| Message ID | a8cb7544a9369a309212cf648facc4cf51199616.1717479367.git.wqu@suse.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | btrfs-progs: error out immediately if an unknown backref type is hit | expand |
On Tue, Jun 04, 2024 at 03:06:22PM +0930, Qu Wenruo wrote: > There is a bug report that for fuzzed image > bko-155621-bad-block-group-offset.raw, "btrfs check --mode=lowmem > --repair" would lead to a deadloop. > > Unlike original mode, lowmem mode relies on the backref walk to properly > go through each root, but unfortunately inside __add_inline_refs() we > doesn't handle unknown backref types correctly, causing it never moving > forward thus deadloop. > > Fix it by erroring out to prevent deadloop. > > Issue: #788 > Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: Josef Bacik <josef@toxicpanda.com> Thanks, Josef
diff --git a/kernel-shared/backref.c b/kernel-shared/backref.c index 89ccf073fca7..f46f3267e144 100644 --- a/kernel-shared/backref.c +++ b/kernel-shared/backref.c @@ -650,7 +650,8 @@ static int __add_inline_refs(struct btrfs_fs_info *fs_info, break; } default: - WARN_ON(1); + error("invalid backref type: %u", type); + ret = -EUCLEAN; } if (ret) return ret;
There is a bug report that for fuzzed image bko-155621-bad-block-group-offset.raw, "btrfs check --mode=lowmem --repair" would lead to a deadloop. Unlike original mode, lowmem mode relies on the backref walk to properly go through each root, but unfortunately inside __add_inline_refs() we doesn't handle unknown backref types correctly, causing it never moving forward thus deadloop. Fix it by erroring out to prevent deadloop. Issue: #788 Signed-off-by: Qu Wenruo <wqu@suse.com> --- kernel-shared/backref.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)