git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Johannes Thumshirn <jthumshirn@suse.de>
	Mon, 18 Feb 2019 10:28:37 +0000 (11:28 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 23 Mar 2019 19:10:00 +0000 (20:10 +0100)
commit	1a00f7fd0fbf87faca8737e45193bada759744cb
tree	4507ecc6b3400a34c20743f7d861d0b11cf1365c	tree \| snapshot
parent	6e24f5a1ebb199c8dcd84f7b91fe8ba120ecfe32	commit \| diff

btrfs: ensure that a DUP or RAID1 block group has exactly two stripes

commit 349ae63f40638a28c6fce52e8447c2d14b84cc0c upstream.

We recently had a customer issue with a corrupted filesystem. When
trying to mount this image btrfs panicked with a division by zero in
calc_stripe_length().

The corrupt chunk had a 'num_stripes' value of 1. calc_stripe_length()
takes this value and divides it by the number of copies the RAID profile
is expected to have to calculate the amount of data stripes. As a DUP
profile is expected to have 2 copies this division resulted in 1/2 = 0.
Later then the 'data_stripes' variable is used as a divisor in the
stripe length calculation which results in a division by 0 and thus a
kernel panic.

When encountering a filesystem with a DUP block group and a
'num_stripes' value unequal to 2, refuse mounting as the image is
corrupted and will lead to unexpected behaviour.

Code inspection showed a RAID1 block group has the same issues.

Fixes: e06cd3dd7cea ("Btrfs: add validadtion checks for chunk loading")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>