Re: [PATCH v2] Btrfs: check if extent buffer is aligned to sectorsize

2016-06-09 Thread David Sterba 
On Mon, Jun 06, 2016 at 12:01:23PM -0700, Liu Bo wrote:
> Thanks to fuzz testing, we can pass an invalid bytenr to extent buffer
> via alloc_extent_buffer().  An unaligned eb can have more pages than it
> should have, which ends up extent buffer's leak or some corrupted content
> in extent buffer.
> 
> This adds a warning to let us quickly know what was happening.
> 
> Now that alloc_extent_buffer() no more returns NULL, this changes its
> caller and callers of its caller to match with the new error
> handling.
> 
> Signed-off-by: Liu Bo 

Reviewed-by: David Sterba 
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2] Btrfs: check if extent buffer is aligned to sectorsize

2016-06-06 Thread Liu Bo 
Thanks to fuzz testing, we can pass an invalid bytenr to extent buffer
via alloc_extent_buffer().  An unaligned eb can have more pages than it
should have, which ends up extent buffer's leak or some corrupted content
in extent buffer.

This adds a warning to let us quickly know what was happening.

Now that alloc_extent_buffer() no more returns NULL, this changes its
caller and callers of its caller to match with the new error
handling.

Signed-off-by: Liu Bo 
---
v2:
  - Add more fine-grained error handling to alloc_extent_buffer() and
its callers
  - Use btrfs_err and -EINVAL instead of WARN_ONCE().

 fs/btrfs/ctree.c   |  2 ++
 fs/btrfs/disk-io.c |  8 
 fs/btrfs/extent-tree.c | 10 ++
 fs/btrfs/extent_io.c   | 15 ---
 fs/btrfs/tree-log.c|  4 ++--
 fs/btrfs/volumes.c |  4 ++--
 6 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 427c36b..24c9fb2 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -2510,6 +2510,8 @@ read_block_for_search(struct btrfs_trans_handle *trans,
if (!btrfs_buffer_uptodate(tmp, 0, 0))
ret = -EIO;
free_extent_buffer(tmp);
+   } else {
+   ret = PTR_ERR(tmp);
}
return ret;
 }
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index ea78d77..c2a9cec 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1098,7 +1098,7 @@ void readahead_tree_block(struct btrfs_root *root, u64 
bytenr)
struct inode *btree_inode = root->fs_info->btree_inode;
 
buf = btrfs_find_create_tree_block(root, bytenr);
-   if (!buf)
+   if (IS_ERR(buf))
return;
read_extent_buffer_pages(_I(btree_inode)->io_tree,
 buf, 0, WAIT_NONE, btree_get_extent, 0);
@@ -1114,7 +1114,7 @@ int reada_tree_block_flagged(struct btrfs_root *root, u64 
bytenr,
int ret;
 
buf = btrfs_find_create_tree_block(root, bytenr);
-   if (!buf)
+   if (IS_ERR(buf))
return 0;
 
set_bit(EXTENT_BUFFER_READAHEAD, >bflags);
@@ -1171,8 +1171,8 @@ struct extent_buffer *read_tree_block(struct btrfs_root 
*root, u64 bytenr,
int ret;
 
buf = btrfs_find_create_tree_block(root, bytenr);
-   if (!buf)
-   return ERR_PTR(-ENOMEM);
+   if (IS_ERR(buf))
+   return buf;
 
ret = btree_read_extent_buffer_pages(root, buf, 0, parent_transid);
if (ret) {
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
index a400951..d63 100644
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -8010,8 +8010,9 @@ btrfs_init_new_buffer(struct btrfs_trans_handle *trans, 
struct btrfs_root *root,
struct extent_buffer *buf;
 
buf = btrfs_find_create_tree_block(root, bytenr);
-   if (!buf)
-   return ERR_PTR(-ENOMEM);
+   if (IS_ERR(buf))
+   return buf;
+
btrfs_set_header_generation(buf, trans->transid);
btrfs_set_buffer_lockdep_class(root->root_key.objectid, buf, level);
btrfs_tree_lock(buf);
@@ -8653,8 +8654,9 @@ static noinline int do_walk_down(struct 
btrfs_trans_handle *trans,
next = btrfs_find_tree_block(root->fs_info, bytenr);
if (!next) {
next = btrfs_find_create_tree_block(root, bytenr);
-   if (!next)
-   return -ENOMEM;
+   if (IS_ERR(next))
+   return PTR_ERR(next);
+
btrfs_set_buffer_lockdep_class(root->root_key.objectid, next,
   level - 1);
reada = 1;
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 6f38c2c..91c4d23 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -4883,18 +4883,25 @@ struct extent_buffer *alloc_extent_buffer(struct 
btrfs_fs_info *fs_info,
int uptodate = 1;
int ret;
 
+   if (!IS_ALIGNED(start, fs_info->tree_root->sectorsize)) {
+   btrfs_err(fs_info, "bad tree block start %llu", start);
+   return ERR_PTR(-EINVAL);
+   }
+
eb = find_extent_buffer(fs_info, start);
if (eb)
return eb;
 
eb = __alloc_extent_buffer(fs_info, start, len);
if (!eb)
-   return NULL;
+   return ERR_PTR(-ENOMEM);
 
for (i = 0; i < num_pages; i++, index++) {
p = find_or_create_page(mapping, index, GFP_NOFS|__GFP_NOFAIL);
-   if (!p)
+   if (!p) {
+   exists = ERR_PTR(-ENOMEM);
goto free_eb;
+   }
 
spin_lock(>private_lock);
if (PagePrivate(p)) {
@@ -4939,8 +4946,10 @@ struct extent_buffer *alloc_extent_buffer(struct 
btrfs_fs_info *fs_info,
set_bit(EXTENT_BUFFER_UPTODATE, >bflags);
 again:
ret =