Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp994493ybt; Fri, 19 Jun 2020 20:57:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz9+GlpaRYYQdFtr+Gitr+QQytgkl8NOq5c3SedPotOtv7OjsPGZqW36MwB6GK9SaA1D8EB X-Received: by 2002:a05:6402:1d89:: with SMTP id dk9mr6189053edb.275.1592625426767; Fri, 19 Jun 2020 20:57:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592625426; cv=none; d=google.com; s=arc-20160816; b=lWuDYLzJKlK7KzKnWt/7pBpceBh63RfflXXkRt4Lo4a1BpCJZ0yAgjugx1YjxRCfjt oee16ImVVeNxIERndtCAH4I1bZZs9dvyU2xt6/apHFdyFgVFHwb6BPysmnBUgoZcDnIl RLUanoaJBWz+jfHYXZeSd3uEVz0HzlgxoZjAtydQSoh61EiTL2mNJjOM335+CR8Sn0Or i4IZNVyR1I1mDDH4xkqR7pH3o8p6I0AERgYedpcHfReeuADucL+4ZX/bmZR4RcNP3Yrx FxEw5s3i7HS0aLKrFAj7AiXgXDacStlDA9p9B6126O5LoIQshVlAis2mYsapUEaNoVLf ry9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=lSD+XWiCwLs6At/iDX/jQVSyQW0yZIIlIPQDHN8CZPs=; b=U2OEJfRwWlQouS+t0DxkuOEAq+zFlxyYtPeG2koHl9RNhAtg2i0BlV6ka3mLyi5iAB 2DYWTDQtg7cwTWgV0NBPoMP9x1JGl4pbxMpsfznLnOBK3HMDfs1SCfysWfwwZy3hlRCV NIw+thNt3UlhVeUtHv8jfY8+2w+HdA2DqNWep2UDxOLTno/2+0WrgpnjgV8VxE1CjDxN X00oi5M3JVv/BlSL6CplPws+rEdd9guWV/RZcBLkOjRsbgdebvXiFKCytWtYvuJXsfc9 nwjZbEDcnO6f87n+f9Jc+9r0/Q5FwtzaxrLIu6pUeMVsEnYvWbjwWIqaJXlbe6vH6a+F 3/aA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=EDucm9fk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a9si5025869edy.372.2020.06.19.20.56.45; Fri, 19 Jun 2020 20:57:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=EDucm9fk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2394908AbgFSQ1u (ORCPT + 99 others); Fri, 19 Jun 2020 12:27:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:50396 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389463AbgFSOzb (ORCPT ); Fri, 19 Jun 2020 10:55:31 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9ACC721835; Fri, 19 Jun 2020 14:55:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1592578531; bh=C00lb73rbG9xsFzU6HfWKhv3Y6ec1kY1TeDnLPYBR4w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EDucm9fkLB/+T7m8FCW+qQPvHAAYVKfHZoH/N04xIMfRGWbDJ5g7LTBFSmC6GsyzC Tp/vn1W6ZYfB11OabJLm0bmMJZV37mssRdGhksn1TI2O3l+GRkRd/Mf2xJKFEbUa8o TcXLwdoz/CncJocQtCT5DSlR9M9LjX26+rWpMLrA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Qu Wenruo , Su Yue , David Sterba , Sasha Levin Subject: [PATCH 4.19 027/267] btrfs: tree-checker: Check level for leaves and nodes Date: Fri, 19 Jun 2020 16:30:12 +0200 Message-Id: <20200619141650.167676951@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200619141648.840376470@linuxfoundation.org> References: <20200619141648.840376470@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Qu Wenruo [ Upstream commit f556faa46eb4e96d0d0772e74ecf66781e132f72 ] Although we have tree level check at tree read runtime, it's completely based on its parent level. We still need to do accurate level check to avoid invalid tree blocks sneak into kernel space. The check itself is simple, for leaf its level should always be 0. For nodes its level should be in range [1, BTRFS_MAX_LEVEL - 1]. Signed-off-by: Qu Wenruo Reviewed-by: Su Yue Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/tree-checker.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 235c2970b944..d98ec885b72a 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -485,6 +485,13 @@ static int check_leaf(struct btrfs_fs_info *fs_info, struct extent_buffer *leaf, u32 nritems = btrfs_header_nritems(leaf); int slot; + if (btrfs_header_level(leaf) != 0) { + generic_err(fs_info, leaf, 0, + "invalid level for leaf, have %d expect 0", + btrfs_header_level(leaf)); + return -EUCLEAN; + } + /* * Extent buffers from a relocation tree have a owner field that * corresponds to the subvolume tree they are based on. So just from an @@ -649,9 +656,16 @@ int btrfs_check_node(struct btrfs_fs_info *fs_info, struct extent_buffer *node) unsigned long nr = btrfs_header_nritems(node); struct btrfs_key key, next_key; int slot; + int level = btrfs_header_level(node); u64 bytenr; int ret = 0; + if (level <= 0 || level >= BTRFS_MAX_LEVEL) { + generic_err(fs_info, node, 0, + "invalid level for node, have %d expect [1, %d]", + level, BTRFS_MAX_LEVEL - 1); + return -EUCLEAN; + } if (nr == 0 || nr > BTRFS_NODEPTRS_PER_BLOCK(fs_info)) { btrfs_crit(fs_info, "corrupt node: root=%llu block=%llu, nritems too %s, have %lu expect range [1,%u]", -- 2.25.1