| From: Gu Jinxiang <gujx@cn.fujitsu.com> |
| Date: Wed, 4 Jul 2018 18:16:39 +0800 |
| Subject: btrfs: validate type when reading a chunk |
| |
| commit 315409b0098fb2651d86553f0436b70502b29bb2 upstream. |
| |
| Reported in https://bugzilla.kernel.org/show_bug.cgi?id=199839, with an |
| image that has an invalid chunk type but does not return an error. |
| |
| Add chunk type check in btrfs_check_chunk_valid, to detect the wrong |
| type combinations. |
| |
| Link: https://bugzilla.kernel.org/show_bug.cgi?id=199839 |
| Reported-by: Xu Wen <wen.xu@gatech.edu> |
| Reviewed-by: Qu Wenruo <wqu@suse.com> |
| Signed-off-by: Gu Jinxiang <gujx@cn.fujitsu.com> |
| Signed-off-by: David Sterba <dsterba@suse.com> |
| [bwh: Backported to 4.4: Use root->fs_info instead of fs_info] |
| Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| fs/btrfs/volumes.c | 28 ++++++++++++++++++++++++++++ |
| 1 file changed, 28 insertions(+) |
| |
| --- a/fs/btrfs/volumes.c |
| +++ b/fs/btrfs/volumes.c |
| @@ -5815,6 +5815,8 @@ static int btrfs_check_chunk_valid(struc |
| u16 num_stripes; |
| u16 sub_stripes; |
| u64 type; |
| + u64 features; |
| + bool mixed = false; |
| |
| length = btrfs_chunk_length(leaf, chunk); |
| stripe_len = btrfs_chunk_stripe_len(leaf, chunk); |
| @@ -5855,6 +5857,32 @@ static int btrfs_check_chunk_valid(struc |
| btrfs_chunk_type(leaf, chunk)); |
| return -EIO; |
| } |
| + |
| + if ((type & BTRFS_BLOCK_GROUP_TYPE_MASK) == 0) { |
| + btrfs_err(root->fs_info, "missing chunk type flag: 0x%llx", type); |
| + return -EIO; |
| + } |
| + |
| + if ((type & BTRFS_BLOCK_GROUP_SYSTEM) && |
| + (type & (BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_DATA))) { |
| + btrfs_err(root->fs_info, |
| + "system chunk with data or metadata type: 0x%llx", type); |
| + return -EIO; |
| + } |
| + |
| + features = btrfs_super_incompat_flags(root->fs_info->super_copy); |
| + if (features & BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS) |
| + mixed = true; |
| + |
| + if (!mixed) { |
| + if ((type & BTRFS_BLOCK_GROUP_METADATA) && |
| + (type & BTRFS_BLOCK_GROUP_DATA)) { |
| + btrfs_err(root->fs_info, |
| + "mixed chunk type in non-mixed mode: 0x%llx", type); |
| + return -EIO; |
| + } |
| + } |
| + |
| if ((type & BTRFS_BLOCK_GROUP_RAID10 && sub_stripes != 2) || |
| (type & BTRFS_BLOCK_GROUP_RAID1 && num_stripes < 1) || |
| (type & BTRFS_BLOCK_GROUP_RAID5 && num_stripes < 2) || |