| commit | 66b8c06f936598895397b92b2ab82b77ac642f66 | |
| author | Qu Wenruo <quwenruo@cn.fujitsu.com> | |
| Tue, 15 Dec 2015 01:14:37 +0000 (15 09:14 +0800) | ||
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| Wed, 16 Jan 2019 21:16:06 +0000 (16 22:16 +0100) | ||
| tree | e7ebf6c514f02058073fbf659a813336b85193ec | treesnapshot (tar.gz zip) |
| parent | 67405a1e780c38b54c980a47f1cd5d9b633a60f2 | commitdiff |
btrfs: Enhance chunk validation check
commit f04b772bfc17f502703794f4d100d12155c1a1a9 upstream.
Enhance chunk validation:
1) Num_stripes
We already have such check but it's only in super block sys chunk
array.
Now check all on-disk chunks.
2) Chunk logical
It should be aligned to sector size.
This behavior should be *DOUBLE CHECKED* for 64K sector size like
PPC64 or AArch64.
Maybe we can found some hidden bugs.
3) Chunk length
Same as chunk logical, should be aligned to sector size.
4) Stripe length
It should be power of 2.
5) Chunk type
Any bit out of TYPE_MAS | PROFILE_MASK is invalid.
With all these much restrict rules, several fuzzed image reported in
mail list should no longer cause kernel panic.
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f04b772bfc17f502703794f4d100d12155c1a1a9 upstream.
Enhance chunk validation:
1) Num_stripes
We already have such check but it's only in super block sys chunk
array.
Now check all on-disk chunks.
2) Chunk logical
It should be aligned to sector size.
This behavior should be *DOUBLE CHECKED* for 64K sector size like
PPC64 or AArch64.
Maybe we can found some hidden bugs.
3) Chunk length
Same as chunk logical, should be aligned to sector size.
4) Stripe length
It should be power of 2.
5) Chunk type
Any bit out of TYPE_MAS | PROFILE_MASK is invalid.
With all these much restrict rules, several fuzzed image reported in
mail list should no longer cause kernel panic.
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| fs/btrfs/volumes.c | diffblobblamehistory |