Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp10787675imu; Thu, 6 Dec 2018 06:50:11 -0800 (PST) X-Google-Smtp-Source: AFSGD/VS2i3xCMstma8ZFn97M8xyCecfCbimWL3QWjPXdjDUgvF3z3G5RL/WajquSLlkbiv6axju X-Received: by 2002:a63:e40c:: with SMTP id a12mr24494618pgi.28.1544107811654; Thu, 06 Dec 2018 06:50:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544107811; cv=none; d=google.com; s=arc-20160816; b=HXg2fVMRmhaPUuru3AH3HbOWWkg8CFoqT9eDsXqIdpZoVHThznPW97DI2c/wRytgPg M3iO/5phhtwrqK70+rJCyT7/k2MJf49y8tLtpZ17mVkknrqqOsGSbpbPhKJVmk6ywFC9 MJ1BH8sEZdx8f1DiF3Efe4oAOZD8YWY2HhwSdDp+aeAXLJK/KvUgevqWMu8Oa5+bSHe8 xc+jkHTKARHgCIkaWnYJUr8ZaEkvpi2APO3GwZ+sVOUENH4XxKysKWMDIf8XQC381INT ZLEwASdutCb1/ZbBY/sZeuibHkrHpgy+OYq33W2mpb88PBcd8uL6f1TXVpE9DmMcrt0U 1u+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ED/6JVcATy5yhj6IrLrdnhQarWbFSZLreF5hcO7c1IM=; b=eHA1g4wqEIUKZTAQWSKeMJxx+rjLMvA1X8+gnXd6IZgvvSZ1/pxfi0evNGn/bA1qRb IrkPnQwtuI5ZXNHQVyeizU8ecFYzadd173rZXnad8B46YEpo+sn6AlzaX3uLLKO2wkNg blIB29CRFiCPhCxwue9ZgXYrTUFDCW66SzCbkqegDcrZ9uI0pvKtkNZdpqWm7CSWFhsJ QSvdXeuVPh7giHnb7V+rA3fHt2ZYwJXj8d6E7OkmQKTNxPuauabtToIIwWY1SGMrcx+O Y2UA0nAHd5GiBQVOhAzlP0YdUoscNH+BJ5inac38+NumEKAi2O67huiNUbFUzbDHgJeJ Joqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=tVZv4078; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v10si442628plg.82.2018.12.06.06.49.56; Thu, 06 Dec 2018 06:50:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=tVZv4078; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730970AbeLFOsw (ORCPT + 99 others); Thu, 6 Dec 2018 09:48:52 -0500 Received: from mail.kernel.org ([198.145.29.99]:53530 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731576AbeLFOsV (ORCPT ); Thu, 6 Dec 2018 09:48:21 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6559A20661; Thu, 6 Dec 2018 14:48:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1544107700; bh=Hcp0hT4Jk4GSX8cyNUeD8d8CylbJY11EzQlLhCp46Oo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tVZv40788a5OJX0KzsxClWVN96XchBmzHoC3LQ4lbf6FtKChLeWH0c+Qld3rrmaxn enXueDvz2ZAjSSyVjGEQPW5wYgf8AhVZ9+nF+VuneDK4Q/MzOIXdhu7Ndd4GZr298c 6Xk9/yV7GhZ4ZkHx2p7kfy+wwCNq7cr4ae6ncPHE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xu Wen , Qu Wenruo , Gu Jinxiang , David Sterba , Ben Hutchings Subject: [PATCH 4.9 079/101] btrfs: tree-checker: Detect invalid and empty essential trees Date: Thu, 6 Dec 2018 15:39:18 +0100 Message-Id: <20181206143016.716811151@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181206143011.174892052@linuxfoundation.org> References: <20181206143011.174892052@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Qu Wenruo commit ba480dd4db9f1798541eb2d1c423fc95feee8d36 upstream. A crafted image has empty root tree block, which will later cause NULL pointer dereference. The following trees should never be empty: 1) Tree root Must contain at least root items for extent tree, device tree and fs tree 2) Chunk tree Or we can't even bootstrap as it contains the mapping. 3) Fs tree At least inode item for top level inode (.). 4) Device tree Dev extents for chunks 5) Extent tree Must have corresponding extent for each chunk. If any of them is empty, we are sure the fs is corrupted and no need to mount it. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199847 Reported-by: Xu Wen Signed-off-by: Qu Wenruo Tested-by: Gu Jinxiang Reviewed-by: David Sterba Signed-off-by: David Sterba [bwh: Backported to 4.9: Pass root instead of fs_info to generic_err()] Signed-off-by: Ben Hutchings Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/tree-checker.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -456,9 +456,22 @@ static int check_leaf(struct btrfs_root * skip this check for relocation trees. */ if (nritems == 0 && !btrfs_header_flag(leaf, BTRFS_HEADER_FLAG_RELOC)) { + u64 owner = btrfs_header_owner(leaf); struct btrfs_root *check_root; - key.objectid = btrfs_header_owner(leaf); + /* These trees must never be empty */ + if (owner == BTRFS_ROOT_TREE_OBJECTID || + owner == BTRFS_CHUNK_TREE_OBJECTID || + owner == BTRFS_EXTENT_TREE_OBJECTID || + owner == BTRFS_DEV_TREE_OBJECTID || + owner == BTRFS_FS_TREE_OBJECTID || + owner == BTRFS_DATA_RELOC_TREE_OBJECTID) { + generic_err(root, leaf, 0, + "invalid root, root %llu must never be empty", + owner); + return -EUCLEAN; + } + key.objectid = owner; key.type = BTRFS_ROOT_ITEM_KEY; key.offset = (u64)-1;