Skip to content

Commit 99e3ecf

Browse files
Liu Bokdave
Liu Bo
authored and
kdave
committed
Btrfs: add more validation checks for superblock
This adds validation checks for super_total_bytes, super_bytes_used and super_stripesize, super_num_devices. Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Reported-by: Quentin Casasnovas <quentin.casasnovas@oracle.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: Liu Bo <bo.li.liu@oracle.com> Signed-off-by: David Sterba <dsterba@suse.com>
1 parent d865177 commit 99e3ecf

File tree

2 files changed

+35
-0
lines changed

2 files changed

+35
-0
lines changed

fs/btrfs/disk-io.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4130,6 +4130,17 @@ static int btrfs_check_super_valid(struct btrfs_fs_info *fs_info,
41304130
* Hint to catch really bogus numbers, bitflips or so, more exact checks are
41314131
* done later
41324132
*/
4133+
if (btrfs_super_bytes_used(sb) < 6 * btrfs_super_nodesize(sb)) {
4134+
btrfs_err(fs_info, "bytes_used is too small %llu",
4135+
btrfs_super_bytes_used(sb));
4136+
ret = -EINVAL;
4137+
}
4138+
if (!is_power_of_2(btrfs_super_stripesize(sb)) ||
4139+
btrfs_super_stripesize(sb) != sectorsize) {
4140+
btrfs_err(fs_info, "invalid stripesize %u",
4141+
btrfs_super_stripesize(sb));
4142+
ret = -EINVAL;
4143+
}
41334144
if (btrfs_super_num_devices(sb) > (1UL << 31))
41344145
printk(KERN_WARNING "BTRFS: suspicious number of devices: %llu\n",
41354146
btrfs_super_num_devices(sb));

fs/btrfs/volumes.c

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6651,6 +6651,7 @@ int btrfs_read_chunk_tree(struct btrfs_root *root)
66516651
struct btrfs_key found_key;
66526652
int ret;
66536653
int slot;
6654+
u64 total_dev = 0;
66546655

66556656
root = root->fs_info->chunk_root;
66566657

@@ -6692,6 +6693,7 @@ int btrfs_read_chunk_tree(struct btrfs_root *root)
66926693
ret = read_one_dev(root, leaf, dev_item);
66936694
if (ret)
66946695
goto error;
6696+
total_dev++;
66956697
} else if (found_key.type == BTRFS_CHUNK_ITEM_KEY) {
66966698
struct btrfs_chunk *chunk;
66976699
chunk = btrfs_item_ptr(leaf, slot, struct btrfs_chunk);
@@ -6701,6 +6703,28 @@ int btrfs_read_chunk_tree(struct btrfs_root *root)
67016703
}
67026704
path->slots[0]++;
67036705
}
6706+
6707+
/*
6708+
* After loading chunk tree, we've got all device information,
6709+
* do another round of validation checks.
6710+
*/
6711+
if (total_dev != root->fs_info->fs_devices->total_devices) {
6712+
btrfs_err(root->fs_info,
6713+
"super_num_devices %llu mismatch with num_devices %llu found here",
6714+
btrfs_super_num_devices(root->fs_info->super_copy),
6715+
total_dev);
6716+
ret = -EINVAL;
6717+
goto error;
6718+
}
6719+
if (btrfs_super_total_bytes(root->fs_info->super_copy) <
6720+
root->fs_info->fs_devices->total_rw_bytes) {
6721+
btrfs_err(root->fs_info,
6722+
"super_total_bytes %llu mismatch with fs_devices total_rw_bytes %llu",
6723+
btrfs_super_total_bytes(root->fs_info->super_copy),
6724+
root->fs_info->fs_devices->total_rw_bytes);
6725+
ret = -EINVAL;
6726+
goto error;
6727+
}
67046728
ret = 0;
67056729
error:
67066730
unlock_chunks(root);

0 commit comments

Comments
 (0)