linux/fs
Qu Wenruo d3ba98ce5c btrfs: tree-checker: add dev extent item checks
commit 008e2512dc upstream.

[REPORT]
There is a corruption report that btrfs refused to mount a fs that has
overlapping dev extents:

  BTRFS error (device sdc): dev extent devid 4 physical offset 14263979671552 overlap with previous dev extent end 14263980982272
  BTRFS error (device sdc): failed to verify dev extents against chunks: -117
  BTRFS error (device sdc): open_ctree failed

[CAUSE]
The direct cause is very obvious, there is a bad dev extent item with
incorrect length.

With btrfs check reporting two overlapping extents, the second one shows
some clue on the cause:

  ERROR: dev extent devid 4 offset 14263979671552 len 6488064 overlap with previous dev extent end 14263980982272
  ERROR: dev extent devid 13 offset 2257707008000 len 6488064 overlap with previous dev extent end 2257707270144
  ERROR: errors found in extent allocation tree or chunk allocation

The second one looks like a bitflip happened during new chunk
allocation:
hex(2257707008000) = 0x20da9d30000
hex(2257707270144) = 0x20da9d70000
diff               = 0x00000040000

So it looks like a bitflip happened during new dev extent allocation,
resulting the second overlap.

Currently we only do the dev-extent verification at mount time, but if the
corruption is caused by memory bitflip, we really want to catch it before
writing the corruption to the storage.

Furthermore the dev extent items has the following key definition:

	(<device id> DEV_EXTENT <physical offset>)

Thus we can not just rely on the generic key order check to make sure
there is no overlapping.

[ENHANCEMENT]
Introduce dedicated dev extent checks, including:

- Fixed member checks
  * chunk_tree should always be BTRFS_CHUNK_TREE_OBJECTID (3)
  * chunk_objectid should always be
    BTRFS_FIRST_CHUNK_CHUNK_TREE_OBJECTID (256)

- Alignment checks
  * chunk_offset should be aligned to sectorsize
  * length should be aligned to sectorsize
  * key.offset should be aligned to sectorsize

- Overlap checks
  If the previous key is also a dev-extent item, with the same
  device id, make sure we do not overlap with the previous dev extent.

