Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp8121892imu;
        Tue, 4 Dec 2018 03:22:48 -0800 (PST)
X-Google-Smtp-Source: AFSGD/Wil7dYA5T/jKBbMi3Fkr55oHD1/lY6mPJlu8MlwlbrdH8GsK7FT6gfecV5nlGNcfi/F6x4
X-Received: by 2002:a17:902:6a8c:: with SMTP id n12mr7402944plk.85.1543922568606;
        Tue, 04 Dec 2018 03:22:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1543922568; cv=none;
        d=google.com; s=arc-20160816;
        b=VV1JTpIWhx5C5cnF4MvnwdYErkmh2lSWA5PhGkyFOmUceKFbuf+P4JT51TfEEl6euv
         gfGS2ulV3a93XA8/I4rAnGirUjxxRbmpKgtWhIvOsxYY7pd5fVgmZtKRqyTajItx7+8s
         PDxrXAeDgGwNHXbSEl2Jl08GiL+IWjSONyKMpRdl3UbKZvDW3u52vxB6/zXpZ3a7I12F
         H7522cYzRWtD+4uoCtAx662O7ryjqn4BbY2giSdXe8sn8QipNWYz3OBSBcgjrmzE1xDL
         uqA8BxMXD52OTg3Ov+7Wp/ZK2tqNU5PZ1RNX0KMJnEDwZgGEKwnSXM7cV/fbJ4brfR0m
         omZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=qYRyK2kyJ4X9vl+pj5Gsrsj1Cmvwv87nJSDEcmbWpjI=;
        b=sapBugS9tfGA2ybd1VhgyYPcu4r9josyeppfQk83Fv1G+alzI0klC8gdQhLEwD3rPt
         BXaxG09d1HKFYPGHQH0nbzN12dtyM0HP15WPbNwANNwzJDntJ1eQztVg01TrPgT3fnpx
         o8GMQJkeci4WsULo6lh1PWI7h+iMv5Wxtw3LM9YhNObUHxie/FzdCZaLMfWjgNpbj2kE
         vozppbB3p524S+DeXRcwU85JLJ4Ux+Kquf6SN4NERrhXmYtGvGEz3i5oq4WhK/MRdyPP
         SU+9ej4OiHt/dfYwFRBapkqRxjqJszdpO5IlMecMM0Bo+F174bl8PhBdkmRSPQ6i8hDU
         gwug==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=CqyghoZk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o21si13611102pgj.415.2018.12.04.03.22.33;
        Tue, 04 Dec 2018 03:22:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=CqyghoZk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727295AbeLDLV7 (ORCPT <rfc822;zzmahb@gmail.com> + 99 others);
        Tue, 4 Dec 2018 06:21:59 -0500
Received: from mail.kernel.org ([198.145.29.99]:48826 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727663AbeLDLCl (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 4 Dec 2018 06:02:41 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id E140C214DA;
        Tue,  4 Dec 2018 11:02:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1543921361;
        bh=rJ7M1yi/IIfNHaBw7b4qXzzJx2yV/oJmo6lHQGM2/H0=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=CqyghoZkM3z5/TCJF7Fkbl1MHxR5g+uNEfcYjs6CSFE1aZz9bDMN4na/yYwEb/3B0
         OSzGDutQN/Jh2HNP5/kLrTJ3bqmQajPI96q0fZowmKRw2RQw5JMmjQd9mK3MG/L1hY
         BdaxobpdtoH1OCF+HPeoT9W9NAu9An/UqdkqvE60=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Qu Wenruo <wqu@suse.com>,
        Su Yue <suy.fnst@cn.fujitsu.com>,
        David Sterba <dsterba@suse.com>,
        Ben Hutchings <ben.hutchings@codethink.co.uk>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 042/146] btrfs: tree-checker: Check level for leaves and nodes
Date:   Tue,  4 Dec 2018 11:48:48 +0100
Message-Id: <20181204103728.556395072@linuxfoundation.org>
X-Mailer: git-send-email 2.19.2
In-Reply-To: <20181204103726.750894136@linuxfoundation.org>
References: <20181204103726.750894136@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

commit f556faa46eb4e96d0d0772e74ecf66781e132f72 upstream.

Although we have tree level check at tree read runtime, it's completely
based on its parent level.
We still need to do accurate level check to avoid invalid tree blocks
sneak into kernel space.

The check itself is simple, for leaf its level should always be 0.
For nodes its level should be in range [1, BTRFS_MAX_LEVEL - 1].

Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Su Yue <suy.fnst@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.14:
 - Pass root instead of fs_info to generic_err()
 - Adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/btrfs/tree-checker.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 31756bac75b4..fa8f64119e6f 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -447,6 +447,13 @@ static int check_leaf(struct btrfs_root *root, struct extent_buffer *leaf,
 	u32 nritems = btrfs_header_nritems(leaf);
 	int slot;
 
+	if (btrfs_header_level(leaf) != 0) {
+		generic_err(root, leaf, 0,
+			"invalid level for leaf, have %d expect 0",
+			btrfs_header_level(leaf));
+		return -EUCLEAN;
+	}
+
 	/*
 	 * Extent buffers from a relocation tree have a owner field that
 	 * corresponds to the subvolume tree they are based on. So just from an
@@ -589,9 +596,16 @@ int btrfs_check_node(struct btrfs_root *root, struct extent_buffer *node)
 	unsigned long nr = btrfs_header_nritems(node);
 	struct btrfs_key key, next_key;
 	int slot;
+	int level = btrfs_header_level(node);
 	u64 bytenr;
 	int ret = 0;
 
+	if (level <= 0 || level >= BTRFS_MAX_LEVEL) {
+		generic_err(root, node, 0,
+			"invalid level for node, have %d expect [1, %d]",
+			level, BTRFS_MAX_LEVEL - 1);
+		return -EUCLEAN;
+	}
 	if (nr == 0 || nr > BTRFS_NODEPTRS_PER_BLOCK(root->fs_info)) {
 		btrfs_crit(root->fs_info,
 "corrupt node: root=%llu block=%llu, nritems too %s, have %lu expect range [1,%u]",
-- 
2.17.1