Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp599112img; Fri, 22 Mar 2019 04:54:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqywvdcsZpq7lxKDBBjqNernM5ixfU40zesgtPOYEW0jiwKw0GclRzEfeEGMDj50GsDgCqfA X-Received: by 2002:a63:ed0a:: with SMTP id d10mr8448045pgi.452.1553255673704; Fri, 22 Mar 2019 04:54:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553255673; cv=none; d=google.com; s=arc-20160816; b=iQR5/twdjoadve4YivweAGcAlL9E63A1JO+YFaqJw5rRdW7S+e8OUnQODqwVuqFfWn PkS5KnBQJH5awWWyA4tZjquYFImx+vHM5WM6GblQP2WjbW5VaVhE+B9bAGCqh2btrCVI xb/uAGbaA/Rgp13s2EjQbxrmSE+BCtqI7SDcXxcz72P46pijKgMl+rd32eE10oIdFebJ Na42g6pnVC2G2QlEBtzjVqHgv8k0PHzn3LPMOGuxyfadLTqIodLqDLTAiwsCIF8oFwNs vTL/tMryeGq9l+f0/DMFSIqfSBRuy/nz9OCQc7rMgiNVGmRJVC9LxuaRWS/zNt09wN1V MONw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=WbPhStVfV1dMLkoocAtboKGVZ3hT55hXxkUs1n/AyJM=; b=Memhw/UVnxdon2SVlIhilMK632N5M61do4MI9OB8kI8hxor7MmJPgRyZovFpV8pX2J pj7S/LIzPlDLHZXEIHXAg0rur23aEv8gLdNoo7aYSOsm1s4N1yhA8nUIrl8p8E5o/2kx dxUOCMLFfZaQb9jaO92yaQC7745Y7MfiQS6uf99IBLxMj3YShei73xJwENzDkdo8Tt7K oB65Sw6/eyzaB4fs0pVtTbziwOxfD/TzOguzHqwWLe2xF0Iy/tYtB251Rs+/oZ4PE4/d 0uxXE2Kg/pMBZnxt9oXHeSO/khk+K/xOQ6jiWXdg586PJUDIA+7ytajiO9ce81K5+Yof o3Pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=tHgXC24N; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u3si6458262pgi.275.2019.03.22.04.54.16; Fri, 22 Mar 2019 04:54:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=tHgXC24N; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732864AbfCVLwM (ORCPT + 99 others); Fri, 22 Mar 2019 07:52:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:56070 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732850AbfCVLwJ (ORCPT ); Fri, 22 Mar 2019 07:52:09 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7C57320850; Fri, 22 Mar 2019 11:52:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553255529; bh=2b8S8d5sn9CXAxZrZdH8FuhtuTYLQZfS90J28Rvisg0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tHgXC24Nv6SBNVTUXvE4q6LbSbaIdkD919Y+/zFFKb8kCipNXrcvPhM2kuLJVXaef fpRNu7NX+TqG6WbLO85ElH044t7QhHcn1QHodnL7BO53CvHVZDGVHIFz/Lf8Rc1pIU 7bjBafKVodeLjDkb/v/2IqfRAt4YC4WLbrlOcpEI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Qu Wenruo , Nikolay Borisov , Johannes Thumshirn , David Sterba Subject: [PATCH 4.14 103/183] btrfs: ensure that a DUP or RAID1 block group has exactly two stripes Date: Fri, 22 Mar 2019 12:15:31 +0100 Message-Id: <20190322111249.152612544@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190322111241.819468003@linuxfoundation.org> References: <20190322111241.819468003@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Johannes Thumshirn commit 349ae63f40638a28c6fce52e8447c2d14b84cc0c upstream. We recently had a customer issue with a corrupted filesystem. When trying to mount this image btrfs panicked with a division by zero in calc_stripe_length(). The corrupt chunk had a 'num_stripes' value of 1. calc_stripe_length() takes this value and divides it by the number of copies the RAID profile is expected to have to calculate the amount of data stripes. As a DUP profile is expected to have 2 copies this division resulted in 1/2 = 0. Later then the 'data_stripes' variable is used as a divisor in the stripe length calculation which results in a division by 0 and thus a kernel panic. When encountering a filesystem with a DUP block group and a 'num_stripes' value unequal to 2, refuse mounting as the image is corrupted and will lead to unexpected behaviour. Code inspection showed a RAID1 block group has the same issues. Fixes: e06cd3dd7cea ("Btrfs: add validadtion checks for chunk loading") CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Qu Wenruo Reviewed-by: Nikolay Borisov Signed-off-by: Johannes Thumshirn Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/volumes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -6420,10 +6420,10 @@ static int btrfs_check_chunk_valid(struc } if ((type & BTRFS_BLOCK_GROUP_RAID10 && sub_stripes != 2) || - (type & BTRFS_BLOCK_GROUP_RAID1 && num_stripes < 1) || + (type & BTRFS_BLOCK_GROUP_RAID1 && num_stripes != 2) || (type & BTRFS_BLOCK_GROUP_RAID5 && num_stripes < 2) || (type & BTRFS_BLOCK_GROUP_RAID6 && num_stripes < 3) || - (type & BTRFS_BLOCK_GROUP_DUP && num_stripes > 2) || + (type & BTRFS_BLOCK_GROUP_DUP && num_stripes != 2) || ((type & BTRFS_BLOCK_GROUP_PROFILE_MASK) == 0 && num_stripes != 1)) { btrfs_err(fs_info,