Reported: Stefan N <stefannnau@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/CA+W5K0rSO3koYTo=nzxxTm1-Pdu1HYgVxEpgJ=aGc7d=E8mGEg@mail.gmail.com/
CC: stable@vger.kernel.org # 5.10+
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-08-29 17:33:16 +02:00
..
9p 9p: add missing locking around taking dentry fid list 2024-06-16 13:47:37 +02:00
adfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
affs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
afs mm: page_ref: remove folio_try_get_rcu() 2024-07-25 09:50:56 +02:00
autofs v6.6-vfs.autofs 2023-08-28 11:39:14 -07:00
befs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
bfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
btrfs btrfs: tree-checker: add dev extent item checks 2024-08-29 17:33:16 +02:00
cachefiles cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() 2024-07-25 09:50:58 +02:00
ceph ceph: fix incorrect kmalloc size of pagevec mempool 2024-08-03 08:54:40 +02:00
coda v6.6-vfs.ctime 2023-08-28 09:31:32 -07:00
configfs configfs: convert to ctime accessor functions 2023-07-13 10:28:05 +02:00
cramfs fs: Convert to bdev_open_by_dev() 2024-08-19 06:04:25 +02:00
crypto
debugfs debugfs: fix automount d_fsdata usage 2024-01-20 11:51:37 +01:00
devpts v6.6-vfs.misc 2023-08-28 10:17:14 -07:00
dlm dlm: fix user space lock decision to copy lvb 2024-06-12 11:11:38 +02:00
ecryptfs ecryptfs: Fix buffer size for tag 66 packet 2024-06-12 11:11:31 +02:00
efivarfs efivarfs: Request at most 512 bytes for variable names 2024-03-06 14:48:41 +00:00
efs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
erofs erofs: avoid debugging output for (de)compressed data 2024-08-19 06:04:26 +02:00
exfat exfat: fix potential deadlock on __exfat_get_dentry_set 2024-08-03 08:54:12 +02:00
exportfs exportfs: remove kernel-doc warnings in exportfs 2023-08-29 17:45:22 -04:00
ext2 ext2: Verify bitmap and itable block numbers before using them 2024-08-03 08:54:15 +02:00
ext4 ext4: sanity check for NULL pointer after ext4_force_shutdown 2024-08-19 06:04:29 +02:00
f2fs f2fs: fix to cover read extent cache access with lock 2024-08-19 06:04:29 +02:00
fat fat: fix uninitialized field in nostale filehandles 2024-04-03 15:28:20 +02:00
freevxfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
fscache fs/netfs/fscache_cookie: add missing "n_accesses" check 2024-08-29 17:33:15 +02:00
fuse fuse: Initialize beyond-EOF page contents before setting uptodate 2024-08-29 17:33:11 +02:00
gfs2 gfs2: Fix NULL pointer dereference in gfs2_log_flush 2024-07-05 09:33:52 +02:00
hfs hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() 2024-08-03 08:54:15 +02:00
hfsplus hfsplus: fix to avoid false alarm of circular locking 2024-08-03 08:53:21 +02:00
hostfs hostfs: fix dev_t handling 2024-08-03 08:54:22 +02:00
hpfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
hugetlbfs mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE 2024-02-23 09:25:16 +01:00
iomap iomap: Fix iomap_adjust_read_range for plen calculation 2024-07-25 09:50:46 +02:00
isofs isofs: handle CDs with bad root inode but good Joliet root directory 2024-04-13 13:07:34 +02:00
jbd2 jbd2: avoid memleak in jbd2_journal_write_metadata_buffer 2024-08-14 13:58:46 +02:00
jffs2 jffs2: Fix potential illegal address access in jffs2_free_inode 2024-07-11 12:49:09 +02:00
jfs Revert "jfs: fix shift-out-of-bounds in dbJoin" 2024-08-19 06:04:30 +02:00
kernfs kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() 2024-08-03 08:53:21 +02:00
lockd nfsd: stop setting ->pg_stats for unused stats 2024-08-19 06:04:23 +02:00
minix for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
netfs netfs: Only call folio_start_fscache() one time for each folio 2023-09-18 12:03:46 -07:00
nfs nfsd: stop setting ->pg_stats for unused stats 2024-08-19 06:04:23 +02:00
nfs_common
nfsd nfsd: make svc_stat per-network namespace instead of global 2024-08-19 06:04:24 +02:00
nilfs2 nilfs2: handle inconsistent state in nilfs_btnode_create_block() 2024-08-03 08:54:33 +02:00
nls nls: Hide new NLS_UCS2_UTILS 2023-08-31 12:07:34 -05:00
notify fanotify: limit reporting of event with non-decodeable file handles 2023-10-19 16:19:20 +02:00
ntfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
ntfs3 fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() 2024-08-29 17:33:13 +02:00
ocfs2 ocfs2: add bounds checking to ocfs2_check_dir_entry() 2024-07-27 11:34:08 +02:00
omfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
openpromfs openpromfs: finish conversion to the new mount API 2024-06-12 11:11:30 +02:00
orangefs orangefs: fix out-of-bounds fsid access 2024-07-11 12:49:08 +02:00
overlayfs ovl: fix encoding fid for lower only root 2024-06-27 13:49:12 +02:00
proc sysctl: always initialize i_uid/i_gid 2024-08-11 12:47:13 +02:00
pstore pstore/zone: Add a null pointer check to the psz_kmsg_read 2024-04-13 13:07:31 +02:00
qnx4 for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
qnx6 for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
quota quota: Detect loops in quota tree 2024-08-19 06:04:27 +02:00
ramfs ramfs: convert to ctime accessor functions 2023-07-24 10:30:04 +02:00
reiserfs reiserfs: fix uninit-value in comp_keys 2024-08-19 06:04:26 +02:00
romfs fs: Convert to bdev_open_by_dev() 2024-08-19 06:04:25 +02:00
