| From aefd7f7065567a4666f42c0fc8cdb379d2e036bf Mon Sep 17 00:00:00 2001 |
| From: Nikolay Borisov <nborisov@suse.com> |
| Date: Mon, 31 May 2021 12:26:01 +0300 |
| Subject: btrfs: promote debugging asserts to full-fledged checks in validate_super |
| |
| From: Nikolay Borisov <nborisov@suse.com> |
| |
| commit aefd7f7065567a4666f42c0fc8cdb379d2e036bf upstream. |
| |
| Syzbot managed to trigger this assert while performing its fuzzing. |
| Turns out it's better to have those asserts turned into full-fledged |
| checks so that in case buggy btrfs images are mounted the users gets |
| an error and mounting is stopped. Alternatively with CONFIG_BTRFS_ASSERT |
| disabled such image would have been erroneously allowed to be mounted. |
| |
| Reported-by: syzbot+a6bf271c02e4fe66b4e4@syzkaller.appspotmail.com |
| CC: stable@vger.kernel.org # 5.4+ |
| Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com> |
| Reviewed-by: Qu Wenruo <wqu@suse.com> |
| Signed-off-by: Nikolay Borisov <nborisov@suse.com> |
| Reviewed-by: David Sterba <dsterba@suse.com> |
| [ add uuids to the messages ] |
| Signed-off-by: David Sterba <dsterba@suse.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| fs/btrfs/disk-io.c | 26 ++++++++++++++++++-------- |
| 1 file changed, 18 insertions(+), 8 deletions(-) |
| |
| --- a/fs/btrfs/disk-io.c |
| +++ b/fs/btrfs/disk-io.c |
| @@ -2558,6 +2558,24 @@ static int validate_super(struct btrfs_f |
| ret = -EINVAL; |
| } |
| |
| + if (memcmp(fs_info->fs_devices->fsid, fs_info->super_copy->fsid, |
| + BTRFS_FSID_SIZE)) { |
| + btrfs_err(fs_info, |
| + "superblock fsid doesn't match fsid of fs_devices: %pU != %pU", |
| + fs_info->super_copy->fsid, fs_info->fs_devices->fsid); |
| + ret = -EINVAL; |
| + } |
| + |
| + if (btrfs_fs_incompat(fs_info, METADATA_UUID) && |
| + memcmp(fs_info->fs_devices->metadata_uuid, |
| + fs_info->super_copy->metadata_uuid, BTRFS_FSID_SIZE)) { |
| + btrfs_err(fs_info, |
| +"superblock metadata_uuid doesn't match metadata uuid of fs_devices: %pU != %pU", |
| + fs_info->super_copy->metadata_uuid, |
| + fs_info->fs_devices->metadata_uuid); |
| + ret = -EINVAL; |
| + } |
| + |
| if (memcmp(fs_info->fs_devices->metadata_uuid, sb->dev_item.fsid, |
| BTRFS_FSID_SIZE) != 0) { |
| btrfs_err(fs_info, |
| @@ -3185,14 +3203,6 @@ int __cold open_ctree(struct super_block |
| |
| disk_super = fs_info->super_copy; |
| |
| - ASSERT(!memcmp(fs_info->fs_devices->fsid, fs_info->super_copy->fsid, |
| - BTRFS_FSID_SIZE)); |
| - |
| - if (btrfs_fs_incompat(fs_info, METADATA_UUID)) { |
| - ASSERT(!memcmp(fs_info->fs_devices->metadata_uuid, |
| - fs_info->super_copy->metadata_uuid, |
| - BTRFS_FSID_SIZE)); |
| - } |
| |
| features = btrfs_super_flags(disk_super); |
| if (features & BTRFS_SUPER_FLAG_CHANGING_FSID_V2) { |