_enhancement > Which is based on my previous write time tree checker patchset (based on > v5.1-rc1 tag) > > Thanks for the report from Yoon Jungyeon <jungy...@gatech.edu>, we have > more fuzzed image to torture btrfs. > > Those images exposed the following problems: > > - Chunk check is not comprehensive nor early enough > Chunk item check lacks profile bits check (e.g RAID|DUP profile is > invalid). > And for certain fuzzed image, the other copy can be valid, current > check timming is after tree block read, so no way to retry the other > copy. > > Address the check timing in the 1st~4th patch, while for the profile bits, > check it in the 7th patch. > > - Lack of device item check > Address it in the 5nd patch. > > - First key and level check be exploited by cached extent buffer > Cached bad extent buffer can avoid first key and level check. > This is addressed in the 6rd patch. > > - Inode type mismatch can lead to NULL dereference in endio function > If an inode claims itself as symlink but still has regular file > extent, then endio function will cause NULL pointer dereference. > Fix it by do extra inode mode and dir item type cross check, at > get_extent() time and inode lookup time. > Addressed in the last 2 patches. > > Changelog: > v2: > - Split patches for btrfs_check_chunk_valid() merge into tree-checker. > - Rebase to v5.1-rc1 based write_time_tree_checker branch. > - Add reviewed-by tags. > > Qu Wenruo (9): > btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it > btrfs: tree-checker: Make chunk item checker more readable > btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN > instead of EIO > btrfs: tree-checker: Check chunk item at tree block read time > btrfs: tree-checker: Verify dev item > btrfs: Check the first key and level for cached extent buffer > btrfs: tree-checker: Enhance chunk checker to validate chunk profiler > btrfs: tree-checker: Verify inode item > btrfs: inode: Verify inode mode to avoid NULL pointer dereference
Patchset merged to misc-next, thanks. There were some fixups to comments and changelogs. The inode item check part that checks nlink is unchanged, it'll be removed eventually when we agree that on the reasoning behind it.