smb smb3: fix setting SecurityFlags when encryption is required 2024-08-14 13:58:59 +02:00
squashfs Squashfs: fix variable overflow triggered by sysbot 2024-08-19 06:04:26 +02:00
sysfs fs: sysfs: Fix reference leak in sysfs_break_active_protection() 2024-04-27 17:11:41 +02:00
sysv sysv: don't call sb_bread() with pointers_lock held 2024-04-13 13:07:34 +02:00
tracefs eventfs: Use SRCU for freeing eventfs_inodes 2024-08-14 13:58:59 +02:00
ubifs ubifs: Set page uptodate in the correct place 2024-04-03 15:28:20 +02:00
udf udf: prevent integer overflow in udf_bitmap_free_blocks() 2024-08-14 13:58:43 +02:00
ufs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
unicode
vboxsf vboxsf: explicitly deny setlease attempts 2024-05-17 12:02:13 +02:00
verity fsverity: use register_sysctl_init() to avoid kmemleak warning 2024-06-16 13:47:33 +02:00
xfs xfs: fix log recovery buffer allocation for the legacy h_size fixup 2024-08-14 13:59:03 +02:00
zonefs zonefs: Improve error handling 2024-02-23 09:25:13 +01:00
aio.c fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion 2024-04-03 15:28:44 +02:00
anon_inodes.c
attr.c v6.6-vfs.misc 2023-08-28 10:17:14 -07:00
bad_inode.c fs: drop the timespec64 argument from update_time 2023-08-11 09:04:57 +02:00
binfmt_elf_fdpic.c fs: binfmt_elf_efpic: fix personality for ELF-FDPIC 2023-09-29 17:20:45 -07:00
binfmt_elf_test.c
binfmt_elf.c Merge branch 'expand-stack' 2023-06-28 20:35:21 -07:00
binfmt_flat.c binfmt_flat: Fix corruption when not offsetting data start 2024-08-19 06:04:30 +02:00
binfmt_misc.c fs: convert to ctime accessor functions 2023-07-13 10:28:04 +02:00
binfmt_script.c
buffer.c ext4: sanity check for NULL pointer after ext4_force_shutdown 2024-08-19 06:04:29 +02:00
char_dev.c
compat_binfmt_elf.c
coredump.c
d_path.c
dax.c mm: convert DAX lock/unlock page to lock/unlock folio 2024-01-10 17:16:53 +01:00
dcache.c fs: better handle deep ancestor chains in is_subdir() 2024-07-25 09:50:54 +02:00
direct-io.c - Yosry Ahmed brought back some cgroup v1 stats in OOM logs. 2023-06-28 10:28:11 -07:00
drop_caches.c fs: drop_caches: draining pages before dropping caches 2023-08-18 10:12:11 -07:00
eventfd.c eventfd: prevent underflow for eventfd semaphores 2023-07-11 11:41:34 +02:00
eventpoll.c epoll: be better about file lifetimes 2024-06-12 11:11:30 +02:00
exec.c exec: Fix ToCToU between perm check and set-uid/gid usage 2024-08-19 06:04:22 +02:00
fcntl.c fs: Fix rw_hint validation 2024-03-26 18:19:17 -04:00
fhandle.c fs: Annotate struct file_handle with __counted_by() and use struct_size() 2024-08-19 06:04:28 +02:00
file_table.c fs: use __fput_sync in close(2) 2023-08-08 19:36:51 +02:00
file.c fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE 2024-08-29 17:33:14 +02:00
filesystems.c
fs_context.c fs: factor out vfs_parse_monolithic_sep() helper 2023-10-12 18:53:36 +03:00
fs_parser.c
fs_pin.c
fs_struct.c kill do_each_thread() 2023-08-21 13:46:25 -07:00
fs_types.c
fs-writeback.c fs/writeback: bail out if there is no more inodes for IO and queued once 2024-06-27 13:49:00 +02:00
fsopen.c fs: add FSCONFIG_CMD_CREATE_EXCL 2023-08-14 18:48:02 +02:00
init.c
inode.c vfs: Don't evict inode under the inode lru traversing context 2024-08-29 17:33:13 +02:00
internal.h for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
ioctl.c lsm: new security_file_ioctl_compat() hook 2024-01-31 16:18:54 -08:00
Kconfig for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
Kconfig.binfmt riscv: support the elf-fdpic binfmt loader 2023-08-23 14:17:43 -07:00
kernel_read_file.c fs: Fix kernel-doc warnings 2023-08-19 12:12:12 +02:00
libfs.c fs: new accessor methods for atime and mtime 2024-01-05 15:19:40 +01:00
locks.c filelock: Fix fcntl/close race recovery compat path 2024-07-27 11:34:10 +02:00
Makefile fs: add CONFIG_BUFFER_HEAD 2023-08-02 09:13:09 -06:00
mbcache.c
mnt_idmapping.c
mount.h
mpage.c
namei.c rename(): fix the locking of subdirectories 2024-01-31 16:18:57 -08:00
namespace.c fs: relax mount_setattr() permission checks 2024-02-23 09:25:15 +01:00
nsfs.c fs: convert to ctime accessor functions 2023-07-13 10:28:04 +02:00
open.c ftruncate: pass a signed offset 2024-07-05 09:34:04 +02:00
pipe.c fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() 2024-04-10 16:35:57 +02:00
pnode.c
pnode.h
posix_acl.c fs: convert to ctime accessor functions 2023-07-13 10:28:04 +02:00
proc_namespace.c
read_write.c fs: Fix one kernel-doc comment 2023-08-15 08:32:45 +02:00
readdir.c vfs: get rid of old '->iterate' directory operation 2023-08-06 15:08:35 +02:00
remap_range.c
select.c fs/select: rework stack allocation hack for clang 2024-03-26 18:19:17 -04:00
seq_file.c
signalfd.c
splice.c - Some swap cleanups from Ma Wupeng ("fix WARN_ON in add_to_avail_list") 2023-08-29 14:25:26 -07:00
stack.c fs: convert to ctime accessor functions 2023-07-13 10:28:04 +02:00
stat.c fs: Pass AT_GETATTR_NOSEC flag to getattr interface function 2023-12-03 07:33:03 +01:00
statfs.c
super.c fs: Convert to bdev_open_by_dev() 2024-08-19 06:04:25 +02:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c Fix userfaultfd_api to return EINVAL as expected 2024-07-18 13:21:22 +02:00
utimes.c
xattr.c tmpfs,xattr: GFP_KERNEL_ACCOUNT for simple xattrs 2023-08-22 10:57:46 +02:00