Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-29 17:25:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-6.1.y
linux-stable/fs/btrfs
History
Qu Wenruo 0323e6b113 btrfs: tree-checker: reject inline extent items with 0 ref count 
commit dfb92681a1 upstream.

[BUG]
There is a bug report in the mailing list where btrfs_run_delayed_refs()
failed to drop the ref count for logical 25870311358464 num_bytes
2113536.

The involved leaf dump looks like this:

  item 166 key (25870311358464 168 2113536) itemoff 10091 itemsize 50
    extent refs 1 gen 84178 flags 1
    ref#0: shared data backref parent 32399126528000 count 0 <<<
    ref#1: shared data backref parent 31808973717504 count 1

Notice the count number is 0.

[CAUSE]
There is no concrete evidence yet, but considering 0 -> 1 is also a
single bit flipped, it's possible that hardware memory bitflip is
involved, causing the on-disk extent tree to be corrupted.

[FIX]
To prevent us reading such corrupted extent item, or writing such
damaged extent item back to disk, enhance the handling of
BTRFS_EXTENT_DATA_REF_KEY and BTRFS_SHARED_DATA_REF_KEY keys for both
inlined and key items, to detect such 0 ref count and reject them.

CC: stable@vger.kernel.org # 5.4+
Link: https://lore.kernel.org/linux-btrfs/7c69dd49-c346-4806-86e7-e6f863a66f48@app.fastmail.com/
Reported-by: Frankie Fisher <frankie@terrorise.me.uk>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-12-27 13:52:59 +01:00
..
tests btrfs: tests: allocate dummy fs_info and root in test_find_delalloc() 2024-08-29 17:30:37 +02:00
acl.c btrfs: reserve correct number of items for inode creation 2022-05-16 17:03:08 +02:00
async-thread.c btrfs: simplify WQ_HIGHPRI handling in struct btrfs_workqueue 2022-05-16 17:03:15 +02:00
async-thread.h btrfs: remove unused typedefs get_extent_t and btrfs_work_func_t 2022-07-25 17:45:36 +02:00
backref.c btrfs: fix information leak in btrfs_ioctl_logical_to_ino() 2024-05-02 16:29:28 +02:00
backref.h btrfs: ignore fiemap path cache if we have multiple leaves for a data extent 2022-10-11 14:48:07 +02:00
block-group.c btrfs: zoned: fix zone unusable accounting for freed reserved extent 2024-11-01 01:56:06 +01:00
block-group.h btrfs: add and use helper to check if block group is used 2024-02-23 09:12:28 +01:00
block-rsv.c btrfs: calculate the right space for delayed refs when updating global reserve 2024-09-30 16:23:55 +02:00
block-rsv.h btrfs: calculate the right space for delayed refs when updating global reserve 2024-09-30 16:23:55 +02:00
btrfs_inode.h btrfs: use a runtime flag to indicate an inode is a free space inode 2022-09-26 12:28:07 +02:00
check-integrity.c fs/btrfs: Use the enum req_op and blk_opf_t types 2022-07-14 12:14:32 -06:00
check-integrity.h btrfs: check-integrity: split submit_bio from btrfsic checking 2022-05-16 17:03:12 +02:00
compression.c btrfs: fix extent map use-after-free when adding pages to compressed bio 2024-09-04 13:25:00 +02:00
compression.h for-5.20-tag 2022-08-03 14:54:52 -07:00
ctree.c btrfs: add a sanity check for btrfs root in btrfs_search_slot() 2024-12-14 19:54:10 +01:00
ctree.h btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations 2024-12-14 19:53:56 +01:00
delalloc-space.c btrfs: don't reserve space for checksums when writing to nocow files 2024-02-23 09:12:29 +01:00
delalloc-space.h btrfs: add the ability to use NO_FLUSH for data reservations 2022-09-29 17:08:28 +02:00
delayed-inode.c btrfs: change BUG_ON to assertion when checking for delayed_node root 2024-08-29 17:30:37 +02:00
delayed-inode.h btrfs: fix infinite directory reads 2024-01-31 16:17:05 -08:00
delayed-ref.c btrfs: reinitialize delayed ref list after deleting it from the list 2024-11-14 13:15:17 +01:00
delayed-ref.h btrfs: calculate the right space for delayed refs when updating global reserve 2024-09-30 16:23:55 +02:00
dev-replace.c btrfs: dev-replace: properly validate device names 2024-03-06 14:45:10 +00:00
