git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Qu Wenruo <quwenruo@cn.fujitsu.com>
	Tue, 15 Dec 2015 01:14:37 +0000 (09:14 +0800)
committer	Ben Hutchings <ben@decadent.org.uk>
	Tue, 28 Apr 2020 18:02:24 +0000 (19:02 +0100)
commit	6a467e9388f3e81c2e3923d1b66eaa868a38b7c8
tree	fc3d5493fcd7973385152e09a4ea56cc4b76ad24	tree
parent	901c0db7822868f921ac48a5f0aa91d4b91539a7	commit \| diff

btrfs: Enhance chunk validation check

commit f04b772bfc17f502703794f4d100d12155c1a1a9 upstream.

Enhance chunk validation:
1) Num_stripes
   We already have such check but it's only in super block sys chunk
   array.
   Now check all on-disk chunks.

2) Chunk logical
   It should be aligned to sector size.
   This behavior should be *DOUBLE CHECKED* for 64K sector size like
   PPC64 or AArch64.
   Maybe we can found some hidden bugs.

3) Chunk length
   Same as chunk logical, should be aligned to sector size.

4) Stripe length
   It should be power of 2.

5) Chunk type
   Any bit out of TYPE_MAS | PROFILE_MASK is invalid.

With all these much restrict rules, several fuzzed image reported in
mail list should no longer cause kernel panic.

Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>