btrfs: validate type when reading a chunk

commit 315409b0098fb2651d86553f0436b70502b29bb2 upstream.

Reported in https://bugzilla.kernel.org/show_bug.cgi?id=199839, with an
image that has an invalid chunk type but does not return an error.

Add chunk type check in btrfs_check_chunk_valid, to detect the wrong
type combinations.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=199839
Reported-by: Xu Wen <wen.xu@gatech.edu>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Gu Jinxiang <gujx@cn.fujitsu.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 4.4: Use root->fs_info instead of fs_info]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index da94d2fc1419d0314edec0745a2de4f2fba60d1c..5e8fe8f3942db88ebce6a9d2ce969966941e24a6 100644 (file)
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -6218,6 +6218,8 @@ static int btrfs_check_chunk_valid(struct btrfs_root *root,
        u16 num_stripes;
        u16 sub_stripes;
        u64 type;
+       u64 features;
+       bool mixed = false;
 
        length = btrfs_chunk_length(leaf, chunk);
        stripe_len = btrfs_chunk_stripe_len(leaf, chunk);
@@ -6258,6 +6260,32 @@ static int btrfs_check_chunk_valid(struct btrfs_root *root,
                          btrfs_chunk_type(leaf, chunk));
                return -EIO;
        }
+
+       if ((type & BTRFS_BLOCK_GROUP_TYPE_MASK) == 0) {
+               btrfs_err(root->fs_info, "missing chunk type flag: 0x%llx", type);
+               return -EIO;
+       }
+
+       if ((type & BTRFS_BLOCK_GROUP_SYSTEM) &&
+           (type & (BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_DATA))) {
+               btrfs_err(root->fs_info,
+                       "system chunk with data or metadata type: 0x%llx", type);
+               return -EIO;
+       }
+
+       features = btrfs_super_incompat_flags(root->fs_info->super_copy);
+       if (features & BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS)
+               mixed = true;
+
+       if (!mixed) {
+               if ((type & BTRFS_BLOCK_GROUP_METADATA) &&
+                   (type & BTRFS_BLOCK_GROUP_DATA)) {
+                       btrfs_err(root->fs_info,
+                       "mixed chunk type in non-mixed mode: 0x%llx", type);
+                       return -EIO;
+               }
+       }
+
        if ((type & BTRFS_BLOCK_GROUP_RAID10 && sub_stripes != 2) ||
            (type & BTRFS_BLOCK_GROUP_RAID1 && num_stripes < 1) ||
            (type & BTRFS_BLOCK_GROUP_RAID5 && num_stripes < 2) ||