dev-replace.h btrfs: add struct declarations in dev-replace.h 2022-09-26 12:28:07 +02:00
dir-item.c btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item() 2024-11-01 01:56:06 +01:00
discard.c btrfs: hold block group refcount during async discard 2023-03-10 09:34:06 +01:00
discard.h btrfs: cleanup btrfs_discard_update_discardable usage 2020-12-08 15:54:02 +01:00
disk-io.c btrfs: wait for fixup workers before stopping cleaner kthread during umount 2024-10-17 15:22:02 +02:00
disk-io.h btrfs: fix double free of anonymous device after snapshot creation failure 2024-03-06 14:45:10 +00:00
export.c btrfs: export: handle invalid inode or root reference in btrfs_get_parent() 2024-04-13 13:05:01 +02:00
export.h btrfs: fix type of parameter generation in btrfs_get_dentry 2022-10-24 15:28:58 +02:00
extent_io.c btrfs: replace sb::s_blocksize by fs_info::sectorsize 2024-08-29 17:30:42 +02:00
extent_io.h btrfs: move extent io tree unrelated prototypes to their appropriate header 2022-09-26 12:28:04 +02:00
extent_map.c btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() 2024-06-21 14:35:38 +02:00
extent_map.h btrfs: get the next extent map during fiemap/lseek more efficiently 2023-04-26 14:28:38 +02:00
extent-io-tree.c btrfs: fix off-by-one in delalloc search during lseek 2023-01-12 12:01:56 +01:00
extent-io-tree.h btrfs: stop tracking failed reads in the I/O tree 2022-09-26 12:28:05 +02:00
extent-tree.c btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() 2024-12-14 19:54:17 +01:00
file-item.c btrfs: mark the len field in struct btrfs_ordered_sum as unsigned 2024-01-10 17:10:35 +01:00
file.c btrfs: fix race between direct IO write and fsync when using same fd 2024-09-12 11:10:29 +02:00
free-space-cache.c btrfs: zoned: properly take lock to read/update block group's zoned variables 2024-08-29 17:30:15 +02:00
free-space-cache.h btrfs: remove use btrfs_remove_free_space_cache instead of variant 2022-09-26 12:27:58 +02:00
free-space-tree.c btrfs: convert btrfs_block_group::needs_free_space to runtime flag 2023-08-23 17:52:28 +02:00
free-space-tree.h btrfs: make clear_cache mount option to rebuild FST without disabling it 2023-05-17 11:53:42 +02:00
inode-item.c btrfs: use struct fscrypt_str instead of struct qstr 2023-10-10 22:00:36 +02:00
inode-item.h btrfs: use struct fscrypt_str instead of struct qstr 2023-10-10 22:00:36 +02:00
inode.c btrfs: fix missing snapshot drew unlock when root is dead during swap activation 2024-12-14 19:54:50 +01:00
ioctl.c btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations 2024-12-14 19:53:56 +01:00
Kconfig btrfs: use generic Kconfig option for 256kB page size limit 2022-01-20 08:52:55 +02:00
locking.c btrfs: add block-group tree to lockdep classes 2023-07-19 16:22:13 +02:00
locking.h btrfs: implement a nowait option for tree searches 2022-09-26 12:46:42 +02:00
lzo.c btrfs: replace kmap() with kmap_local_page() in lzo.c 2022-07-25 17:45:33 +02:00
Makefile btrfs: move extent state init and alloc functions to their own file 2022-09-26 12:28:03 +02:00
misc.h btrfs: convert the io_failure_tree to a plain rb_tree 2022-09-26 12:28:02 +02:00
ordered-data.c btrfs: fix qgroup_free_reserved_data int overflow 2024-01-10 17:10:35 +01:00
ordered-data.h btrfs: mark the len field in struct btrfs_ordered_sum as unsigned 2024-01-10 17:10:35 +01:00
orphan.c
print-tree.c btrfs: avoid using fixed char array size for tree names 2024-08-14 13:52:59 +02:00
print-tree.h btrfs: print the actual offset in btrfs_root_name 2021-01-07 17:25:05 +01:00
props.c btrfs: remove the unnecessary result variables 2022-09-26 12:28:00 +02:00
props.h btrfs: move common inode creation code into btrfs_create_new_inode() 2022-05-16 17:03:08 +02:00
qgroup.c btrfs: run delayed iputs when flushing delalloc 2024-09-04 13:24:55 +02:00
qgroup.h btrfs: fix qgroup_free_reserved_data int overflow 2024-01-10 17:10:35 +01:00
