From patchwork Fri Jan 10 14:50:02 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eryu Guan <guaneryu@gmail.com>
X-Patchwork-Id: 3466781
Return-Path: <linux-btrfs-owner@kernel.org>
X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id B408AC02DC
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Fri, 10 Jan 2014 14:50:43 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 9395F20122
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Fri, 10 Jan 2014 14:50:42 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id F2C7920127
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Fri, 10 Jan 2014 14:50:37 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752844AbaAJOub (ORCPT
	<rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
	Fri, 10 Jan 2014 09:50:31 -0500
Received: from mail-pd0-f173.google.com ([209.85.192.173]:46910 "EHLO
	mail-pd0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751202AbaAJOu2 (ORCPT
	<rfc822;linux-btrfs@vger.kernel.org>);
	Fri, 10 Jan 2014 09:50:28 -0500
Received: by mail-pd0-f173.google.com with SMTP id p10so4647797pdj.18
	for <linux-btrfs@vger.kernel.org>;
	Fri, 10 Jan 2014 06:50:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=URkhz6TRWiP9v+Klibu/Wowbd7lD0OiEvm7YiyGpCPk=;
	b=fNqgjzEvHluKjv4ltd9ixq5Txw6zZKvSdlHM6/towHCPo45NxL7V9SDVlQB7e1KV/b
	Tc0TXQwhNECDCAoO0hgD7Qn9tcfuLsL8JpbA3zxHArdDZqjxaQaNeApc4YcfJHCdc5DC
	DTVQbqhyan11VscnSDdoW5wNEYlWXpdjRULY9CFfirLknhzjK/vbft2uzZKX+OXNULuN
	YjUB01qfcxr+gDuB6OZl0eV8Pcdy1Nu7JiHRMDeciE2PUxXuhJ9SW79ZiJ5hR5LoBWMg
	+2FqRUQ0dERX2T9YAl4kagzst0LCvWi/T09fgdCrkR3MFynVy7Wbe4MU8TlUaewIaegC
	dYqg==
X-Received: by 10.68.239.70 with SMTP id vq6mr11653668pbc.152.1389365427081;
	Fri, 10 Jan 2014 06:50:27 -0800 (PST)
Received: from localhost ([61.51.139.182]) by mx.google.com with ESMTPSA id
	ns7sm7709910pbc.32.2014.01.10.06.50.24 for <multiple recipients>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 10 Jan 2014 06:50:26 -0800 (PST)
From: Eryu Guan <guaneryu@gmail.com>
To: linux-btrfs@vger.kernel.org
Cc: Eryu Guan <guaneryu@gmail.com>
Subject: [PATCH] Btrfs-progs: check return value of read_tree_block() in
	check_chunks_and_extents()
Date: Fri, 10 Jan 2014 22:50:02 +0800
Message-Id: <1389365402-1866-1-git-send-email-guaneryu@gmail.com>
X-Mailer: git-send-email 1.8.4.2
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The following steps could trigger btrfs segfault:

mkfs -t btrfs -m raid5 -d raid5 /dev/loop{0..3}
losetup -d /dev/loop2
btrfs check /dev/loop0

The reason is that read_tree_block() returns NULL and
add_root_to_pending() dereferences it without checking it first.

Also replace a BUG_ON with proper error checking.

Signed-off-by: Eryu Guan <guaneryu@gmail.com>
---
 cmds-check.c       | 6 +++++-
 disk-io.c          | 5 ++++-
 free-space-cache.c | 2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/cmds-check.c b/cmds-check.c
index a65670e..1059c0a 100644
--- a/cmds-check.c
+++ b/cmds-check.c
@@ -5513,7 +5513,11 @@ again:
 			buf = read_tree_block(root->fs_info->tree_root,
 					      btrfs_root_bytenr(&ri),
 					      btrfs_level_size(root,
-					       btrfs_root_level(&ri)), 0);
+					      btrfs_root_level(&ri)), 0);
+			if (!buf) {
+				ret = -EIO;
+				goto out;
+			}
 			add_root_to_pending(buf, &extent_cache, &pending,
 					    &seen, &nodes, &found_key);
 			free_extent_buffer(buf);
diff --git a/disk-io.c b/disk-io.c
index 0af3898..b0a8d01 100644
--- a/disk-io.c
+++ b/disk-io.c
@@ -644,7 +644,10 @@ out:
 	blocksize = btrfs_level_size(root, btrfs_root_level(&root->root_item));
 	root->node = read_tree_block(root, btrfs_root_bytenr(&root->root_item),
 				     blocksize, generation);
-	BUG_ON(!root->node);
+	if (!root->node) {
+		free(root);
+		return ERR_PTR(-EIO);
+	}
 insert:
 	root->ref_cows = 1;
 	return root;
diff --git a/free-space-cache.c b/free-space-cache.c
index ddeeeb6..899a766 100644
--- a/free-space-cache.c
+++ b/free-space-cache.c
@@ -435,7 +435,7 @@ int load_free_space_cache(struct btrfs_fs_info *fs_info,
 	if (ret < 0) {
 		ret = 0;
 
-		printf("failed to load free space cache for block group %llu",
+		printf("failed to load free space cache for block group %llu\n",
 			block_group->key.objectid);
 	}