Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp2758490ybh; Mon, 5 Aug 2019 06:23:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqzcxQEFiSVtyHtE2O32mxcx2PFhHUxtTWZTgCd/xPK+floCJlhrR5Md88AvS8qb/txYwtAW X-Received: by 2002:a65:5144:: with SMTP id g4mr84108815pgq.202.1565011411813; Mon, 05 Aug 2019 06:23:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565011411; cv=none; d=google.com; s=arc-20160816; b=zJy4BF9GRJLLuH65ywFK815/WSAzsHMAMr6LdFUjbcCe8Bjwrill/gZEp4+bLZzbbj fkJdz3X7rExXUTDs0N9276oA5m4W8rqaRAT0Yhb9iqGL87UV1obWu6MEEQ07eRvcdIpp FPz7L5wFKgnRUxMCChc7tSp9roHeAvUYeXZvL+8PHOup/ABHZxYSBiPKzO8sktuHKzHz 6r59JRe9PI8QYwRgJriZ3/wSV7DDR32ugkTuMmdOgP0I6cn1zQA395iusFDqKkCj4r9j Od5bhNj6VTL+3Ldmi7vZtvtPDU7dyTGyEvv+fNgV1DADu2W7N72RgnWb5I5D+iwgTcmO z+ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=NHNOCXhn/AdPprwGa3Gwst9kn9a9kkStspImi89ozME=; b=j53sQPao3JUmsZrJJ7jWR4bzdwgnzXr/3zV8IOpi6pFAHAG4jXBprNyRIg/TgPxf0V vpPgb1skHJ0hwlppGI95FawTix0/IADtqY4PHaWuURzD7weGqpPb2l0OVvfU82q0XMoa g7am5oLE8+Wq5fSQZTbyxkzid5sn7zrg83fiInWp00nVk+ogxvGBSg9sTf+CBBYr3Dqv OrhLeICDjy8m7uVXeIGfBeXO199jBQbuVqHrdOgDxhuRHvrCSu51H0EGMy9tG3L0Zx8g 5H4mDBMNLHnSirWubX2KzMEPDlH0m/Am4OrNVVitpqlenpnCj7LlaUPRMYYEQdsBPBeS nTxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=JPrH+HAH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l14si43089862pgh.205.2019.08.05.06.23.16; Mon, 05 Aug 2019 06:23:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=JPrH+HAH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730459AbfHENVI (ORCPT + 99 others); Mon, 5 Aug 2019 09:21:08 -0400 Received: from mail.kernel.org ([198.145.29.99]:57222 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729423AbfHENVE (ORCPT ); Mon, 5 Aug 2019 09:21:04 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AB71720657; Mon, 5 Aug 2019 13:21:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565011264; bh=jJs/ZGRveEr6EqdpW7NbSDpFdrYqj5xsHv9wAFDLWEU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JPrH+HAHmmqGSa+cyJjsOMzh3ko2yMiBT4pYKIbDjXfiMJxWkhUWC6oaMuIbGSENK WyF53ATRgGfxQ1bWedUBAbM+0eUF1BwQSvqDKMgpm13VRzDhqf9ZLji5exge8Xvp5o Doc09qTB6N7f6tPXclvE1cV97TWlOjOfbQ3H2KVM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Qu Wenruo , David Sterba , Sasha Levin Subject: [PATCH 5.2 026/131] btrfs: tree-checker: Check if the file extent end overflows Date: Mon, 5 Aug 2019 15:01:53 +0200 Message-Id: <20190805124953.190420246@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190805124951.453337465@linuxfoundation.org> References: <20190805124951.453337465@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit 4c094c33c9ed4b8d0d814bd1d7ff78e123d15d00 ] Under certain conditions, we could have strange file extent item in log tree like: item 18 key (69599 108 397312) itemoff 15208 itemsize 53 extent data disk bytenr 0 nr 0 extent data offset 0 nr 18446744073709547520 ram 18446744073709547520 The num_bytes + ram_bytes overflow 64 bit type. For num_bytes part, we can detect such overflow along with file offset (key->offset), as file_offset + num_bytes should never go beyond u64. For ram_bytes part, it's about the decompressed size of the extent, not directly related to the size. In theory it is OK to have a large value, and put extra limitation on RAM bytes may cause unexpected false alerts. So in tree-checker, we only check if the file offset and num bytes overflow. Signed-off-by: Qu Wenruo Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/tree-checker.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 96fce4bef4e7d..ccd5706199d76 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -132,6 +132,7 @@ static int check_extent_data_item(struct extent_buffer *leaf, struct btrfs_file_extent_item *fi; u32 sectorsize = fs_info->sectorsize; u32 item_size = btrfs_item_size_nr(leaf, slot); + u64 extent_end; if (!IS_ALIGNED(key->offset, sectorsize)) { file_extent_err(leaf, slot, @@ -207,6 +208,16 @@ static int check_extent_data_item(struct extent_buffer *leaf, CHECK_FE_ALIGNED(leaf, slot, fi, num_bytes, sectorsize)) return -EUCLEAN; + /* Catch extent end overflow */ + if (check_add_overflow(btrfs_file_extent_num_bytes(leaf, fi), + key->offset, &extent_end)) { + file_extent_err(leaf, slot, + "extent end overflow, have file offset %llu extent num bytes %llu", + key->offset, + btrfs_file_extent_num_bytes(leaf, fi)); + return -EUCLEAN; + } + /* * Check that no two consecutive file extent items, in the same leaf, * present ranges that overlap each other. -- 2.20.1