diff options
| author | Liu Bo <bo.li.liu@oracle.com> | 2016-09-15 03:23:24 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-01-17 00:16:07 +0300 |
| commit | d6719cf116b2fc8a7f51e84430c28febfac1eded (patch) | |
| tree | 95295de6e689196b91d0e88080f73ceabf0fc2be /fs/btrfs/disk-io.c | |
| parent | 731b8667952815844de39412fb202292cf679f38 (diff) | |
| download | linux-d6719cf116b2fc8a7f51e84430c28febfac1eded.tar.xz | |
Btrfs: improve check_node to avoid reading corrupted nodes
commit 6b722c1747d533ac6d4df110dc8233db46918b65 upstream.
We need to check items in a node to make sure that we're reading
a valid one, otherwise we could get various crashes while processing
delayed_refs.
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs/btrfs/disk-io.c')
| -rw-r--r-- | fs/btrfs/disk-io.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 5805b4f4702e..73e4e5f56692 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -523,9 +523,10 @@ static int check_tree_block_fsid(struct btrfs_fs_info *fs_info, } #define CORRUPT(reason, eb, root, slot) \ - btrfs_crit(root->fs_info, "corrupt leaf, %s: block=%llu," \ - "root=%llu, slot=%d", reason, \ - btrfs_header_bytenr(eb), root->objectid, slot) + btrfs_crit(root->fs_info, "corrupt %s, %s: block=%llu," \ + " root=%llu, slot=%d", \ + btrfs_header_level(eb) == 0 ? "leaf" : "node",\ + reason, btrfs_header_bytenr(eb), root->objectid, slot) static noinline int check_leaf(struct btrfs_root *root, struct extent_buffer *leaf) @@ -616,6 +617,10 @@ static noinline int check_leaf(struct btrfs_root *root, static int check_node(struct btrfs_root *root, struct extent_buffer *node) { unsigned long nr = btrfs_header_nritems(node); + struct btrfs_key key, next_key; + int slot; + u64 bytenr; + int ret = 0; if (nr == 0 || nr > BTRFS_NODEPTRS_PER_BLOCK(root)) { btrfs_crit(root->fs_info, @@ -623,7 +628,26 @@ static int check_node(struct btrfs_root *root, struct extent_buffer *node) node->start, root->objectid, nr); return -EIO; } - return 0; + + for (slot = 0; slot < nr - 1; slot++) { + bytenr = btrfs_node_blockptr(node, slot); + btrfs_node_key_to_cpu(node, &key, slot); + btrfs_node_key_to_cpu(node, &next_key, slot + 1); + + if (!bytenr) { + CORRUPT("invalid item slot", node, root, slot); + ret = -EIO; + goto out; + } + + if (btrfs_comp_cpu_keys(&key, &next_key) >= 0) { + CORRUPT("bad key order", node, root, slot); + ret = -EIO; + goto out; + } + } +out: + return ret; } static int btree_readpage_end_io_hook(struct btrfs_io_bio *io_bio, |