raid56.c btrfs: raid56: avoid double freeing for rbio if full_stripe_write() failed 2022-10-24 15:26:56 +02:00
raid56.h btrfs: properly abstract the parity raid bio handling 2022-09-26 12:27:59 +02:00
rcu-string.h btrfs: replace strncpy() with strscpy() 2023-01-12 12:01:55 +01:00
ref-verify.c btrfs: ref-verify: fix use-after-free after invalid ref action 2024-12-14 19:54:10 +01:00
ref-verify.h btrfs: ref-verify: Use btrfs_ref to refactor btrfs_ref_tree_mod() 2019-04-29 19:02:49 +02:00
reflink.c btrfs: replace sb::s_blocksize by fs_info::sectorsize 2024-08-29 17:30:42 +02:00
reflink.h Btrfs: move all reflink implementation code into its own file 2020-03-23 17:01:54 +01:00
relocation.c btrfs: fix a NULL pointer dereference when failed to start a new trasacntion 2024-10-17 15:22:01 +02:00
root-tree.c btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations 2024-12-14 19:53:56 +01:00
scrub.c btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation warning 2024-07-11 12:47:10 +02:00
send.c btrfs: send: fix invalid clone operation for file that got its size decreased 2024-10-17 15:22:02 +02:00
send.h btrfs: send: allow protocol version 3 with CONFIG_BTRFS_DEBUG 2022-10-11 14:46:55 +02:00
space-info.c btrfs: zoned: fix zone_unusable accounting on making block group read-write again 2024-08-11 12:36:00 +02:00
space-info.h btrfs: zoned: fix zone_unusable accounting on making block group read-write again 2024-08-11 12:36:00 +02:00
struct-funcs.c btrfs: remove redundant check in up check_setget_bounds 2022-07-25 17:45:33 +02:00
subpage.c btrfs: convert process_page_range() to use filemap_get_folios_contig() 2022-09-11 20:26:03 -07:00
subpage.h btrfs: make nodesize >= PAGE_SIZE case to reuse the non-subpage routine 2022-05-16 17:03:11 +02:00
super.c btrfs: replace sb::s_blocksize by fs_info::sectorsize 2024-08-29 17:30:42 +02:00
sysfs.c btrfs: sysfs: validate scrub_speed_max value 2024-01-31 16:16:58 -08:00
sysfs.h btrfs: split and refactor btrfs_sysfs_remove_devices_dir 2020-10-07 12:12:21 +02:00
transaction.c btrfs: do not BUG_ON on failure to get dir index for new snapshot 2024-07-27 11:32:19 +02:00
transaction.h btrfs: fix race between direct IO write and fsync when using same fd 2024-09-12 11:10:29 +02:00
tree-checker.c btrfs: tree-checker: reject inline extent items with 0 ref count 2024-12-27 13:52:59 +01:00
tree-checker.h btrfs: tree-checker: check extent buffer owner against owner rootid 2022-05-16 17:03:09 +02:00
tree-defrag.c btrfs: move the auto defrag code to defrag.c 2023-02-22 12:59:40 +01:00
tree-log.c btrfs: fix uninitialized pointer free on read_alloc_one_name() error 2024-10-22 15:56:39 +02:00
tree-log.h btrfs: use struct fscrypt_str instead of struct qstr 2023-10-10 22:00:36 +02:00
tree-mod-log.c btrfs: fix race when picking most recent mod log operation for an old root 2021-04-20 19:27:17 +02:00
tree-mod-log.h btrfs: add and use helper to get lowest sequence number for the tree mod log 2021-04-19 17:25:17 +02:00
ulist.c
ulist.h
uuid-tree.c btrfs: drop the _nr from the item helpers 2022-01-03 15:09:43 +01:00
verity.c btrfs: send: add support for fs-verity 2022-09-26 12:27:55 +02:00
volumes.c btrfs: do not clear read-only when adding sprout device 2024-12-14 19:54:37 +01:00
volumes.h btrfs: add a helper to read the superblock metadata_uuid 2023-09-23 11:11:08 +02:00
xattr.c btrfs: check if root is readonly while setting security xattr 2022-08-22 18:06:30 +02:00
xattr.h btrfs: cleanup btrfs_setxattr_trans and drop transaction parameter 2019-04-29 19:02:44 +02:00
zlib.c btrfs: zlib: zero-initialize zlib workspace 2023-02-14 19:11:40 +01:00
zoned.c btrfs: zoned: fix missing RCU locking in error message when loading zone info 2024-10-17 15:22:22 +02:00
zoned.h btrfs: zoned: clone zoned device info when cloning a device 2022-11-07 14:35:21 +01:00
zstd.c btrfs: zstd: replace kmap() with kmap_local_page() 2022-07-25 17:45:40 +02:00