From patchwork Tue Apr 25 08:40:16 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Qu Wenruo <quwenruo@cn.fujitsu.com>
X-Patchwork-Id: 9697717
Return-Path: <linux-btrfs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D826E6020A for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Tue, 25 Apr 2017 08:40:47 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AA92B20008
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Tue, 25 Apr 2017 08:40:47 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9F2DD2818A; Tue, 25 Apr 2017 08:40:47 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 371AE20008
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Tue, 25 Apr 2017 08:40:47 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S980945AbdDYIkj (ORCPT
	<rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
	Tue, 25 Apr 2017 04:40:39 -0400
Received: from cn.fujitsu.com ([59.151.112.132]:43447 "EHLO
	heian.cn.fujitsu.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org
	with ESMTP id S1428266AbdDYIk3 (ORCPT
	<rfc822;linux-btrfs@vger.kernel.org>);
	Tue, 25 Apr 2017 04:40:29 -0400
X-IronPort-AV: E=Sophos;i="5.22,518,1449504000"; d="scan'208";a="18129694"
Received: from unknown (HELO cn.fujitsu.com) ([10.167.33.5])
	by heian.cn.fujitsu.com with ESMTP; 25 Apr 2017 16:40:23 +0800
Received: from G08CNEXCHPEKD01.g08.fujitsu.local (unknown [10.167.33.80])
	by cn.fujitsu.com (Postfix) with ESMTP id 73BF647E6343;
	Tue, 25 Apr 2017 16:40:18 +0800 (CST)
Received: from localhost.localdomain (10.167.226.34) by
	G08CNEXCHPEKD01.g08.fujitsu.local (10.167.33.89) with Microsoft SMTP
	Server (TLS) id 14.3.319.2; Tue, 25 Apr 2017 16:40:17 +0800
From: Qu Wenruo <quwenruo@cn.fujitsu.com>
To: <linux-btrfs@vger.kernel.org>, <dsterba@suse.cz>
Subject: [PATCH] btrfs-progs: Use more restrict check to read out tree root
Date: Tue, 25 Apr 2017 16:40:16 +0800
Message-ID: <20170425084016.26278-1-quwenruo@cn.fujitsu.com>
X-Mailer: git-send-email 2.12.2
MIME-Version: 1.0
X-Originating-IP: [10.167.226.34]
X-yoursite-MailScanner-ID: 73BF647E6343.ADBD8
X-yoursite-MailScanner: Found to be clean
X-yoursite-MailScanner-From: quwenruo@cn.fujitsu.com
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

For fuzzed image bko-156811-bad-parent-ref-qgroup-verify.raw, it cause
qgroup to report -ENOMEM.

But the fact is, such image is heavy damaged so there is not valid root
item for extent tree.

Normal extent tree key in root tree should be (EXTENT_TREE ROOT_ITEM 0),
while in that fuzzed image, we got (EXTENT_TREE EXXTENT_DATA SOME_NUMBER).

It's btrfs_find_last_root() that only checks the objectid, not caring
key type leads to such problem.

Fix by doing extra check on key type for such case.

Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
---
 root-tree.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/root-tree.c b/root-tree.c
index ab01a140..6b8f8c1c 100644
--- a/root-tree.c
+++ b/root-tree.c
@@ -51,7 +51,8 @@ int btrfs_find_last_root(struct btrfs_root *root, u64 objectid,
 	l = path->nodes[0];
 	slot = path->slots[0] - 1;
 	btrfs_item_key_to_cpu(l, &found_key, slot);
-	if (found_key.objectid != objectid) {
+	if (found_key.type != BTRFS_ROOT_ITEM_KEY ||
+	    found_key.objectid != objectid) {
 		ret = -ENOENT;
 		goto out;
 	}