diff mbox series

btrfs: fix uninitialized return value in the ref-verify tool

Message ID 612bf950d478214e8b76bdd7c22dd6a991337b15.1719143259.git.fdmanana@suse.com (mailing list archive)
State New, archived
Headers show
Series btrfs: fix uninitialized return value in the ref-verify tool | expand

Commit Message

Filipe Manana June 23, 2024, 11:50 a.m. UTC 
From: Filipe Manana <fdmanana@suse.com>

In the ref-verify tool, when processing the inline references of an extent
item, we may end up returning with uninitialized return value, because:

1) The 'ret' variable is not initialized if there are no inline extent
   references ('ptr' == 'end' before the while loop starts);

2) If we find an extent owner inline reference we don't initialize 'ret'.

So fix these cases by initializing 'ret' to 0 when declaring the variable
and set it to -EINVAL if we find an extent owner inline references and
simple quotas are not enabled (as well as print an error message).

Reported-by: Mirsad Todorovac <mtodorovac69@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/59b40ebe-c824-457d-8b24-0bbca69d472b@gmail.com/
Signed-off-by: Filipe Manana <fdmanana@suse.com>
---
 fs/btrfs/ref-verify.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

Comments

David Sterba June 24, 2024, 3:50 p.m. UTC | #1 
On Sun, Jun 23, 2024 at 12:50:26PM +0100, fdmanana@kernel.org wrote:
> From: Filipe Manana <fdmanana@suse.com>
> 
> In the ref-verify tool, when processing the inline references of an extent
> item, we may end up returning with uninitialized return value, because:
> 
> 1) The 'ret' variable is not initialized if there are no inline extent
>    references ('ptr' == 'end' before the while loop starts);
> 
> 2) If we find an extent owner inline reference we don't initialize 'ret'.
> 
> So fix these cases by initializing 'ret' to 0 when declaring the variable
> and set it to -EINVAL if we find an extent owner inline references and
> simple quotas are not enabled (as well as print an error message).
> 
> Reported-by: Mirsad Todorovac <mtodorovac69@gmail.com>
> Link: https://lore.kernel.org/linux-btrfs/59b40ebe-c824-457d-8b24-0bbca69d472b@gmail.com/
> Signed-off-by: Filipe Manana <fdmanana@suse.com>

Reviewed-by: David Sterba <dsterba@suse.com>
diff mbox series

Patch

diff --git a/fs/btrfs/ref-verify.c b/fs/btrfs/ref-verify.c
index cf531255ab76..9522a8b79d22 100644
--- a/fs/btrfs/ref-verify.c
+++ b/fs/btrfs/ref-verify.c
@@ -441,7 +441,8 @@  static int process_extent_item(struct btrfs_fs_info *fs_info,
 	u32 item_size = btrfs_item_size(leaf, slot);
 	unsigned long end, ptr;
 	u64 offset, flags, count;
-	int type, ret;
+	int type;
+	int ret = 0;
 
 	ei = btrfs_item_ptr(leaf, slot, struct btrfs_extent_item);
 	flags = btrfs_extent_flags(leaf, ei);
@@ -486,7 +487,11 @@  static int process_extent_item(struct btrfs_fs_info *fs_info,
 						  key->objectid, key->offset);
 			break;
 		case BTRFS_EXTENT_OWNER_REF_KEY:
-			WARN_ON(!btrfs_fs_incompat(fs_info, SIMPLE_QUOTA));
+			if (!btrfs_fs_incompat(fs_info, SIMPLE_QUOTA)) {
+				btrfs_err(fs_info,
+			  "found extent owner ref without simple quotas enabled");
+				ret = -EINVAL;
+			}
 			break;
 		default:
 			btrfs_err(fs_info, "invalid key type in iref");